Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random popups


  • This topic is locked This topic is locked
20 replies to this topic

#1 hasnain721

hasnain721

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 June 2013 - 05:14 PM

Hi,

 

Following my posts from this topic:

http://www.bleepingcomputer.com/forums/t/497470/random-popups/

 

 

 

Kindly find :

 

DDS.txt

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Hasnain at 23:10:12 on 2013-06-23
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.7990.5172 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\SysWOW64\lkads.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\system32\vcsFPService.exe
C:\WINDOWS\SysWOW64\vmnat.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\WINDOWS\SysWOW64\lkcitdl.exe
C:\WINDOWS\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\xampp\xampp-control.exe
C:\WINDOWS\system32\CNAB4RPD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\xampp\apache\bin\httpd.exe
C:\xampp\apache\bin\httpd.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16613_none_6273bd8950d6cae2\TiWorker.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Hasnain\AppData\Local\TopArcadeHits\Toparcadehits.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
uRun: [Google Update] "C:\Users\Hasnain\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 2057
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [NI Update Service] "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\Hasnain\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Hasnain\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CANONL~1.LNK - C:\WINDOWS\System32\spool\drivers\x64\3\CNAB4LAD.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: HideFastUserSwitching = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{A69CFA4C-DAD6-498C-8152-7D4F610BF952} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{A69CFA4C-DAD6-498C-8152-7D4F610BF952}\14E64627F6964684F6473707F64733432353 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{A69CFA4C-DAD6-498C-8152-7D4F610BF952}\47D6F62696C656 : DHCPNameServer = 10.1.1.2
TCP: Interfaces\{A69CFA4C-DAD6-498C-8152-7D4F610BF952}\56465727F616D6 : DHCPNameServer = 128.40.200.1 128.40.200.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-mPolicies-Explorer: EnableShellExecuteHooks = dword:1
x64-mPolicies-System: HideFastUserSwitching = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hasnain\AppData\Roaming\Mozilla\Firefox\Profiles\7awkijba.default-1371983851820\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Hasnain\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Hasnain\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Hasnain\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Hasnain\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Hasnain\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll
FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-26 23:17; {0113D088-8ED1-468C-B225-585A9C53B5E3}; C:\Users\Hasnain\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\Drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\Drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\Drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\Drivers\avgrkx64.sys [2013-2-8 45880]
R0 RapportHades64;RapportHades64;C:\WINDOWS\System32\Drivers\RapportHades64.sys [2012-12-12 208152]
R0 vsock;vSockets Driver;C:\WINDOWS\System32\Drivers\vsock.sys [2013-2-17 70296]
R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\Drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\Drivers\avgldx64.sys [2013-2-8 206136]
R1 avgtp;avgtp;C:\WINDOWS\System32\Drivers\avgtpx64.sys [2012-12-11 45856]
R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\Drivers\avgwfpa.sys [2013-3-21 248120]
R1 RapportCerberus_44365;RapportCerberus_44365;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [2012-12-12 508024]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-12 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files\Motorola\Bluetooth\obexsrv.exe [2010-9-2 677128]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-30 27192]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 NINetworkDiscovery;NI Network Discovery;C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [2012-6-6 169192]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-7-26 92632]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-2 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\WINDOWS\System32\vcsFPService.exe [2010-2-23 2192176]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 Bluetooth Device Manager;Bluetooth Device Manager;C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [2010-9-2 4181256]
R3 BTMUSB;Motorola Bluetooth Radio Service;C:\WINDOWS\System32\Drivers\btmusb.sys [2010-9-2 3232768]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-2 1028096]
R3 HECIx64;Intel® Management Engine Interface;C:\WINDOWS\System32\Drivers\HECIx64.sys [2010-5-1 56344]
R3 Impcd;Impcd;C:\WINDOWS\System32\Drivers\Impcd.sys [2009-10-26 151936]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\WINDOWS\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\Drivers\avgboota.sys [2012-10-26 20912]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2013-2-13 228760]
S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2013-2-13 357272]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-11 32808]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-19 103992]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2013-2-13 1124184]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-6-23 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files\Motorola\Bluetooth\audiosrv.exe [2010-9-2 1096968]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe --> C:\cygwin\bin\cygrunsrv.exe [?]
S3 BTMCOM;Bluetooth Serial Port;C:\WINDOWS\System32\Drivers\btmcom.sys [2010-9-2 52736]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudbus.sys [2013-4-6 102936]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-4-6 37344]
S3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2012-12-12 175352]
S3 RapportKE64;RapportKE64;C:\WINDOWS\System32\Drivers\RapportKE64.sys [2012-9-8 236216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\Drivers\RtsUStor.sys [2010-9-2 232992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudmdm.sys [2013-4-6 203544]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-06-23 21:35:20 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-23 21:35:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-23 10:59:53 -------- d-----w- C:\WINDOWS\LastGood.Tmp
2013-06-23 10:13:48 -------- d-----w- C:\Users\Hasnain\AppData\Local\Deployment
2013-06-23 10:13:48 -------- d-----w- C:\Users\Hasnain\AppData\Local\Apps
2013-06-22 19:44:06 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll
2013-06-20 22:13:18 96168 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 23:03:01 -------- d-----w- C:\Program Files (x86)\ESET
2013-06-18 22:39:45 -------- d-----w- C:\WINDOWS\ERUNT
2013-06-18 22:38:44 -------- d-----w- C:\JRT
2013-06-16 16:52:18 1300992 ----a-w- C:\WINDOWS\System32\gdi32.dll
2013-06-16 16:52:18 1022464 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2013-06-16 15:09:36 888320 ----a-w- C:\WINDOWS\System32\autochk.exe
2013-06-16 15:09:36 542208 ----a-w- C:\WINDOWS\System32\untfs.dll
2013-06-16 15:09:35 793088 ----a-w- C:\WINDOWS\SysWow64\autochk.exe
2013-06-16 15:09:35 482816 ----a-w- C:\WINDOWS\SysWow64\untfs.dll
2013-06-15 17:54:17 17271808 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 17:54:15 16642560 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 17:25:14 2233600 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2013-06-15 14:27:29 1889280 ----a-w- C:\WINDOWS\System32\crypt32.dll
2013-06-15 14:27:28 68096 ----a-w- C:\WINDOWS\System32\cryptsvc.dll
2013-06-15 14:27:28 1569792 ----a-w- C:\WINDOWS\SysWow64\crypt32.dll
2013-06-15 14:27:28 141312 ----a-w- C:\WINDOWS\System32\cryptnet.dll
2013-06-15 14:27:28 1255936 ----a-w- C:\WINDOWS\System32\certutil.exe
2013-06-15 14:27:28 1013248 ----a-w- C:\WINDOWS\SysWow64\certutil.exe
2013-06-15 14:27:27 109056 ----a-w- C:\WINDOWS\SysWow64\cryptnet.dll
2013-06-15 14:04:10 733184 ----a-w- C:\WINDOWS\System32\win32spl.dll
2013-06-15 00:02:01 30720 ----a-w- C:\WINDOWS\System32\cryptdlg.dll
2013-06-15 00:02:01 25088 ----a-w- C:\WINDOWS\SysWow64\cryptdlg.dll
2013-06-11 23:05:25 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 23:05:25 -------- d-----w- C:\Program Files\iTunes
2013-06-11 23:05:25 -------- d-----w- C:\Program Files\iPod
2013-06-11 23:05:25 -------- d-----w- C:\Program Files (x86)\iTunes
2013-06-09 21:22:30 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-09 20:40:41 -------- d-----w- C:\Users\Hasnain\AppData\Roaming\Malwarebytes
2013-06-09 20:40:32 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-09 20:40:31 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2013-06-09 20:40:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-30 21:48:27 -------- d-----w- C:\Users\Hasnain\AppData\Roaming\SUPERAntiSpyware.com
2013-05-30 21:48:27 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-05-28 22:48:09 -------- d-----w- C:\xampp
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2013-05-27 19:37:44 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2013-05-26 22:44:18 -------- d-----w- C:\Program Files (x86)\AZPR
2013-05-26 22:36:41 -------- d-----w- C:\Program Files (x86)\Free RAR Password Recovery
2013-05-26 22:32:21 -------- d-----w- C:\Users\Hasnain\AppData\Roaming\KRyLack Software
2013-05-26 22:20:19 -------- d-----w- C:\Users\Hasnain\AppData\Roaming\CheckPoint
2013-05-26 22:18:55 -------- d-----w- C:\Program Files (x86)\DoNotTrackPlus
2013-05-26 22:18:19 -------- d-----w- C:\ProgramData\CheckPoint
2013-05-26 22:17:55 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2013-05-26 22:17:25 -------- d-----w- C:\Users\Hasnain\AppData\Local\TopArcadeHits
2013-05-26 11:00:05 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
.
==================== Find3M  ====================
.
2013-06-12 20:48:23 867240 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll
2013-06-12 20:48:17 789416 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll
2013-06-04 22:09:22 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09:22 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-05-20 21:31:18 45856 ----a-w- C:\WINDOWS\System32\drivers\avgtpx64.sys
2013-05-15 22:37:03 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll
2013-05-15 22:35:49 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll
2013-05-14 13:14:01 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2013-05-14 09:23:31 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2013-05-04 07:58:17 120736 ----a-w- C:\WINDOWS\System32\AuthHost.exe
2013-05-04 07:34:17 446720 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS
2013-05-04 07:34:17 213248 ----a-w- C:\WINDOWS\System32\drivers\UCX01000.SYS
2013-05-04 07:34:15 284416 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys
2013-05-04 06:59:56 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe
2013-05-04 06:59:51 1483776 ----a-w- C:\WINDOWS\System32\VSSVC.exe
2013-05-04 06:59:36 812544 ----a-w- C:\WINDOWS\System32\Magnify.exe
2013-05-04 06:59:25 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll
2013-05-04 06:59:25 251904 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll
2013-05-04 06:59:25 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll
2013-05-04 06:59:24 1619968 ----a-w- C:\WINDOWS\System32\wucltux.dll
2013-05-04 06:59:08 13644288 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2013-05-04 06:58:54 328192 ----a-w- C:\WINDOWS\System32\ubpm.dll
2013-05-04 06:58:54 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll
2013-05-04 06:58:49 173568 ----a-w- C:\WINDOWS\System32\storewuauth.dll
2013-05-04 06:58:49 1332736 ----a-w- C:\WINDOWS\System32\sysmain.dll
2013-05-04 06:58:48 330240 ----a-w- C:\WINDOWS\System32\stobject.dll
2013-05-04 06:58:28 93696 ----a-w- C:\WINDOWS\System32\psmsrv.dll
2013-05-04 06:58:02 470528 ----a-w- C:\WINDOWS\System32\netprofmsvc.dll
2013-05-04 06:58:02 151552 ----a-w- C:\WINDOWS\System32\netprofm.dll
2013-05-04 06:58:01 169984 ----a-w- C:\WINDOWS\System32\netplwiz.dll
2013-05-04 06:57:59 17408 ----a-w- C:\WINDOWS\System32\muifontsetup.dll
2013-05-04 06:57:46 560640 ----a-w- C:\WINDOWS\System32\mfmp4srcsnk.dll
2013-05-04 06:57:31 820736 ----a-w- C:\WINDOWS\System32\gpprefcl.dll
2013-05-04 06:57:15 501760 ----a-w- C:\WINDOWS\System32\DevicePairing.dll
2013-05-04 06:57:05 179712 ----a-w- C:\WINDOWS\System32\bisrv.dll
2013-05-04 06:57:05 122368 ----a-w- C:\WINDOWS\System32\biwinrt.dll
2013-05-04 06:57:04 389120 ----a-w- C:\WINDOWS\System32\BCP47Langs.dll
2013-05-04 06:57:04 2305024 ----a-w- C:\WINDOWS\System32\authui.dll
2013-05-04 06:57:00 708096 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2013-05-04 06:57:00 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2013-05-04 06:56:53 419840 ----a-w- C:\WINDOWS\System32\intl.cpl
2013-05-04 04:58:34 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe
2013-05-04 04:58:14 758784 ----a-w- C:\WINDOWS\SysWow64\Magnify.exe
2013-05-04 04:58:02 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll
2013-05-04 04:58:02 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll
2013-05-04 04:57:49 10788864 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57:39 8857088 ----a-w- C:\WINDOWS\SysWow64\twinui.dll
2013-05-04 04:57:39 247296 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll
2013-05-04 04:57:35 303616 ----a-w- C:\WINDOWS\SysWow64\stobject.dll
2013-05-04 04:57:16 18432 ----a-w- C:\WINDOWS\SysWow64\npmproxy.dll
2013-05-04 04:57:04 151040 ----a-w- C:\WINDOWS\SysWow64\netplwiz.dll
2013-05-04 04:57:04 115712 ----a-w- C:\WINDOWS\SysWow64\netprofm.dll
2013-05-04 04:57:02 14336 ----a-w- C:\WINDOWS\SysWow64\muifontsetup.dll
2013-05-04 04:56:48 411136 ----a-w- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56:35 582144 ----a-w- C:\WINDOWS\SysWow64\gpprefcl.dll
2013-05-04 04:56:14 449536 ----a-w- C:\WINDOWS\SysWow64\DevicePairing.dll
2013-05-04 04:56:06 92160 ----a-w- C:\WINDOWS\SysWow64\biwinrt.dll
2013-05-04 04:56:05 309760 ----a-w- C:\WINDOWS\SysWow64\BCP47Langs.dll
2013-05-04 04:56:05 2035712 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2013-05-04 04:55:58 389632 ----a-w- C:\WINDOWS\SysWow64\intl.cpl
2013-05-04 04:51:38 14848 ----a-w- C:\WINDOWS\System32\rars.rs
2013-05-04 04:48:33 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-05-04 04:48:26 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys
2013-05-04 04:47:02 427520 ----a-w- C:\WINDOWS\System32\drivers\rdbss.sys
2013-05-04 04:10:47 14848 ----a-w- C:\WINDOWS\SysWow64\rars.rs
2013-05-02 09:32:04 2274480 ----a-w- C:\WINDOWS\System32\coin94.dll
2013-05-01 02:59:12 94208 ----a-w- C:\WINDOWS\SysWow64\QuickTimeVR.qtx
2013-05-01 02:59:12 69632 ----a-w- C:\WINDOWS\SysWow64\QuickTime.qts
2013-04-28 22:30:55 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-04-28 22:30:12 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-04-28 22:28:33 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-04-28 22:28:29 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll
2013-04-28 22:28:00 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-04-16 02:34:44 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2013-04-15 06:02:04 334000 ----a-w- C:\WINDOWS\System32\RaCoInstx.dll
2013-04-15 06:02:04 2482960 ----a-w- C:\WINDOWS\System32\drivers\netr28x.sys
2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2013-04-11 06:40:48 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll
2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe
2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll
2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll
2013-04-09 05:18:05 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll
2013-04-09 05:17:57 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll
2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe
2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe
2013-04-09 04:52:07 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe
2013-04-09 04:52:07 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe
2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe
2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe
2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll
2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll
2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll
2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll
2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll
2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll
2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll
2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll
.
============= FINISH: 23:11:20.14 ===============
 

 

 

 

 

 

Attach.txt

 

 

 

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2012 01:08:09
System Uptime: 23/06/2013 22:27:24 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 144A
Processor: Intel® Core™ i5 CPU       M 460  @ 2.53GHz | CPU | 1733/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 26.811 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.773 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Mobility Radeon HD 5000 Series (Microsoft Corporation - WDDM v1.20)
Device ID: PCI\VEN_1002&DEV_68E0&SUBSYS_144A103C&REV_00\4&826E7DC&0&0008
Manufacturer: Advanced Micro Devices, Inc.
Name: ATI Mobility Radeon HD 5000 Series (Microsoft Corporation - WDDM v1.20)
PNP Device ID: PCI\VEN_1002&DEV_68E0&SUBSYS_144A103C&REV_00\4&826E7DC&0&0008
Service: amdkmdap
.
==== System Restore Points ===================
.
RP39: 09/06/2013 22:51:40 - Scheduled Checkpoint
RP40: 14/06/2013 14:35:22 - Windows Update
RP42: 18/06/2013 22:44:33 - Windows Modules Installer
RP43: 20/06/2013 23:12:09 - Installed Java 7 Update 25
.
==== Installed Programs ======================
.
Acrobat.com
ActiveState ActivePython 2.7.2.5 (32-bit)
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Dreamweaver CC
Adobe Dreamweaver CS6
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 11.5
Adobe Widget Browser
Advanced ZIP Password Recovery
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arduino
ATI Catalyst Install Manager
µTorrent
AVG 2013
Balsamiq Mockups For Desktop
Bing Bar
BitNami WordPress Module
BlackBerry Desktop Software 7.1
Bonjour
Bullzip PDF Printer 8.2.0.1394
Canon LBP2900
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
CyberLink DVD Suite
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Setup
Dropbox
DVD Menu Pack for HP MediaSmart Video
EndNote X6
Energy Star Digital Logo
ESET Online Scanner v3
ESU for Microsoft Windows 7
Free RAR Password Recovery
Free Screen Video Recorder version 2.5.26.1015
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP MediaSmart DVD
HP MediaSmart Movies and TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HyperCam 2
iCloud
IDT Audio
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Driver
iTunes
Java 7 Update 25
Java Auto Updater
Java SE Development Kit 7 Update 4 (64-bit)
Java™ 6 Update 20 (64-bit)
Java™ 6 Update 31
Java™ 7 Update 4 (64-bit)
Java™ SE Development Kit 7 Update 3 (64-bit)
JavaFX 2.1.0 (64-bit)
JavaFX 2.1.0 SDK (64-bit)
Junk Mail filter update
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.75.0.1300
Math Kernel Libraries
Math Kernel Libraries (64-bit)
Mathematica Extras 8.0 (2063897)
MATLAB R2012b
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
MyPC Backup 
National Instruments Software
NI-DAQmx/LabVIEW shared documentation 9.5.5
NI-DAQmx/LabVIEW shared documentation for 64 Bit Windows 9.5.5
NI-Mesa
NI-RPC 4.3.0f0
NI-RPC 4.3.0f0 for 64 Bit Windows
NI-RPC 4.3.0f0 for Phar Lap ETS
NI .NET Framework 4.0
NI ActiveX Container
NI ActiveX Container (64-bit)
NI Advanced Signal Processing Toolkit Old RT Compatibility
NI Assistant Framework
NI Assistant Framework 64-bit
NI Assistant Framework LabVIEW Code Generator 2012
NI Authentication 12.0.0
NI Authentication 12.0.0 (64-bit)
NI CodeSignAPI
NI Curl 12.0.0
NI Curl 12.0.0 (64-bit)
NI Customer Experience Improvement Program
NI DataSocket 5.0
NI DataSocket 5.0 (64-bit)
NI Distributed System Manager 2012
NI DN 2.0 SP1 installer
NI Error Reporting 2012
NI EulaDepot
NI Example Finder 12.0
NI GMP Windows 32-bit Installer 12.0.0
NI GMP Windows 64-bit Installer 12.0.0
NI Help Assistant
NI Help Assistant (64bit)
NI Instrument IO Assistant for LabVIEW 2012 32-bit
NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine
NI LabVIEW 2009 Advanced Signal Processing Toolkit Run-Time Engine 64Bit
NI LabVIEW 2011 Real-Time NBFifo
NI LabVIEW 2011 SP1 Deployable License
NI LabVIEW 2012 (32-bit)
NI LabVIEW 2012 Advanced Signal Processing Toolkit
NI LabVIEW 2012 Advanced Signal Processing Toolkit License
NI LabVIEW 2012 Advanced Signal Processing Toolkit RT Support
NI LabVIEW 2012 Biomedical Toolkit
NI LabVIEW 2012 Biomedical Toolkit LabVIEW Support
NI LabVIEW 2012 Biomedical Toolkit License
NI LabVIEW 2012 Deployable License
NI LabVIEW 2012 Deployment Framework
NI LabVIEW 2012 Digital Filter Design Toolkit
NI LabVIEW 2012 Digital Filter Design Toolkit License
NI LabVIEW 2012 Digital Filter Design Toolkit RT Support
NI LabVIEW 2012 f3
NI LabVIEW 2012 Help
NI LabVIEW 2012 Help File
NI LabVIEW 2012 License
NI LabVIEW 2012 Manuals
NI LabVIEW 2012 MeasAppChm File
NI LabVIEW 2012 Real-Time Error Dialog
NI LabVIEW 2012 Real-Time NBFifo
NI LabVIEW 2012 Run-Time Engine Web Server
NI LabVIEW 2012 Scripting Code Generator
NI LabVIEW 2012 Search
NI LabVIEW 2012 Simulation
NI LabVIEW 2012 Variable Web Service
NI LabVIEW 2012 Web Server
NI LabVIEW Broker
NI LabVIEW Broker (64 bit)
NI LabVIEW C Interface
NI LabVIEW Compare Utility 12.0.0
NI LabVIEW MAX XML
NI LabVIEW Merge Utility 12.0.0
NI LabVIEW Run-Time Engine 2011 SP1
NI LabVIEW Run-Time Engine 2012 f3
NI LabVIEW Run-Time Engine Interop 2011
NI LabVIEW Run-Time Engine Interop 2012
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 2010 LabVIEW DLL Builder
NI LabWindows/CVI 2010 SP1 Analysis Library
NI LabWindows/CVI 2010 SP1 Analysis Library (64-bit)
NI LabWindows/CVI 2010 SP1 Code Generator
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
NI LabWindows/CVI 2010 SP1 Network Variable Library
NI LabWindows/CVI 2010 SP1 Network Variable Library (64-bit)
NI LabWindows/CVI 2010 SP1 Run-Time Engine (64-bit)
NI LabWindows/CVI 2010 SP1 TDM Streaming Library
NI LabWindows/CVI 2010 SP1 TDM Streaming Library (64-bit)
NI LabWindows/CVI Run-Time Engine 2010 SP1
NI LabWindows/CVI Run-Time Engine 2010 SP1 (Updated)
NI License Manager
NI Logos 5.4
NI Logos 5.4 (64-bit)
NI Logos LabVIEW 2012 Support
NI Logos XT Support
NI Logos64 XT Support
NI Math Kernel Libraries
NI Math Kernel Libraries (64-bit)
NI MAX Remote Configuration 64-bit Installer 5.3.3
NI MAX Remote Configuration Installer 5.3.3
NI MAX Support for 64 Bit Windows
NI MDF Support
NI mDNS Responder 2.1 for Windows 64-bit
NI mDNS Responder 2.1.0
NI Measurement & Automation Explorer 5.3.3
NI Measurement Studio Common .NET Assemblies (x64) for .NET 3.5
NI Measurement Studio Common .NET Assemblies for .NET 2.0
NI Measurement Studio Common .NET Assemblies for .NET 3.5
NI Measurement Studio Recipe Processor
NI MetaSuite Installer
NI MXS 5.3.0
NI MXS 5.3.0 for 64 Bit Windows
NI Network Browser 5.3.0
NI Network Discovery 5.3
NI Network Discovery 5.3 for Windows 64-bit
NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
NI NI LabVIEW 2012 Run-Time Engine Non-English Support.
NI OPC Support
NI Portable Configuration 5.3.0
NI Portable Configuration for 64 Bit Windows 5.3.0
NI Registration Wizard
NI Remote Provider for MAX 5.3.3
NI Remote PXI Provider for MAX 5.3.0
NI Search Shared
NI SLCP 1.0
NI Software Provider for MAX 5.3.0
NI SSL LabVIEW 2012 Support
NI SSL LabVIEW RTE 2012 Support
NI SSL Support
NI SSL Support (64-bit)
NI System API Client for WIF 5.3.3
NI System API Web-Servce 32-bit 5.3.3
NI System API Windows 32-bit 5.3.3
NI System API Windows 64-bit 5.3.3
NI System Configuration 5.3.3 LabVIEW Support
NI System Configuration LV2012 Support 5.3.3
NI System Configuration Runtime 5.3.3
NI System Configuration Runtime 5.3.3 for Windows 64-bit
NI System State Publisher
NI System State Publisher (64-bit)
NI System Web Server 12.0
NI System Web Server Base 12.0.0
NI System Web Server Base 12.0.0 (64-bit)
NI TDM Excel Add-In 3.4
NI TDM Excel Add-In 3.4 64-bit
NI TDM Streaming 2.4
NI TDM Streaming 2.4 (64-bit)
NI Trace Engine
NI Trace Engine (64-bit)
NI Uninstaller
NI Update Service 2.1
NI USI 2.0.0
NI USI 2.0.0 64-Bit
NI USI Audio DataPlugin 1.1.3
NI USI C3D DataPlugin 1.0
NI USI DASYLab DataPlugin 1.0
NI USI European Data Format Plugin 1.0
NI USI Matlab Sp.Write Plugin 1.0.2
NI USI PhysioBank DataPlugin 1.1
NI Variable Engine (64-bit)
NI Variable Engine 2.6.0
NI Variable Engine LabVIEW 2012 Support
NI VC2005MSMs x64
NI VC2005MSMs x86
NI VC2008MSMs x64
NI VC2008MSMs x86
NI VC2010MSMs x64
NI VC2010MSMs x86
NI VIPM Helper 2012
NI Vision .NET 2012
NI Vision .NET Run-Time Engine 2012
NI Vision 2012
NI Vision 2012 64-bit
NI Vision Assistant 2012
NI Vision Assistant 2012 .NET
NI Vision Assistant 2012 64-bit
NI Vision Common Resources 2012 f1
NI Vision Common Resources 2012 f1 64-bit
NI Vision Run-Time Engine 2012
NI Vision Run-Time Engine 2012 64-bit
NI Web Application Server 12.0
NI Web Application Server 12.0 (64-bit)
NI Web Interface Framework 2012
NI Web Pipeline 2.0.1
NI Web Pipeline 2.0.1 64-bit support
NI Xalan Delay Load 1.10.2
NI Xalan Delay Load 1.10.2 64-bit
NI Xerces Delay Load 2.7.3
NI Xerces Delay Load 2.7.3 64-bit
Notepad++
PhotoNow!
Picasa 3
PlotReader
Power2Go
PowerDirector
PX Profile Update
Python 2.7 setuptools-0.6c11
QuickTime
Ralink Motorola BC4 Bluetooth 3.0+HS Adapter
Ralink RT3090 802.11b/g/n WiFi Adapter
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
ResearchSoft Direct Export Helper
Reset NI Config 5.0.0
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Secure Download Manager
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype™ 6.3
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texmaker
TomTom HOME
TomTom HOME Visual Studio Merge Modules
tools-linux
TopArcadeHits
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Validity Sensors DDK
VC80CRTRedist - 8.0.50727.6195
Visual Paradigm for UML CE 10.0
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.3
VMware Player
WIF Core Dependencies Windows 5.3.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
Wolfram Mathematica 8 (M-WIN-L 8.0.1 2063990)
XAMPP 1.8.1-0
ZoneAlarm Do Not Track Add-on 2.2.5.1213
.
==== Event Viewer Messages From Past Week ========
.
23/06/2013 22:33:34, Error: Service Control Manager [7034]  - The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).
23/06/2013 22:29:47, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
23/06/2013 22:29:47, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
23/06/2013 22:28:27, Error: Service Control Manager [7000]  - The Rapport Management Service service failed to start due to the following error:  The file or directory is corrupted and unreadable.
23/06/2013 22:27:35, Error: Microsoft-Windows-Kernel-General [6]  - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
23/06/2013 18:46:21, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {000C101C-0000-0000-C000-000000000046}  and APPID  {000C101C-0000-0000-C000-000000000046}  to the user Hasnain-HP\Hasnain SID (S-1-5-21-2168458688-1415637737-563279600-1000) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
23/06/2013 15:34:42, Error: Service Control Manager [7046]  - The following service has repeatedly stopped responding to service control requests: Print Spooler Contact the service vendor or the system administrator about whether to disable this service until the problem is identified. You may have to restart the computer in safe mode before you can disable the service.
23/06/2013 15:34:12, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.
23/06/2013 11:31:38, Error: Service Control Manager [7022]  - The Intel® Management & Security Application User Notification Service service hung on starting.
23/06/2013 11:13:07, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
22/06/2013 23:23:01, Error: hpdskflt [1001]  - 
22/06/2013 20:51:25, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F082F: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2836947).
22/06/2013 20:51:25, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800F082F: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2836946).
19/06/2013 23:32:42, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
18/06/2013 23:01:26, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
 

 

 

 

Thanks!!



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 24 June 2013 - 12:18 AM


Hello hasnain721

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 27 June 2013 - 12:32 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 hasnain721

hasnain721
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 27 June 2013 - 02:47 PM

Hi Gringo,

 

Firstly, I would like to take this opportunity to massively thank you for taking your time out to help me.

 

 

As requested:

 

 

 

JRT.txt

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Pro x64
Ran by Hasnain on 26/06/2013 at 20:18:06.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56D0AF1D-46A4-4D87-9BD0-372E89A419E3}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{56D0AF1D-46A4-4D87-9BD0-372E89A419E3}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/06/2013 at 20:25:47.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

AdwCleaner

 

 

 

 

# AdwCleaner v2.303 - Logfile created 06/25/2013 at 21:48:16

# Updated 08/06/2013 by Xplode
# Operating system : Windows 8 Pro  (64 bits)
# User : Hasnain - HASNAIN-HP
# Boot Mode : Normal
# Running from : C:\Users\Hasnain\Downloads\AdwCleaner (2).exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
 
***** [Registry] *****
 
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Users\Hasnain\AppData\Roaming\Mozilla\Firefox\Profiles\7awkijba.default-1371983851820\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Users\Hasnain\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [14131 octets] - [18/06/2013 23:32:04]
AdwCleaner[R2].txt - [1196 octets] - [25/06/2013 21:47:41]
AdwCleaner[S1].txt - [303 octets] - [18/06/2013 23:29:10]
AdwCleaner[S2].txt - [14396 octets] - [18/06/2013 23:32:45]
AdwCleaner[S3].txt - [1133 octets] - [25/06/2013 21:48:16]
 
########## EOF - C:\AdwCleaner[S3].txt - [1193 octets] ##########


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 27 June 2013 - 09:24 PM


Hello hasnain721

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 30 June 2013 - 12:05 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 30 June 2013 - 12:08 PM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 hasnain721

hasnain721
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 02 July 2013 - 04:28 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo

 

 

 

 

Apologies, I wasnt feeling very well. I will edit this post and post what you requested soon. Thanks!

 

 

 

 

 

 

 

 

 

 

 

 

 

ComboFix 13-07-02.03 - Hasnain 02/07/2013  22:37:37.1.4 - x64
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.7990.5773 [GMT 1:00]
Running from: c:\users\Hasnain\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hasnain\AppData\Roaming\Microsoft\Windows\Recent\100m (2).mat
c:\users\Hasnain\AppData\Roaming\Microsoft\Windows\Recent\100m.mat
c:\users\Hasnain\AppData\Roaming\Microsoft\Windows\Recent\final_variables.mat
c:\users\Hasnain\AppData\Roaming\Microsoft\Windows\Recent\test.mat
c:\users\Hasnain\Documents\~WRL1118.tmp
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-02 to 2013-07-02  )))))))))))))))))))))))))))))))
.
.
2013-07-02 21:53 . 2013-07-02 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 12:07 . 2013-06-30 15:54 -------- d-----w- C:\movefilter
2013-06-30 12:05 . 2013-06-30 12:37 -------- d-----w- c:\users\Hasnain\AppData\Roaming\FileZilla
2013-06-30 12:04 . 2013-06-30 12:04 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2013-06-25 20:51 . 2013-06-25 20:51 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-06-25 20:48 . 2013-06-25 20:49 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-23 21:35 . 2013-06-25 00:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-23 21:35 . 2013-06-23 21:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-06-23 10:13 . 2013-06-23 10:16 -------- d-----w- c:\users\Hasnain\AppData\Local\Deployment
2013-06-23 10:13 . 2013-06-23 10:13 -------- d-----w- c:\users\Hasnain\AppData\Local\Apps
2013-06-22 19:44 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-06-18 23:03 . 2013-06-18 23:03 -------- d-----w- c:\program files (x86)\ESET
2013-06-18 22:39 . 2013-06-18 22:39 -------- d-----w- c:\windows\ERUNT
2013-06-18 22:38 . 2013-06-26 19:17 -------- d-----w- C:\JRT
2013-06-17 22:50 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-06-16 16:52 . 2013-05-23 23:01 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-06-16 16:52 . 2013-05-23 22:27 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-06-16 15:09 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-06-16 15:09 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-06-16 15:09 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-06-15 17:54 . 2013-05-10 02:42 17271808 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 17:54 . 2013-05-10 02:21 16642560 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 17:25 . 2013-05-04 07:45 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 14:27 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 14:27 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-15 14:27 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-15 14:27 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 14:27 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 14:27 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-15 14:27 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-15 14:04 . 2013-04-27 05:20 733184 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 00:02 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-15 00:02 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-14 13:44 . 2013-05-15 22:35 19230720 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:05 . 2013-06-11 23:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 23:05 . 2013-06-11 23:06 -------- d-----w- c:\program files\iTunes
2013-06-11 23:05 . 2013-06-11 23:06 -------- d-----w- c:\program files (x86)\iTunes
2013-06-11 23:05 . 2013-06-11 23:05 -------- d-----w- c:\program files\iPod
2013-06-09 21:22 . 2013-06-09 21:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\users\Hasnain\AppData\Roaming\Malwarebytes
2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\programdata\Malwarebytes
2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-09 20:40 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 13:36 . 2012-04-12 15:42 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 20:48 . 2012-09-08 17:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 20:48 . 2010-07-23 15:17 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 20:47 . 2013-06-20 22:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-04 22:09 . 2013-01-17 21:00 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2013-01-17 21:00 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 21:31 . 2012-12-11 17:57 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-15 22:37 . 2013-06-14 13:43 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 02:24 . 2013-06-16 15:09 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 08:28 . 2013-03-14 15:10 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-04 04:58 . 2013-06-16 13:43 34304 ----a-w- c:\windows\SysWow64\wuapp.exe
2013-05-04 04:58 . 2013-06-16 13:43 83968 ----a-w- c:\windows\SysWow64\wudriver.dll
2013-05-04 04:58 . 2013-06-16 13:43 125952 ----a-w- c:\windows\SysWow64\wuwebv.dll
2013-05-04 04:58 . 2013-06-16 13:43 621056 ----a-w- c:\windows\SysWow64\wuapi.dll
2013-05-04 04:57 . 2013-06-16 13:43 10788864 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57 . 2013-06-16 13:43 8857088 ----a-w- c:\windows\SysWow64\twinui.dll
2013-05-04 04:57 . 2013-06-16 13:43 247296 ----a-w- c:\windows\SysWow64\ubpm.dll
2013-05-02 09:32 . 2013-05-02 09:32 2274480 ----a-w- c:\windows\system32\coin94.dll
2013-05-01 14:54 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 02:59 . 2013-05-01 02:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 02:59 . 2013-05-01 02:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-28 22:30 . 2013-06-14 13:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-04-16 02:34 . 2013-05-15 11:50 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-15 06:02 . 2013-04-15 06:02 334000 ----a-w- c:\windows\system32\RaCoInstx.dll
2013-04-15 06:02 . 2013-04-15 06:02 2482960 ----a-w- c:\windows\system32\drivers\netr28x.sys
2013-04-13 05:56 . 2013-05-15 13:16 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-11 06:40 . 2013-05-15 11:48 6987528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 05:33 . 2013-05-18 12:09 446792 ----a-w- c:\windows\system32\AudioSes.dll
2013-04-09 05:33 . 2013-05-18 12:09 489576 ----a-w- c:\windows\system32\AudioEng.dll
2013-04-09 05:33 . 2013-05-18 12:09 253544 ----a-w- c:\windows\system32\audiodg.exe
2013-04-09 05:20 . 2013-05-18 12:09 306952 ----a-w- c:\windows\system32\kd_02_10ec.dll
2013-04-09 05:20 . 2013-05-18 12:09 86280 ----a-w- c:\windows\system32\kdnet.dll
2013-04-09 05:18 . 2013-05-18 12:09 77960 ----a-w- c:\windows\system32\kdvm.dll
2013-04-09 05:17 . 2013-05-18 12:09 1829408 ----a-w- c:\windows\system32\ntdll.dll
2013-04-09 04:52 . 2013-05-18 12:09 816128 ----a-w- c:\windows\system32\SearchIndexer.exe
2013-04-09 04:52 . 2013-05-18 12:09 373760 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2013-04-09 04:52 . 2013-05-18 12:09 197120 ----a-w- c:\windows\system32\SearchFilterHost.exe
2013-04-09 04:52 . 2013-05-18 12:09 126464 ----a-w- c:\windows\system32\Robocopy.exe
2013-04-09 04:52 . 2013-05-18 12:09 804352 ----a-w- c:\windows\system32\RecoveryDrive.exe
2013-04-09 04:51 . 2013-05-18 12:09 367616 ----a-w- c:\windows\system32\conhost.exe
2013-04-09 04:51 . 2013-05-18 12:09 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-09 04:51 . 2013-05-18 12:09 456704 ----a-w- c:\windows\system32\wpncore.dll
2013-04-09 04:51 . 2013-05-18 12:09 99840 ----a-w- c:\windows\system32\wscsvc.dll
2013-04-09 04:51 . 2013-05-18 12:10 14267904 ----a-w- c:\windows\system32\wmp.dll
2013-04-09 04:51 . 2013-05-18 12:09 595456 ----a-w- c:\windows\system32\Windows.Networking.dll
2013-04-09 04:51 . 2013-05-18 12:09 391168 ----a-w- c:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51 . 2013-05-18 12:10 3552768 ----a-w- c:\windows\system32\tquery.dll
2013-04-09 04:50 . 2013-05-18 12:09 414720 ----a-w- c:\windows\system32\GenuineCenter.dll
2013-04-09 04:50 . 2013-05-18 12:09 1285632 ----a-w- c:\windows\system32\schedsvc.dll
2013-04-09 04:50 . 2013-05-18 12:09 422400 ----a-w- c:\windows\system32\schannel.dll
2013-04-09 04:50 . 2013-05-18 12:10 2107904 ----a-w- c:\windows\system32\mssrch.dll
2013-04-09 04:50 . 2013-05-18 12:09 745984 ----a-w- c:\windows\system32\mssvp.dll
2013-04-09 04:50 . 2013-05-18 12:09 96256 ----a-w- c:\windows\system32\mssprxy.dll
2013-04-09 04:50 . 2013-05-18 12:09 435200 ----a-w- c:\windows\system32\mssph.dll
2013-04-09 04:50 . 2013-05-18 12:09 65024 ----a-w- c:\windows\system32\msscntrs.dll
2013-04-09 04:50 . 2013-05-18 12:09 13824 ----a-w- c:\windows\system32\msshooks.dll
2013-04-09 04:49 . 2013-05-18 12:09 1444864 ----a-w- c:\windows\system32\MSAudDecMFT.dll
2013-04-09 04:49 . 2013-05-18 12:09 468992 ----a-w- c:\windows\system32\MFMediaEngine.dll
2013-04-09 04:49 . 2013-05-18 12:09 281088 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-04-09 04:49 . 2013-05-18 12:09 817152 ----a-w- c:\windows\system32\kerberos.dll
2013-04-09 04:49 . 2013-05-18 12:09 210432 ----a-w- c:\windows\system32\iuilp.dll
2013-04-09 04:49 . 2013-05-18 12:09 231936 ----a-w- c:\windows\system32\fhengine.dll
2013-04-09 04:49 . 2013-05-18 12:09 50176 ----a-w- c:\windows\system32\fmifs.dll
2013-04-09 04:49 . 2013-05-18 12:09 172544 ----a-w- c:\windows\system32\dwmredir.dll
2013-04-09 04:49 . 2013-05-18 12:09 196096 ----a-w- c:\windows\system32\dmvdsitf.dll
2013-04-09 04:48 . 2013-05-18 12:09 785408 ----a-w- c:\windows\system32\audiosrv.dll
2013-04-09 04:48 . 2013-05-18 12:09 169472 ----a-w- c:\windows\system32\AudioEndpointBuilder.dll
2013-04-09 02:35 . 2013-05-18 12:09 4038144 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 02:34 . 2013-05-18 12:09 95744 ----a-w- c:\windows\system32\drivers\hidbth.sys
2013-04-09 02:33 . 2013-05-18 12:09 60416 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-04-09 02:33 . 2013-05-18 12:09 623104 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-04-09 02:32 . 2013-05-18 12:09 805376 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2013-04-09 02:31 . 2013-05-18 12:09 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-04-09 02:31 . 2013-05-18 12:09 83456 ----a-w- c:\windows\system32\drivers\wanarp.sys
2013-04-08 23:44 . 2013-05-18 12:09 123880 ----a-w- c:\windows\SysWow64\wscapi.dll
2013-04-08 23:39 . 2013-05-18 12:09 1408896 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-04-08 23:37 . 2013-05-18 12:09 426024 ----a-w- c:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37 . 2013-05-18 12:09 324368 ----a-w- c:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52 . 2013-05-18 12:09 302592 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52 . 2013-05-18 12:09 670208 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52 . 2013-05-18 12:09 171008 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52 . 2013-05-18 12:09 106496 ----a-w- c:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52 . 2013-05-18 12:09 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-08 21:51 . 2013-05-18 12:09 411136 ----a-w- c:\windows\SysWow64\Windows.Networking.dll
2013-04-08 21:51 . 2013-05-18 12:09 268800 ----a-w- c:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-04-08 21:51 . 2013-05-18 12:10 2767360 ----a-w- c:\windows\SysWow64\tquery.dll
2013-04-08 21:51 . 2013-05-18 12:09 324096 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-08 21:51 . 2013-05-18 12:10 1593344 ----a-w- c:\windows\SysWow64\mssrch.dll
2013-04-08 21:51 . 2013-05-18 12:09 403968 ----a-w- c:\windows\SysWow64\mssph.dll
2013-04-08 21:51 . 2013-05-18 12:09 659456 ----a-w- c:\windows\SysWow64\mssvp.dll
2013-04-08 21:51 . 2013-05-18 12:09 186880 ----a-w- c:\windows\SysWow64\mssphtb.dll
2013-04-08 21:51 . 2013-05-18 12:09 35328 ----a-w- c:\windows\SysWow64\mssprxy.dll
2013-04-08 21:51 . 2013-05-18 12:09 10752 ----a-w- c:\windows\SysWow64\msshooks.dll
2013-04-08 21:51 . 2013-05-18 12:09 1113600 ----a-w- c:\windows\SysWow64\MSAudDecMFT.dll
2013-04-08 21:51 . 2013-05-18 12:09 214528 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2013-04-08 21:51 . 2013-05-18 12:09 361984 ----a-w- c:\windows\SysWow64\MFMediaEngine.dll
2013-04-08 21:51 . 2013-05-18 12:09 656896 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-04-08 21:51 . 2013-05-18 12:09 41984 ----a-w- c:\windows\SysWow64\fmifs.dll
2013-04-08 21:51 . 2013-05-18 12:09 155648 ----a-w- c:\windows\SysWow64\dmvdsitf.dll
2013-04-04 23:30 . 2013-05-18 12:09 503080 ----a-w- c:\windows\system32\ci.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 10:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
2013-05-26 22:17 153432 ----a-w- c:\users\Hasnain\AppData\Local\TopArcadeHits\Toparcadehits.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2013-03-28 1106288]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
"NIRegistrationWizard"="c:\program files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe" [2010-06-21 846520]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-03-28 310640]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"NI Update Service"="c:\program files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" [2012-06-08 851592]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-14 295072]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"AdobeCEPServiceManager"="c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" [2013-03-13 1039248]
.
c:\users\Hasnain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2012-3-1 60384]
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe;c:\cygwin\bin\cygrunsrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\System32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\System32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\System32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-23 10:17 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 19:47]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 23:39]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 23:39]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2168458688-1415637737-563279600-1000Core.job
- c:\users\Hasnain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 10:52]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2168458688-1415637737-563279600-1000UA.job
- c:\users\Hasnain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 10:52]
.
2013-06-09 c:\windows\Tasks\HPCeeScheduleForHasnain.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-07-02 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-10-24 18:59]
.
2013-06-30 c:\windows\Tasks\TopArcadeHits.job
- c:\users\Hasnain\AppData\Local\TopArcadeHits\updater.exe [2013-05-26 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-14 168480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-14 393248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-14 417824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Hasnain\AppData\Roaming\Mozilla\Firefox\Profiles\7awkijba.default-1371983851820\
FF - ExtSQL: 2013-05-26 23:17; {0113D088-8ED1-468C-B225-585A9C53B5E3}; c:\users\Hasnain\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\lkads.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\windows\SysWOW64\lkcitdl.exe
c:\windows\SysWOW64\lktsrv.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\AVG\AVG2013\avgcfgex.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
c:\program files (x86)\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2013-07-02  23:07:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-02 22:07
.
Pre-Run: 25,895,882,752 bytes free
Post-Run: 25,684,652,032 bytes free
.
- - End Of File - - B9904FA59C9A230B86BC4E431E9B6F4B
D41D8CD98F00B204E9800998ECF8427E
 

 

 

 

The pop ups seem to have stopped! Does that mean the malware is gone?

 

 

Thanks!!


Edited by hasnain721, 02 July 2013 - 05:08 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 02 July 2013 - 09:28 PM


Hello hasnain721,

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\MyPC Backup
c:\users\Hasnain\AppData\Local\TopArcadeHits

File::
c:\windows\Tasks\TopArcadeHits.job 


Driver::
BackupStack

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 05 July 2013 - 12:56 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 hasnain721

hasnain721
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 06 July 2013 - 07:37 AM

gringo_pr, on 03 Jul 2013 - 03:28 AM, said:
Hello hasnain721,

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\MyPC Backup
c:\users\Hasnain\AppData\Local\TopArcadeHits

File::
c:\windows\Tasks\TopArcadeHits.job


Driver::
BackupStack

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
In your next post I need the following
report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?
Gringo




Hi,


1.







ComboFix 13-07-03.01 - Hasnain 03/07/2013  22:17:55.2.4 - x64
Microsoft Windows 8 Pro  6.2.9200.0.1252.44.2057.18.7990.6468 [GMT 1:00]
Running from: c:\users\Hasnain\Downloads\ComboFix.exe
Command switches used :: c:\users\Hasnain\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\TopArcadeHits.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\TopArcadeHits.job
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BackupStack
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-03 to 2013-07-03  )))))))))))))))))))))))))))))))
.
.
2013-07-03 21:32 . 2013-07-03 21:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 12:07 . 2013-06-30 15:54 -------- d-----w- C:\movefilter
2013-06-30 12:05 . 2013-06-30 12:37 -------- d-----w- c:\users\Hasnain\AppData\Roaming\FileZilla
2013-06-30 12:04 . 2013-06-30 12:04 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2013-06-25 20:51 . 2013-06-25 20:51 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-06-25 20:48 . 2013-06-25 20:49 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-06-23 21:35 . 2013-06-25 00:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-06-23 21:35 . 2013-06-23 21:35 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-06-23 10:13 . 2013-06-23 10:16 -------- d-----w- c:\users\Hasnain\AppData\Local\Deployment
2013-06-23 10:13 . 2013-06-23 10:13 -------- d-----w- c:\users\Hasnain\AppData\Local\Apps
2013-06-22 19:44 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-06-20 22:13 . 2013-06-12 20:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 23:03 . 2013-06-18 23:03 -------- d-----w- c:\program files (x86)\ESET
2013-06-18 22:39 . 2013-06-18 22:39 -------- d-----w- c:\windows\ERUNT
2013-06-18 22:38 . 2013-06-26 19:17 -------- d-----w- C:\JRT
2013-06-17 22:50 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-06-16 16:52 . 2013-05-23 23:01 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-06-16 16:52 . 2013-05-23 22:27 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-06-16 15:09 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-06-16 15:09 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-06-16 15:09 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-06-16 15:09 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-06-15 17:54 . 2013-05-10 02:42 17271808 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 17:54 . 2013-05-10 02:21 16642560 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-15 17:25 . 2013-05-04 07:45 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 14:27 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 14:27 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-15 14:27 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-15 14:27 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 14:27 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 14:27 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-15 14:27 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-15 14:04 . 2013-04-27 05:20 733184 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 00:02 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-15 00:02 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-14 13:44 . 2013-05-15 22:35 19230720 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:05 . 2013-06-11 23:06 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-11 23:05 . 2013-06-11 23:06 -------- d-----w- c:\program files\iTunes
2013-06-11 23:05 . 2013-06-11 23:06 -------- d-----w- c:\program files (x86)\iTunes
2013-06-11 23:05 . 2013-06-11 23:05 -------- d-----w- c:\program files\iPod
2013-06-09 21:22 . 2013-06-09 21:47 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\users\Hasnain\AppData\Roaming\Malwarebytes
2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\programdata\Malwarebytes
2013-06-09 20:40 . 2013-06-09 20:40 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-09 20:40 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 13:36 . 2012-04-12 15:42 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 20:48 . 2012-09-08 17:20 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-12 20:48 . 2010-07-23 15:17 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-04 22:09 . 2013-01-17 21:00 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-04 22:09 . 2013-01-17 21:00 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 21:31 . 2012-12-11 17:57 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-14 08:28 . 2013-03-14 15:10 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-05-02 09:32 . 2013-05-02 09:32 2274480 ----a-w- c:\windows\system32\coin94.dll
2013-05-01 14:54 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-01 02:59 . 2013-05-01 02:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 02:59 . 2013-05-01 02:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-16 02:34 . 2013-05-15 11:50 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-15 06:02 . 2013-04-15 06:02 334000 ----a-w- c:\windows\system32\RaCoInstx.dll
2013-04-15 06:02 . 2013-04-15 06:02 2482960 ----a-w- c:\windows\system32\drivers\netr28x.sys
2013-04-13 05:56 . 2013-05-15 13:16 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-11 06:40 . 2013-05-15 11:48 6987528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-09 05:33 . 2013-05-18 12:09 446792 ----a-w- c:\windows\system32\AudioSes.dll
2013-04-09 05:33 . 2013-05-18 12:09 489576 ----a-w- c:\windows\system32\AudioEng.dll
2013-04-09 05:33 . 2013-05-18 12:09 253544 ----a-w- c:\windows\system32\audiodg.exe
2013-04-09 05:20 . 2013-05-18 12:09 306952 ----a-w- c:\windows\system32\kd_02_10ec.dll
2013-04-09 05:20 . 2013-05-18 12:09 86280 ----a-w- c:\windows\system32\kdnet.dll
2013-04-09 05:18 . 2013-05-18 12:09 77960 ----a-w- c:\windows\system32\kdvm.dll
2013-04-09 05:17 . 2013-05-18 12:09 1829408 ----a-w- c:\windows\system32\ntdll.dll
2013-04-09 04:52 . 2013-05-18 12:09 816128 ----a-w- c:\windows\system32\SearchIndexer.exe
2013-04-09 04:52 . 2013-05-18 12:09 373760 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2013-04-09 04:52 . 2013-05-18 12:09 197120 ----a-w- c:\windows\system32\SearchFilterHost.exe
2013-04-09 04:52 . 2013-05-18 12:09 126464 ----a-w- c:\windows\system32\Robocopy.exe
2013-04-09 04:52 . 2013-05-18 12:09 804352 ----a-w- c:\windows\system32\RecoveryDrive.exe
2013-04-09 04:51 . 2013-05-18 12:09 367616 ----a-w- c:\windows\system32\conhost.exe
2013-04-09 04:51 . 2013-05-18 12:09 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-09 04:51 . 2013-05-18 12:09 456704 ----a-w- c:\windows\system32\wpncore.dll
2013-04-09 04:51 . 2013-05-18 12:09 99840 ----a-w- c:\windows\system32\wscsvc.dll
2013-04-09 04:51 . 2013-05-18 12:10 14267904 ----a-w- c:\windows\system32\wmp.dll
2013-04-09 04:51 . 2013-05-18 12:09 595456 ----a-w- c:\windows\system32\Windows.Networking.dll
2013-04-09 04:51 . 2013-05-18 12:09 391168 ----a-w- c:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2013-04-09 04:51 . 2013-05-18 12:10 3552768 ----a-w- c:\windows\system32\tquery.dll
2013-04-09 04:50 . 2013-05-18 12:09 414720 ----a-w- c:\windows\system32\GenuineCenter.dll
2013-04-09 04:50 . 2013-05-18 12:09 1285632 ----a-w- c:\windows\system32\schedsvc.dll
2013-04-09 04:50 . 2013-05-18 12:09 422400 ----a-w- c:\windows\system32\schannel.dll
2013-04-09 04:50 . 2013-05-18 12:10 2107904 ----a-w- c:\windows\system32\mssrch.dll
2013-04-09 04:50 . 2013-05-18 12:09 745984 ----a-w- c:\windows\system32\mssvp.dll
2013-04-09 04:50 . 2013-05-18 12:09 96256 ----a-w- c:\windows\system32\mssprxy.dll
2013-04-09 04:50 . 2013-05-18 12:09 435200 ----a-w- c:\windows\system32\mssph.dll
2013-04-09 04:50 . 2013-05-18 12:09 65024 ----a-w- c:\windows\system32\msscntrs.dll
2013-04-09 04:50 . 2013-05-18 12:09 13824 ----a-w- c:\windows\system32\msshooks.dll
2013-04-09 04:49 . 2013-05-18 12:09 1444864 ----a-w- c:\windows\system32\MSAudDecMFT.dll
2013-04-09 04:49 . 2013-05-18 12:09 468992 ----a-w- c:\windows\system32\MFMediaEngine.dll
2013-04-09 04:49 . 2013-05-18 12:09 281088 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-04-09 04:49 . 2013-05-18 12:09 817152 ----a-w- c:\windows\system32\kerberos.dll
2013-04-09 04:49 . 2013-05-18 12:09 210432 ----a-w- c:\windows\system32\iuilp.dll
2013-04-09 04:49 . 2013-05-18 12:09 231936 ----a-w- c:\windows\system32\fhengine.dll
2013-04-09 04:49 . 2013-05-18 12:09 50176 ----a-w- c:\windows\system32\fmifs.dll
2013-04-09 04:49 . 2013-05-18 12:09 172544 ----a-w- c:\windows\system32\dwmredir.dll
2013-04-09 04:49 . 2013-05-18 12:09 196096 ----a-w- c:\windows\system32\dmvdsitf.dll
2013-04-09 04:48 . 2013-05-18 12:09 785408 ----a-w- c:\windows\system32\audiosrv.dll
2013-04-09 04:48 . 2013-05-18 12:09 169472 ----a-w- c:\windows\system32\AudioEndpointBuilder.dll
2013-04-09 02:35 . 2013-05-18 12:09 4038144 ----a-w- c:\windows\system32\win32k.sys
2013-04-09 02:34 . 2013-05-18 12:09 95744 ----a-w- c:\windows\system32\drivers\hidbth.sys
2013-04-09 02:33 . 2013-05-18 12:09 60416 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-04-09 02:33 . 2013-05-18 12:09 623104 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-04-09 02:32 . 2013-05-18 12:09 805376 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2013-04-09 02:31 . 2013-05-18 12:09 247808 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-04-09 02:31 . 2013-05-18 12:09 83456 ----a-w- c:\windows\system32\drivers\wanarp.sys
2013-04-08 23:44 . 2013-05-18 12:09 123880 ----a-w- c:\windows\SysWow64\wscapi.dll
2013-04-08 23:39 . 2013-05-18 12:09 1408896 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-04-08 23:37 . 2013-05-18 12:09 426024 ----a-w- c:\windows\SysWow64\AudioEng.dll
2013-04-08 23:37 . 2013-05-18 12:09 324368 ----a-w- c:\windows\SysWow64\AudioSes.dll
2013-04-08 21:52 . 2013-05-18 12:09 302592 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2013-04-08 21:52 . 2013-05-18 12:09 670208 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2013-04-08 21:52 . 2013-05-18 12:09 171008 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2013-04-08 21:52 . 2013-05-18 12:09 106496 ----a-w- c:\windows\SysWow64\Robocopy.exe
2013-04-08 21:52 . 2013-05-18 12:09 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-08 21:51 . 2013-05-18 12:09 411136 ----a-w- c:\windows\SysWow64\Windows.Networking.dll
2013-04-08 21:51 . 2013-05-18 12:09 268800 ----a-w- c:\windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-04-08 21:51 . 2013-05-18 12:10 2767360 ----a-w- c:\windows\SysWow64\tquery.dll
2013-04-08 21:51 . 2013-05-18 12:09 324096 ----a-w- c:\windows\SysWow64\schannel.dll
2013-04-08 21:51 . 2013-05-18 12:10 1593344 ----a-w- c:\windows\SysWow64\mssrch.dll
2013-04-08 21:51 . 2013-05-18 12:09 403968 ----a-w- c:\windows\SysWow64\mssph.dll
2013-04-08 21:51 . 2013-05-18 12:09 659456 ----a-w- c:\windows\SysWow64\mssvp.dll
2013-04-08 21:51 . 2013-05-18 12:09 186880 ----a-w- c:\windows\SysWow64\mssphtb.dll
2013-04-08 21:51 . 2013-05-18 12:09 35328 ----a-w- c:\windows\SysWow64\mssprxy.dll
2013-04-08 21:51 . 2013-05-18 12:09 10752 ----a-w- c:\windows\SysWow64\msshooks.dll
2013-04-08 21:51 . 2013-05-18 12:09 1113600 ----a-w- c:\windows\SysWow64\MSAudDecMFT.dll
2013-04-08 21:51 . 2013-05-18 12:09 214528 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2013-04-08 21:51 . 2013-05-18 12:09 361984 ----a-w- c:\windows\SysWow64\MFMediaEngine.dll
2013-04-08 21:51 . 2013-05-18 12:09 656896 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-04-08 21:51 . 2013-05-18 12:09 41984 ----a-w- c:\windows\SysWow64\fmifs.dll
2013-04-08 21:51 . 2013-05-18 12:09 155648 ----a-w- c:\windows\SysWow64\dmvdsitf.dll
2013-04-04 23:30 . 2013-05-18 12:09 503080 ----a-w- c:\windows\system32\ci.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 10:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
2013-05-26 22:17 153432 ----a-w- c:\users\Hasnain\AppData\Local\TopArcadeHits\Toparcadehits.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
c:\users\Hasnain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Canon LBP2900 Status Window.lnk - c:\windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE [2012-3-1 60384]
NI Error Reporting.lnk - c:\program files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe [2012-5-29 659648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
3;2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe;c:\cygwin\bin\cygrunsrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit);c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S1 RapportCerberus_44365;RapportCerberus_44365;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIApplicationWebServer;NI Application Web Server;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe;c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [x]
S2 nimDNSResponder;NI mDNS Responder Service;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe;c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [x]
S2 NINetworkDiscovery;NI Network Discovery;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe;c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\System32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\System32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\System32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-23 10:17 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215264 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 19:47]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 23:39]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29 23:39]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2168458688-1415637737-563279600-1000Core.job
- c:\users\Hasnain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 10:52]
.
2013-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2168458688-1415637737-563279600-1000UA.job
- c:\users\Hasnain\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-24 10:52]
.
2013-06-09 c:\windows\Tasks\HPCeeScheduleForHasnain.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-07-03 c:\windows\Tasks\MATLAB R2012b Startup Accelerator.job
- c:\program files\MATLAB\R2012b\bin\win64\MATLABStartupAccelerator.exe [2012-10-24 18:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Hasnain\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 22:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-03-21 472992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-14 168480]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-14 393248]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-14 417824]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Hasnain\AppData\Roaming\Mozilla\Firefox\Profiles\7awkijba.default-1371983851820\
FF - ExtSQL: 2013-05-26 23:17; {0113D088-8ED1-468C-B225-585A9C53B5E3}; c:\users\Hasnain\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0113D088-8ED1-468C-B225-585A9C53B5E3}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\1394ohci]
"ImagePath"="\SystemRoot\System32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\3ware]
"ImagePath"="System32\drivers\3ware.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Accelerometer]
"ImagePath"="\SystemRoot\system32\DRIVERS\Accelerometer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ImagePath"="System32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpiex]
"ImagePath"="System32\Drivers\acpiex.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpipagr]
"ImagePath"="\SystemRoot\System32\drivers\acpipagr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AcpiPmi]
"ImagePath"="\SystemRoot\System32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpitime]
"ImagePath"="\SystemRoot\System32\drivers\acpitime.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
"ImagePath"="System32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
"ImagePath"="System32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
"ImagePath"="System32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AESTFilters]
"ImagePath"="c:\program files\IDT\WDM\AESTSr64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
"ImagePath"="System32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AllUserInstallAgent]
"ServiceDLL"="%SystemRoot%\system32\AUInstallAgent.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
"ImagePath"="\SystemRoot\System32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdkmdag]
"ImagePath"="\SystemRoot\system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdkmdap]
"ImagePath"="\SystemRoot\system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdPPM]
"ImagePath"="\SystemRoot\System32\drivers\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdsata]
"ImagePath"="System32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdsbs]
"ImagePath"="System32\drivers\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdxata]
"ImagePath"="System32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
"ImagePath"="System32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
"ImagePath"="System32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="System32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AtiHdmiService]
"ImagePath"="\SystemRoot\system32\drivers\AtiHdmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\AudioEndpointBuilder.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgboota]
"ImagePath"="system32\DRIVERS\avgboota.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="\SystemRoot\system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx64]
"ImagePath"="\SystemRoot\system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgwfpa]
"ImagePath"="\SystemRoot\system32\DRIVERS\avgwfpa.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b06bdrv]
"ImagePath"="System32\drivers\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BasicDisplay]
"ImagePath"="\SystemRoot\System32\drivers\BasicDisplay.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BasicRender]
"ImagePath"="\SystemRoot\System32\drivers\BasicRender.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BBSvc]
"ImagePath"="c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BBUpdate]
"ImagePath"="c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bluetooth Device Manager]
"ImagePath"="\"c:\program files\Motorola\Bluetooth\devmgrsrv.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bluetooth Media Service]
"ImagePath"="\"c:\program files\Motorola\Bluetooth\audiosrv.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bluetooth OBEX Service]
"ImagePath"="\"c:\program files\Motorola\Bluetooth\obexsrv.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrlAPI]
"ImagePath"="c:\cygwin\bin\cygrunsrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrokerInfrastructure]
"ServiceDll"="%SystemRoot%\System32\bisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthAvrcpTg]
"ImagePath"="\SystemRoot\System32\drivers\BthAvrcpTg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BthHFEnum]
"ImagePath"="\SystemRoot\System32\drivers\bthhfenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bthhfhid]
"ImagePath"="\SystemRoot\System32\drivers\BthHFHid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\System32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTMCOM]
"ImagePath"="System32\Drivers\btmcom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTMUSB]
"ImagePath"="\SystemRoot\System32\Drivers\btmusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
"ImagePath"="\SystemRoot\System32\drivers\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\System32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
"ImagePath"="System32\drivers\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_64]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_64]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]
"ImagePath"="\SystemRoot\System32\drivers\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CngHwAssist]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CompositeBus]
"ImagePath"="\SystemRoot\System32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\condrv]
"ImagePath"="System32\drivers\condrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CSC]
"ImagePath"="system32\drivers\csc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CscService]
"ServiceDll"="%SystemRoot%\System32\cscsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dam]
"ImagePath"="system32\drivers\dam.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dc3d]
"ImagePath"="\SystemRoot\System32\drivers\dc3d.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceAssociationService]
"ServiceDll"="%SystemRoot%\system32\das.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DeviceInstall]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dfsc]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dg_ssudbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\ssudbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
"ImagePath"="System32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dmvsc]
"ImagePath"="\SystemRoot\System32\drivers\dmvsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"ImagePath"="\SystemRoot\system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DsmSvc]
"ServiceDll"="%SystemRoot%\System32\DeviceSetupManager.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eaphost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ebdrv]
"ImagePath"="System32\drivers\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EhStorClass]
"ImagePath"="System32\drivers\EhStorClass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EhStorTcgDrv]
"ImagePath"="System32\drivers\EhStorTcgDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\System32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
"ImagePath"="\SystemRoot\System32\drivers\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fhsvc]
"ServiceDll"="%SystemRoot%\system32\fhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
"ImagePath"="System32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service]
"ImagePath"="\"c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service 64]
"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
"ImagePath"="\SystemRoot\System32\drivers\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FsUsbExDisk]
"ImagePath"="\??\c:\windows\SysWOW64\FsUsbExDisk.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FxPPM]
"ImagePath"="\SystemRoot\System32\drivers\fxppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
"ImagePath"="System32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gencounter]
"ImagePath"="\SystemRoot\System32\drivers\vmgencounter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GPIOClx0101]
"ImagePath"="System32\Drivers\msgpioclx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hcmon]
"ImagePath"="\??\c:\windows\system32\drivers\hcmon.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
"ImagePath"="\SystemRoot\System32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HECIx64]
"ImagePath"="\SystemRoot\System32\drivers\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBatt]
"ImagePath"="\SystemRoot\System32\drivers\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\System32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidi2c]
"ImagePath"="\SystemRoot\System32\drivers\hidi2c.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\System32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
"ImagePath"="\SystemRoot\System32\drivers\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HP Support Assistant Service]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HP Wireless Assistant Service]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpdskflt]
"ImagePath"="system32\DRIVERS\hpdskflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpqwmiex]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpSAMD]
"ImagePath"="System32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpsrv]
"ImagePath"="%SystemRoot%\system32\Hpservice.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HPWMISVC]
"ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hyperkbd]
"ImagePath"="\SystemRoot\System32\drivers\hyperkbd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HyperVideo]
"ImagePath"="\SystemRoot\system32\DRIVERS\HyperVideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"ImagePath"="\SystemRoot\System32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ialm]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor]
"ImagePath"="System32\drivers\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
"ImagePath"="System32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\igfx]
"ImagePath"="\SystemRoot\system32\DRIVERS\igdkmd64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
"ImagePath"="System32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Impcd]
"ImagePath"="\SystemRoot\System32\drivers\Impcd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
"ImagePath"="System32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
"ImagePath"="\SystemRoot\System32\drivers\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\System32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ImagePath"="System32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
"ImagePath"="\SystemRoot\System32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
"ImagePath"="\SystemRoot\System32\drivers\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
"ImagePath"="\SystemRoot\System32\drivers\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kdnic]
"ImagePath"="\SystemRoot\system32\DRIVERS\kdnic.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LkCitadelServer]
"ImagePath"="c:\windows\SysWOW64\lkcitdl.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lkClassAds]
"ImagePath"="c:\windows\SysWOW64\lkads.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lkTimeSync]
"ImagePath"="c:\windows\SysWOW64\lktsrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
"ImagePath"="\SystemRoot\system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LMS]
"ImagePath"="c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
"ImagePath"="System32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS2]
"ImagePath"="System32\drivers\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
"ImagePath"="System32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SSS]
"ImagePath"="System32\drivers\lsi_sss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSM]
"ServiceDll"="%SystemRoot%\System32\lsm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
"ImagePath"="System32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
"ImagePath"="System32\drivers\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Microsoft SharePoint Workspace Audit Service]
"ImagePath"="\"c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE\" /auditservice"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
"ImagePath"="\SystemRoot\System32\drivers\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
"ImagePath"="\SystemRoot\System32\drivers\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"ImagePath"="\SystemRoot\System32\drivers\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsBridge]
"ImagePath"="\SystemRoot\system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msgpiowin32]
"ImagePath"="\SystemRoot\System32\drivers\msgpiowin32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mshidumdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidumdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
"ImagePath"="System32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"ImagePath"="\SystemRoot\system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsLldp]
"ImagePath"="\SystemRoot\system32\DRIVERS\mslldp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"ImagePath"="\SystemRoot\system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"ImagePath"="\SystemRoot\system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"ImagePath"="\SystemRoot\System32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
"ImagePath"="\SystemRoot\system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MTConfig]
"ImagePath"="\SystemRoot\System32\drivers\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mvumis]
"ImagePath"="System32\drivers\mvumis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mxssvr]
"ImagePath"="\"c:\program files (x86)\National Instruments\MAX\nimxs.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
"ImagePath"="\SystemRoot\system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NcaSvc]
"ServiceDll"="%SystemRoot%\System32\ncasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NcdAutoSetup]
"ServiceDll"="%SystemRoot%\System32\NcdAutoSetup.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisCap]
"ImagePath"="\SystemRoot\system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisImPlatform]
"ImagePath"="\SystemRoot\system32\DRIVERS\NdisImPlatform.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"ImagePath"="\SystemRoot\system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"ImagePath"="\SystemRoot\system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"ImagePath"="\SystemRoot\system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDISWANLEGACY]
"ImagePath"="\SystemRoot\system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndu]
"ImagePath"="system32\drivers\Ndu.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netr28x]
"ImagePath"="\SystemRoot\system32\DRIVERS\netr28x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
"ImagePath"="System32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIApplicationWebServer]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe\" -user"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIApplicationWebServer64]
"ImagePath"="\"c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe\" -user"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIDomainService]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NILM License Manager]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nimDNSResponder]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NINetworkDiscovery]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\niSvcLoc]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe\" -system"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NITaggerService]
"ImagePath"="\"c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npsvctrig]
"ImagePath"="\SystemRoot\System32\drivers\npsvctrig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
"ImagePath"="System32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
"ImagePath"="System32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
"ImagePath"="System32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OpcEnum]
"ImagePath"="c:\windows\SysWOW64\Opcenum.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\System32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
"ImagePath"="System32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
"ImagePath"="System32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
"ImagePath"="System32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdc]
"ImagePath"="system32\drivers\pdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PeerDistSvc]
"ServiceDll"="%SystemRoot%\system32\peerdistsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
"ImagePath"="\SystemRoot\system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PrintNotify]
"ServiceDll"="c:\windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\System32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Psched]
"ImagePath"="\SystemRoot\system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportCerberus_44365]
"ImagePath"="\??\c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_44365.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportEI64]
"ImagePath"="\??\c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportHades64]
"ImagePath"="System32\Drivers\RapportHades64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportIaso]
"ImagePath"="\??\c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportKE64]
"ImagePath"="System32\Drivers\RapportKE64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportMgmtService]
"ImagePath"="\"c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapportPG64]
"ImagePath"="\??\c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAgileVpn]
"ImagePath"="\SystemRoot\system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
"ImagePath"="\SystemRoot\system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
"ImagePath"="\SystemRoot\system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
"ImagePath"="\SystemRoot\system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDMANDK]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpbus]
"ImagePath"="\SystemRoot\System32\drivers\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDR]
"ImagePath"="System32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RealNetworks Downloader Resolver Service]
"ImagePath"="\"c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
"ImagePath"="\SystemRoot\system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RSUSBSTOR]
"ImagePath"="\SystemRoot\System32\Drivers\RtsUStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RTL8168]
"ImagePath"="\SystemRoot\system32\DRIVERS\Rt630x64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s3cap]
"ImagePath"="\SystemRoot\System32\drivers\vms3cap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\users\Hasnain\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
"ImagePath"="System32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SBSDWSCService]
"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]
"ImagePath"="\SystemRoot\System32\drivers\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdstor]
"ImagePath"="\SystemRoot\System32\drivers\sdstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SerCx]
"ImagePath"="system32\drivers\SerCx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\System32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\System32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\System32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sffp_Mmc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sffp_Sd]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\System32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
"ImagePath"="System32\drivers\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
"ImagePath"="System32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spaceport]
"ImagePath"="System32\drivers\spaceport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SpbCx]
"ImagePath"="system32\drivers\SpbCx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssudmdm]
"ImagePath"="\SystemRoot\system32\DRIVERS\ssudmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STacSV]
"ImagePath"="c:\program files\IDT\WDM\STacSV64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stexstor]
"ImagePath"="System32\drivers\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STHDA]
"ImagePath"="\SystemRoot\system32\DRIVERS\stwrt64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\storahci]
"ImagePath"="System32\drivers\storahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\storflt]
"ImagePath"="system32\DRIVERS\vmstorfl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\StorSvc]
"ServiceDll"="%SystemRoot%\system32\storsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\storvsc]
"ImagePath"="System32\drivers\storvsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\storvsp]
"ImagePath"="\SystemRoot\System32\drivers\storvsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svsvc]
"ServiceDll"="%SystemRoot%\system32\svsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
"ImagePath"="\SystemRoot\System32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]
"ImagePath"="\SystemRoot\System32\drivers\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SystemEventsBroker]
"ServiceDll"="%SystemRoot%\System32\SystemEventsBrokerServer.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TCPIP6]
"ImagePath"="\SystemRoot\system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\terminpt]
"ImagePath"="\SystemRoot\System32\drivers\terminpt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TimeBroker]
"ServiceDll"="%SystemRoot%\System32\TimeBrokerServer.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TomTomHOMEService]
"ImagePath"="\"c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TPM]
"ImagePath"="\SystemRoot\system32\drivers\tpm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TsUsbGD]
"ImagePath"="\SystemRoot\System32\drivers\TsUsbGD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
"ImagePath"="\SystemRoot\system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
"ImagePath"="System32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UASPStor]
"ImagePath"="\SystemRoot\System32\drivers\uaspstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UCX01000]
"ImagePath"="\SystemRoot\System32\drivers\ucx01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
"ImagePath"="System32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
"ImagePath"="\SystemRoot\System32\drivers\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UmPass]
"ImagePath"="\SystemRoot\System32\drivers\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UmRdpService]
"ServiceDll"="%SystemRoot%\System32\umrdp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UNS]
"ImagePath"="\"c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
"ImagePath"="\SystemRoot\System32\drivers\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\System32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
"ImagePath"="\SystemRoot\System32\drivers\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
"ImagePath"="\SystemRoot\System32\drivers\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBHUB3]
"ImagePath"="\SystemRoot\System32\drivers\UsbHub3.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
"ImagePath"="\SystemRoot\System32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
"ImagePath"="\SystemRoot\System32\drivers\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
"ImagePath"="\SystemRoot\System32\drivers\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
"ImagePath"="\SystemRoot\System32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbvideo]
"ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBXHCI]
"ImagePath"="\SystemRoot\System32\drivers\USBXHCI.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VBoxNetAdp]
"ImagePath"="\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VBoxNetFlt]
"ImagePath"="\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vcsFPService]
"ImagePath"="c:\windows\system32\vcsFPService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vdrvroot]
"ImagePath"="System32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VerifierExt]
"ImagePath"="system32\drivers\VerifierExt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vhdmp]
"ImagePath"="\SystemRoot\System32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
"ImagePath"="System32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vid]
"ImagePath"="\SystemRoot\System32\drivers\Vid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMAuthdService]
"ImagePath"="\"c:\program files (x86)\VMware\VMware Player\vmware-authd.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmbus]
"ImagePath"="System32\drivers\vmbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMBusHID]
"ImagePath"="\SystemRoot\System32\drivers\VMBusHID.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmbusr]
"ImagePath"="\SystemRoot\System32\drivers\vmbusr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmci]
"ImagePath"="System32\drivers\vmci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicheartbeat]
"ServiceDll"="%SystemRoot%\System32\ICSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmickvpexchange]
"ServiceDll"="%SystemRoot%\System32\ICSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicrdv]
"ServiceDll"="%SystemRoot%\System32\ICSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicshutdown]
"ServiceDll"="%SystemRoot%\System32\ICSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmictimesync]
"ServiceDll"="%SystemRoot%\System32\ICSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmicvss]
"ServiceDll"="%SystemRoot%\System32\ICSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmkbd]
"ImagePath"="\??\c:\windows\system32\drivers\VMkbd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMnetAdapter]
"ImagePath"="\SystemRoot\system32\DRIVERS\vmnetadapter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMnetBridge]
"ImagePath"="\SystemRoot\system32\DRIVERS\vmnetbridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMnetDHCP]
"ImagePath"="c:\windows\system32\vmnetdhcp.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMnetuserif]
"ImagePath"="\??\c:\windows\system32\drivers\vmnetuserif.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMUSBArbService]
"ImagePath"="\"c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMware]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VMware NAT Service]
"ImagePath"="c:\windows\system32\vmnat.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vmx86]
"ImagePath"="\??\c:\windows\system32\drivers\vmx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
"ImagePath"="System32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
"ImagePath"="System32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vpci]
"ImagePath"="\SystemRoot\System32\drivers\vpci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vpcivsp]
"ImagePath"="\SystemRoot\System32\drivers\vpcivsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
"ImagePath"="System32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsock]
"ImagePath"="system32\drivers\vsock.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSTXRAID]
"ImagePath"="System32\drivers\vstxraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vToolbarUpdater15.2.0]
"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vwififlt]
"ImagePath"="\SystemRoot\system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vwifimp]
"ImagePath"="\SystemRoot\system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\System32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
"ImagePath"="\SystemRoot\system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
"ImagePath"="\SystemRoot\system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wcmsvc]
"ServiceDll"="%SystemRoot%\System32\wcmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
"ImagePath"="System32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdBoot]
"ImagePath"="\SystemRoot\system32\drivers\WdBoot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdFilter]
"ImagePath"="\SystemRoot\system32\drivers\WdFilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WFPLWFS]
"ImagePath"="system32\DRIVERS\wfplwfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WiaRpc]
"ServiceDll"="%SystemRoot%\System32\wiarpc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinUSB]
"ImagePath"="\SystemRoot\system32\DRIVERS\WinUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WlanSvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]
"ServiceDll"="%SystemRoot%\system32\wlidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
"ImagePath"="\SystemRoot\System32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\workerdd]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wpcfltr]
"ImagePath"="system32\DRIVERS\wpcfltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUpFltr]
"ImagePath"="System32\drivers\WpdUpFltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSService]
"ServiceDll"="%SystemRoot%\System32\WSService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
"ImagePath"="\SystemRoot\System32\drivers\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFWpdFs]
"ImagePath"="\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFWpdMtp]
"ImagePath"="\SystemRoot\system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{8A1E6DF0-C411-4BF7-BFAC-C35E16DE7D8E}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{90483743-37D3-412E-9A2F-CA8AFDABA58A}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{98D970F1-0A98-4194-81C2-E62D0C92C1D7}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{9A26934E-B19F-431D-A186-3A8E2F9A6E9A}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{A69CFA4C-DAD6-498C-8152-7D4F610BF952}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{C02CAB3E-C922-4371-A1DD-E72CF76EF979}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\National Instruments\MAX\nimxs.exe
c:\program files (x86)\National Instruments\Shared\Security\nidmsrv.exe
c:\program files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
c:\program files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
c:\users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
c:\program files (x86)\AVG\AVG2013\avgui.exe
c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
c:\program files (x86)\Real\RealPlayer\Update\realsched.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\AVG\AVG2013\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2013-07-03  22:45:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-03 21:45
ComboFix2.txt  2013-07-02 22:07
.
Pre-Run: 25,527,930,880 bytes free
Post-Run: 25,254,383,616 bytes free
.
- - End Of File - - D7E9B6EDCE6142694289DBF27EE60C79
D41D8CD98F00B204E9800998ECF8427E




2. None


3. The computer seems to be good now. There are no more popups. It might have been fixed now.


Thank you very much!


 



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 06 July 2013 - 07:53 AM



Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • µTorrent
      Java SE Development Kit 7 Update 4 (64-bit)
      Java™ 6 Update 20 (64-bit)
      Java™ 6 Update 31
      Java™ 7 Update 4 (64-bit)
      Java™ SE Development Kit 7 Update 3 (64-bit)
      JavaFX 2.1.0 (64-bit)
      JavaFX 2.1.0 SDK (64-bit)
      MyPC Backup
      TopArcadeHits



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 hasnain721

hasnain721
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 07 July 2013 - 05:35 PM

Thanks for the reply. I will post the update tomorrow. CHeers!



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:25 AM

Posted 07 July 2013 - 08:42 PM

no problem and I will see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 hasnain721

hasnain721
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 09 July 2013 - 06:28 PM

Hi,

 

Thanks for ur patience.

 

1. 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.08.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
Hasnain :: HASNAIN-HP [administrator]
 
10/07/2013 00:13:02
mbam-log-2013-07-10 (00-13-02).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232585
Time elapsed: 12 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

 

 

 

 

2.

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:27:48, on 10/07/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrvx.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\xampp\xampp-control.exe
c:\xampp\apache\bin\httpd.exe
c:\xampp\mysql\bin\mysqld.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Hasnain\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [NI Update Service] "C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe" -startupTask
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [NIRegistrationWizard] C:\Program Files (x86)\National Instruments\Shared\RegistrationWizard\Bin\RegistrationWizard.exe -autoDiscover 1 -displayIfNoneFound 0 -displayRegisterOptions 1 -sleepIfNoneFound 0 -locale 2057
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Hasnain\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Dropbox.lnk = Hasnain\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Canon LBP2900 Status Window.lnk = C:\Windows\System32\spool\drivers\x64\3\CNAB4LAD.EXE
O4 - Global Startup: NI Error Reporting.lnk = C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\national instruments\shared\mdns responder\nimdnsnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem20.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NI Citadel 4 Service (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\SysWOW64\lkcitdl.exe
O23 - Service: NI PSP Service Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\SysWOW64\lkads.exe
O23 - Service: NI Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\SysWOW64\lktsrv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NI Application Web Server (NIApplicationWebServer) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
O23 - Service: NI Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI License Server (NILM License Manager) - Macrovision Corporation - C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI mDNS Responder Service (nimDNSResponder) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
O23 - Service: NI Network Discovery (NINetworkDiscovery) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
O23 - Service: NI System Web Server (niSvcLoc) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
O23 - Service: NI Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\SysWOW64\Opcenum.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 20509 bytes
 

 

 

 

3. 

 

No problems

 

4. 

Seems to be doing fine.

 

 

 

Thanks!!!

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users