Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista laptop cleanup / connectivity after Rootkit.Win32.BackBoot.gen


  • This topic is locked This topic is locked
17 replies to this topic

#1 WheresMyOS

WheresMyOS

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 19 September 2013 - 10:19 PM

The computer is an HP Pavilion 64-bit laptop running Vista, AVG, Windows Firewall, and WinPatrol. I recently found Win32.BackBoot.gen on it. I used TDSS Killer to quarantine it and ran a couple of other scans to double-check, and the computer crashed during the second scan and would only boot to a repair menu. I used System Restore to backtrack and used TDSSKiller again to quarantine the infection. TDSSKiller and Rogue Killer don't show any infection now but Rogue Killer lists some suspicious registry entries. The computer now reports no or limited connectivity to the internet but seems to be running fine otherwise.  I would appreciate some help figuring out what I still need to do in the way of cleanup, and how to restore the computer's ability to connect to the internet. I'm pasting a DDS log below, and a current Rogue Killer log.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.25.2
Run by Tink at 5:03:58 on 2013-09-17
#Option Extended Search is enabled.
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3837.2076 [GMT -7:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\Tink\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Datacolor\Spyder4Express\Utility\SpyderUtility.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Users\Tink\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Glary Utilities 3\Integrator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\conime.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [SkyDrive] "C:\Users\Tink\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Tink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tink\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Tink\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder4Express\Utility\SpyderUtility.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FD1E5B67-46F8-4769-8DD4-3B5A475B1D48} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tink\AppData\Roaming\Mozilla\Firefox\Profiles\17ihfvxd.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealArcade\npraclient.dll
FF - plugin: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-30 15:47; tabletools2@mingyi.org; C:\Users\Tink\AppData\Roaming\Mozilla\Firefox\Profiles\17ihfvxd.default\extensions\tabletools2@mingyi.org
FF - ExtSQL: 2013-08-15 12:44; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; C:\Users\Tink\AppData\Roaming\Mozilla\Firefox\Profiles\17ihfvxd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: !HIDDEN! 2010-08-05 19:24; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2009-11-24 69152]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-4-3 233488]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-7-27 45856]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-4-3 198608]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-9 296320]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-4-20 26168]
S2 avgfws;AVG Firewall;"C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" --> C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca4550b6765120;Google Update Service (gupdate1ca4550b6765120);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-10-4 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-28 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2008-7-21 145496]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 Spyder4;Datacolor Spyder4;C:\Windows\System32\drivers\dccmtr.sys [2013-7-27 15360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]
S4 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2009-3-27 89088]
S4 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-5-3 319488]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-19 89920]
S4 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-19 228408]
S4 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-9-24 1355968]
S4 PuranDefrag;PuranDefrag;C:\Windows\System32\PuranDefragS.exe [2011-10-31 290816]
S4 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-19 365952]
S4 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-4-3 366840]
S4 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-4-3 1142224]
S4 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-9 116096]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 60 ================
.
.
==================== Find6M  ====================
.
2013-09-17 06:32:06    181064    ----a-w-    C:\Windows\PSEXESVC.EXE
2013-09-17 00:46:12    0    ---ha-w-    C:\Users\Tink\BIT850C.tmp
2013-09-13 22:22:04    79143768    ----a-w-    C:\Windows\System32\mrt.exe
2013-09-13 08:15:28    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 08:15:28    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-05 08:43:42    45880    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-08-14 23:51:52    45856    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-08-10 22:09:44    1898699    ----a-w-    C:\MGtools.exe
2013-08-02 04:09:35    1548288    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-31 14:17:31    17833472    ----a-w-    C:\Windows\System32\mshtml.dll
2013-07-31 13:42:12    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-07-31 13:29:19    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-31 13:20:02    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-07-31 13:19:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-31 13:18:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-07-31 13:17:24    237056    ----a-w-    C:\Windows\System32\url.dll
2013-07-31 13:16:12    85504    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-07-31 13:14:29    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-07-31 13:13:05    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-07-31 13:11:46    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-07-31 13:11:41    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-07-31 13:09:35    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-07-31 13:08:44    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-31 13:05:14    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-07-31 10:30:56    12335104    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-07-31 10:05:18    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-07-31 10:00:20    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:53:17    1104896    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-07-31 09:52:44    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:51:29    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-07-31 09:49:58    65024    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-07-31 09:48:43    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:28    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-07-31 09:48:09    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:47:20    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-07-31 09:46:37    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-07-31 09:45:59    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-07-31 09:45:42    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-31 09:42:36    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-07-20 08:51:00    311608    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-07-20 08:50:56    71480    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 08:50:56    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 08:50:50    206648    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-07-17 21:17:13    7680    ----a-w-    C:\Windows\System32\Punjabi.dll
2013-07-17 21:17:13    7168    ----a-w-    C:\Windows\SysWow64\Punjabi.dll
2013-07-17 20:01:51    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-17 19:41:34    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-16 22:53:36    14880256    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-07-14 08:41:53    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-14 08:41:52    263592    ----a-w-    C:\Windows\SysWow64\javaws.exe
2013-07-14 08:41:52    175016    ----a-w-    C:\Windows\SysWow64\javaw.exe
2013-07-14 08:41:51    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-07-14 08:41:51    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-07-14 08:41:51    175016    ----a-w-    C:\Windows\SysWow64\java.exe
2013-07-13 10:13:04    760937    ----a-w-    C:\Users\Tink\MiniToolBox.exe
2013-07-10 09:47:49    677888    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55    1303552    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30    1585256    ----a-w-    C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30    1168088    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57    4691904    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04    172544    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55    98304    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55    133120    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54    992768    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33    43008    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39    234496    ----a-w-    C:\Windows\System32\wow64.dll
2013-07-08 04:15:25    218624    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34    174592    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34    132096    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34    1276416    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04    26112    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02    2560    ----a-w-    C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27    1423808    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-07-01 08:45:28    116536    ----a-w-    C:\Windows\System32\drivers\avgmfx64.sys
2013-06-15 13:27:51    20480    ----a-w-    C:\Windows\System32\icaapi.dll
2013-06-15 11:38:39    29184    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-06-04 02:03:07    2775040    ----a-w-    C:\Windows\System32\win32k.sys
2013-06-01 04:19:22    619008    ----a-w-    C:\Windows\System32\qedit.dll
2013-06-01 04:06:08    505344    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-05-08 04:18:16    1706496    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-05-02 09:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-02 04:16:27    686080    ----a-w-    C:\Windows\System32\win32spl.dll
2013-05-02 04:04:25    443904    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-05-02 04:03:42    37376    ----a-w-    C:\Windows\SysWow64\printcom.dll
2013-05-01 10:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-24 04:09:41    50688    ----a-w-    C:\Windows\System32\certenc.dll
2013-04-24 04:00:24    41984    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-04-24 02:10:00    1078272    ----a-w-    C:\Windows\System32\certutil.exe
2013-04-24 01:46:29    812544    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-04-17 13:04:03    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-04-17 12:32:54    327680    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-04-17 12:32:54    287232    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-04-17 12:32:54    196096    ----a-w-    C:\Windows\System32\d3d10_1.dll
.
============= FINISH:  5:04:58.39 ===============
 

 

RogueKiller V8.6.5 _x64_ [Aug  5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Tink [Admin rights]
Mode : Scan -- Date : 09/19/2013 19:59:54
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-60ZAT1 ATA Device +++++
--- User ---
[MBR] bdd60d3539ec57402a00cd3de77bf798
[BSP] 4ba17ae58f564a74c94ca8008db1bf2a : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 463537 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 949325824 | Size: 13399 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_09192013_195954.txt >>

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 20 September 2013 - 02:41 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 20 September 2013 - 09:06 AM

Hello, Marius. Thank you for your help.

 

When I clicked "save..." nothing happened; there was no place to input a file name. I was able to use "copy" and paste the result into notepad. Here's the scan report:

 

 

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-20 07:01:05

Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT1 rev.02.01A02 465.76GB

Running: hdfs7lvt.exe; Driver: C:\Users\Tink\AppData\Local\Temp\kgtiipoc.sys

 

 

---- Kernel code sections - GMER 2.1 ----

 

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

INITKDBG  C:\Windows\system32\ntoskrnl.exe                                                                                        suspicious modification

 

---- Threads - GMER 2.1 ----

 

Thread    C:\Windows\system32\SearchIndexer.exe [4080:4184]                                                                       000007fef1f539f0

 

---- Registry - GMER 2.1 ----

 

Reg       HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186bff1e3                                            

Reg       HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{18a9c455-5e49-4601-a973-30ed6f93e52b}@Dhcpv6State  0

Reg       HKLM\SYSTEM\ControlSet103\Services\BTHPORT\Parameters\Keys\002186bff1e3                                                

 

---- Disk sectors - GMER 2.1 ----

 

Disk      \Device\Harddisk0\DR0                                                                                                   unknown MBR code

 

---- EOF - GMER 2.1 ----



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 21 September 2013 - 05:25 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 September 2013 - 02:36 AM

Here's the ComboFix log:

 

ComboFix 13-09-23.02 - Tink 09/23/2013  23:39:47.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3837.1617 [GMT -7:00]
Running from: c:\users\Tink\Desktop\ComboFix_001.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tink\AppData\Local\.#
c:\users\Tink\AppData\Local\.#\MBX@17C0@6F2738.###
c:\users\Tink\AppData\Local\.#\MBX@17C0@6F2768.###
c:\users\Tink\AppData\Roaming\Island
c:\users\Tink\AppData\Roaming\Island\space.rgt
c:\users\Tink\BIT850C.tmp
c:\users\Tink\MiniToolBox.exe
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\0435530bc7c6341b.fb
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\165ec45edd05d46f.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-24 to 2013-09-24  )))))))))))))))))))))))))))))))
.
.
2013-09-24 07:05 . 2013-09-24 07:05    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-24 07:05 . 2013-09-24 07:05    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-09-17 06:35 . 2013-09-17 06:42    --------    d-----w-    c:\windows\system32\catroot2(37)
2013-09-17 05:35 . 2013-09-17 05:35    --------    d-----w-    C:\RegBackup
2013-09-11 06:38 . 2013-09-13 08:42    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-09-11 06:05 . 2013-09-11 06:05    --------    d-----w-    C:\FRST
2013-09-05 08:43 . 2013-09-05 08:43    45880    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2013-08-30 05:57 . 2013-08-02 04:09    1548288    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-08-30 05:28 . 2013-08-30 05:28    --------    d-----w-    C:\SkyDriveTemp
2013-08-26 10:05 . 2013-08-26 10:05    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-26 10:05 . 2013-04-04 21:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-08-26 06:27 . 2013-08-20 07:46    9515512    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{B6064A9F-689E-4885-AB80-DB02634BD4D1}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 22:22 . 2006-11-02 12:35    79143768    ----a-w-    c:\windows\system32\mrt.exe
2013-09-13 08:15 . 2012-05-11 06:11    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 08:15 . 2011-06-16 09:47    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-11 15:11 . 2013-08-16 00:32    377180    ----a-w-    C:\MGlogs.zip
2013-08-14 23:51 . 2013-07-28 00:36    45856    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2013-08-10 22:09 . 2013-08-15 23:05    1898699    ----a-w-    C:\MGtools.exe
2013-07-20 08:51 . 2013-07-20 08:51    311608    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2013-07-20 08:50 . 2013-07-20 08:50    71480    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-07-20 08:50 . 2013-07-20 08:50    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 08:50 . 2013-07-20 08:50    206648    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2013-07-17 21:17 . 2013-07-17 21:17    7680    ----a-w-    c:\windows\system32\Punjabi.dll
2013-07-17 21:17 . 2013-07-17 21:17    7168    ----a-w-    c:\windows\SysWow64\Punjabi.dll
2013-07-17 20:01 . 2013-08-14 01:20    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-14 01:20    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-07-16 22:53 . 2013-07-16 22:53    14880256    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2013-07-14 08:41 . 2013-07-14 08:42    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-14 08:41 . 2013-07-14 08:43    867240    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-07-14 08:41 . 2010-06-08 05:48    789416    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-07-10 09:47 . 2013-08-14 01:20    677888    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2013-07-10 09:42 . 2013-08-14 01:20    1303552    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-07-09 12:04 . 2013-08-14 01:20    1168088    ----a-w-    c:\windows\SysWow64\ntdll.dll
2013-07-09 12:04 . 2013-08-14 01:20    1585256    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-08 04:51 . 2013-08-14 01:20    4691904    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-14 01:20    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-07-08 04:20 . 2013-08-14 01:20    172544    ----a-w-    c:\windows\SysWow64\wintrust.dll
2013-07-08 04:18 . 2013-08-14 01:20    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2013-07-08 04:16 . 2013-08-14 01:20    133120    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 01:20    98304    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 01:20    992768    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-07-08 04:16 . 2013-08-14 01:20    43008    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-07-08 04:15 . 2013-08-14 01:20    234496    ----a-w-    c:\windows\system32\wow64.dll
2013-07-08 04:15 . 2013-08-14 01:20    218624    ----a-w-    c:\windows\system32\wintrust.dll
2013-07-08 04:14 . 2013-08-14 01:20    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2013-07-08 04:12 . 2013-08-14 01:20    1276416    ----a-w-    c:\windows\system32\crypt32.dll
2013-07-08 04:12 . 2013-08-14 01:20    174592    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-07-08 04:12 . 2013-08-14 01:20    132096    ----a-w-    c:\windows\system32\cryptnet.dll
2013-07-08 01:39 . 2013-08-14 01:20    26112    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-07-08 01:39 . 2013-08-14 01:20    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-07-08 01:39 . 2013-08-14 01:20    2560    ----a-w-    c:\windows\SysWow64\user.exe
2013-07-05 04:45 . 2013-08-14 01:20    1423808    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-07-01 08:45 . 2013-07-01 08:45    116536    ----a-w-    c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 06:28    222832    ----a-w-    c:\users\Tink\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 06:28    222832    ----a-w-    c:\users\Tink\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 06:28    222832    ----a-w-    c:\users\Tink\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    130736    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
c:\users\Tink\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tink\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-7-16 14880256]
SpyderUtility.lnk - c:\program files (x86)\Datacolor\Spyder4Express\Utility\SpyderUtility.exe [2012-2-8 8241767]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 08:15]
.
2013-09-24 c:\windows\Tasks\GlaryInitialize 3.job
- c:\program files (x86)\Glary Utilities 3\Initialize.exe [2013-07-22 07:32]
.
2013-09-24 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-10-31 16:07]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-05 00:13]
.
2013-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-05 00:13]
.
2013-09-19 c:\windows\Tasks\HPCeeScheduleForTink.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-01-20 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 06:28    261744    ----a-w-    c:\users\Tink\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 06:28    261744    ----a-w-    c:\users\Tink\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 06:28    261744    ----a-w-    c:\users\Tink\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17    164016    ----a-w-    c:\users\Tink\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uSearch Page =
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
FF - ProfilePath - c:\users\Tink\AppData\Roaming\Mozilla\Firefox\Profiles\17ihfvxd.default\
FF - ExtSQL: 2013-07-30 15:47; tabletools2@mingyi.org; c:\users\Tink\AppData\Roaming\Mozilla\Firefox\Profiles\17ihfvxd.default\extensions\tabletools2@mingyi.org
FF - ExtSQL: 2013-08-15 12:44; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Tink\AppData\Roaming\Mozilla\Firefox\Profiles\17ihfvxd.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: !HIDDEN! 2010-08-05 19:24; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Google Chrome - c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Accelerometer]
"ImagePath"="system32\DRIVERS\Accelerometer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx]
"ImagePath"="system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci]
"ImagePath"="system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]
"ImagePath"="system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320]
"ImagePath"="system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AESTFilters]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereModemAudio]
"ImagePath"="c:\windows\system32\agr64svc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\agrsm64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]
"ImagePath"="system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide]
"ImagePath"="system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Amazon Download Agent]
"ImagePath"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide]
"ImagePath"="system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8]
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc]
"ImagePath"="system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas]
"ImagePath"="system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\athr]
"ImagePath"="system32\DRIVERS\athrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ati External Event Utility]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atikmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AtiPcie]
"ImagePath"="system32\DRIVERS\AtiPcie.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atksgt]
"ImagePath"="system32\DRIVERS\atksgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgfwfd]
"ImagePath"="system32\DRIVERS\avgfwd6a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgfws]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgfws.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgtp]
"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser Defender Update Service]
"ImagePath"="\"c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthEnum]
"ImagePath"="system32\DRIVERS\BthEnum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthPan]
"ImagePath"="system32\DRIVERS\bthpan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT]
"ImagePath"="System32\Drivers\BTHport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BthServ]
"ServiceDll"="%SystemRoot%\System32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHUSB]
"ImagePath"="System32\Drivers\BTHUSB.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\combofix_001\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass]
"ImagePath"="system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide]
"ImagePath"="system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Com4QLBEx]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cpuz132]
"ImagePath"="\??\c:\users\Tink\AppData\Local\Temp\cpuz132\cpuz132_x64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CscService]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G6032E.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\eabfiltr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor]
"ImagePath"="system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\enecir]
"ImagePath"="system32\DRIVERS\enecir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fssfltr]
"ImagePath"="system32\DRIVERS\fssfltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fsssvc]
"ImagePath"="\"c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GameConsoleService]
"ImagePath"="\"c:\program files (x86)\HP Games\My HP Game Console\GameConsoleService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate1ca4550b6765120]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr]
"ImagePath"="system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HP Health Check Service]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs]
"ImagePath"="system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpdskflt]
"ImagePath"="system32\DRIVERS\hpdskflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqcxs08]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqddsvc]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpqKbFiltr]
"ImagePath"="system32\DRIVERS\HpqKbFiltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqwmiex]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HPSLPSVC]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpsrv]
"ImagePath"="%SystemRoot%\system32\Hpservice.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]
"ImagePath"="system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV]
"ImagePath"="system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp]
"ImagePath"="system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKFileSec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKSysFlt]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide]
"ImagePath"="system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
"ImagePath"="system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi]
"ImagePath"="system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid]
"ImagePath"="system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JMCR]
"ImagePath"="system32\DRIVERS\jmcr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lavasoft Ad-Aware Service]
"ImagePath"="\"c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lbd]
"ImagePath"="system32\DRIVERS\Lbd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lirsgt]
"ImagePath"="system32\DRIVERS\lirsgt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC]
"ImagePath"="system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS]
"ImagePath"="system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI]
"ImagePath"="system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas]
"ImagePath"="system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR]
"ImagePath"="system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="\"c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio]
"ImagePath"="system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x]
"ImagePath"="system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm]
"ImagePath"="system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NETw3v64]
"ImagePath"="system32\DRIVERS\NETw3v64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960]
"ImagePath"="system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NuidFltr]
"ImagePath"="system32\DRIVERS\NuidFltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid]
"ImagePath"="system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor]
"ImagePath"="system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\odserv]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PuranDefrag]
"ImagePath"="\"c:\windows\system32\PuranDefragS.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300]
"ImagePath"="system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx]
"ImagePath"="system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rcmirror]
"ImagePath"="system32\DRIVERS\rcmirror.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Recovery Service for Windows]
"ImagePath"="c:\program files (x86)\SMINST\BLService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RFCOMM]
"ImagePath"="system32\DRIVERS\rfcomm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RichVideo]
"ImagePath"="\"c:\program files (x86)\CyberLink\Shared files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RTL8169]
"ImagePath"="system32\DRIVERS\Rtlh64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port]
"ImagePath"="system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sdAuxService]
"ImagePath"="c:\program files (x86)\Spyware Doctor\pctsAuxs.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sdCoreService]
"ImagePath"="c:\program files (x86)\Spyware Doctor\pctsSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SeaPort]
"ImagePath"="\"c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2]
"ImagePath"="system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4]
"ImagePath"="system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spyder4]
"ImagePath"="system32\DRIVERS\dccmtr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\STacSV]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\STHDA]
"ImagePath"="system32\DRIVERS\stwrt64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx]
"ImagePath"="system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi]
"ImagePath"="system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3]
"ImagePath"="system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TVCapSvc]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe\"\00\00\00\00\00\00\00\00\02\00\00\00\03\00\00\00\02\00\00\00\01\00\00\00RÖlS\00\00\00\008\17\18\00 \07\00\00\00\01\00\00dÍ\16\00^$w\03\00\00\00\00\00\00\00\02\00\00\00(Í\16\00ÈÌ\16\00à\02"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TVSched]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe\"\00r\00d\00\\00M\00e\00d\00i\00a\00\\00T\00V\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00T\00V\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci]
"ImagePath"="system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata]
"ImagePath"="system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2]
"ImagePath"="system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbbus]
"ImagePath"="system32\DRIVERS\lgx64bus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UsbDiag]
"ImagePath"="system32\DRIVERS\lgx64diag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbfilter]
"ImagePath"="system32\DRIVERS\usbfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBModem]
"ImagePath"="system32\DRIVERS\lgx64modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide]
"ImagePath"="system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid]
"ImagePath"="system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vToolbarUpdater15.5.0]
"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VxD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd]
"ImagePath"="system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wlcrasvc]
"ImagePath"="\"c:\program files\Windows Live\Mesh\wlcrasvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSDPrintDevice]
"ImagePath"="system32\DRIVERS\WSDPrint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\YahooAUService]
"ImagePath"="\"c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\yukonx64]
"ImagePath"="system32\DRIVERS\yk60x64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1876FC1F-9DB5-4C53-BAA4-923B8DE41BEE}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{FD1E5B67-46F8-4769-8DD4-3B5A475B1D48}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-09-24  00:14:16
ComboFix-quarantined-files.txt  2013-09-24 07:14
.
Pre-Run: 176,621,867,008 bytes free
Post-Run: 176,589,627,392 bytes free
.
- - End Of File - - 3AC9ABE3A2DA306E6852A5C251378F2E
5C86ADEC17B739C437E145E3B3FC2E6D
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 24 September 2013 - 04:47 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or Spyware Doctor.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 24 September 2013 - 06:42 AM

Spyware doctor has been removed.

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 24 September 2013 - 08:02 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 27 September 2013 - 08:11 PM

I'm having trouble running the Eset scan because the computer can't connect.

 

The computer sees wireless networks and says it has limited connectivity. If I run the troubleshooter it says that the network adaptor has a hardware or software problem. When I go to properties, it says I need to check IP4 / IP6 binding (?) and wants a Vista disk, which I don't have. What can I do to fix this?

 

I will post the Malwarebytes scan shortly.



#10 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 27 September 2013 - 11:23 PM

The malware bytes log is pasted below.

 

Please let me know what I need to do to restore connectivity so I can run the eset scan.

 

Thanks!

 

 

**********************************************888

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.09.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Tink :: TINKSTOY [administrator]

9/27/2013 5:23:16 PM
mbam-log-2013-09-27 (17-23-16).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 631077
Time elapsed: 3 hour(s), 38 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 28 September 2013 - 11:52 AM

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates


then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 01 October 2013 - 01:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 PM

Posted 08 October 2013 - 02:13 AM

This topic has been re-opened at the request of the person who originally posted.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 08 October 2013 - 01:44 PM

Hi, thank you for reopening the topic.

 

The Windows Repair Scan completed, but the computer is still not connecting to the internet. The system tray network icon shows two monitors with a red X. I haven't tried a direct ethernet connection yet.

 

Is it possible to figure out whether this is a symptom of an active malware infection, or just left-over file damage?



#15 WheresMyOS

WheresMyOS
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:07:08 AM

Posted 16 October 2013 - 03:07 AM

This computer cannot connect to the internet after the infection.

 

I can't complete the Eset scan because I can't connect to the internet.

 

The Windows Repair did not fix the connectivity issue.

 

I am waiting for further instructions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users