Solved Scvhost.exe Trojan.Host issue that is killing me!!!

A

alan123

Posts: 47   +0
I have been having this issue with this trojan that keeps sending my computer to blue screen or just shuts it off.. Need help in a bad way!! Thanks.....

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.15.01
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Alan :: ALAN-PC [administrator]
Protection: Disabled
12/14/2012 9:09:10 PM
mbam-log-2012-12-14 (21-09-10).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 384591
Time elapsed: 1 hour(s), 19 minute(s), 23 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1896 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/18/2010 7:44:36 PM
System Uptime: 12/16/2012 3:54:13 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C6HFD
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | U2E1 | 2133/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 10.438 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Banctec Service Agreement
Bonjour
Byki
Byki Express
Chromas Lite
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Complete Care Business Service Agreement
Complete Care Consumer Service Agreement
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Home Systems Service Agreement
Dell Support Center
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
Dropbox
EZ Guitar Tabs
Google Talk Plugin
GoToAssist 8.0.0.514
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 15
Java Auto Updater
Java(TM) 6 Update 16 (64-bit)
Java(TM) 6 Update 24
JMP 8
Juniper Networks Setup Client
Junk Mail filter update
LG On-Screen Phone
LG United Mobile Drivers
Live! Cam Avatar Creator
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Online Plug-in
PdaNet for Android 2.45
PowerDVD DX
QualXServ Service Agreement
Quickset64
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Self-service Plug-in
Skype Click to Call
Skype™ 5.10
Spyware Doctor 8.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2010 x64 Redistributables
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/16/2012 9:42:09 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/16/2012 3:57:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
12/16/2012 3:56:00 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/16/2012 3:00:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031c463a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-63180-01.
12/16/2012 2:56:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ecb0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-79045-01.
12/16/2012 2:52:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Peer Networking Identity Manager service to connect.
12/16/2012 2:52:16 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/16/2012 2:52:16 PM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/16/2012 2:52:16 PM, Error: Service Control Manager [7000] - The Peer Networking Identity Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/16/2012 2:42:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f030c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-62759-01.
12/16/2012 2:38:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f060c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-68047-01.
12/15/2012 12:59:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002ea1715). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121512-81167-01.
12/14/2012 9:51:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/14/2012 9:00:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
12/14/2012 9:00:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
12/14/2012 8:55:18 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/14/2012 8:54:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/14/2012 8:54:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/14/2012 8:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/14/2012 8:53:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/14/2012 8:53:35 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
12/14/2012 8:53:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 ctxusbm discache spldr Wanarpv6
12/14/2012 8:53:16 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2012 8:53:14 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800022f80c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121412-47346-01.
12/14/2012 10:56:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/13/2012 3:30:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
12/13/2012 3:07:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/13/2012 3:07:09 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/13/2012 10:43:37 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
12/13/2012 10:43:11 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_24
Run by Alan at 16:04:04 on 2012-12-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2055 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\PC Tools Security\pctsGui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com./
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ISTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.mountsinai.org/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{964044E1-667B-4E68-A362-75DFFBCBFABD} : DHCPNameServer = 10.180.237.11 10.180.237.12 10.181.237.11 10.179.237.11
TCP: Interfaces\{A4B019E3-1BA1-4A7C-9A39-4B3B65F7618B} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{A4B019E3-1BA1-4A7C-9A39-4B3B65F7618B}\2456C6B696E6F5052756F5E4F5637343736354 : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\6t8pgoq2.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2012-2-2 257232]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2012-2-2 452872]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2012-2-2 816016]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-22 55280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-6-29 91864]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 399432]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-2-2 366840]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-2-2 1150936]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-3-4 172704]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2009-9-26 233984]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2010-9-28 15360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 676936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-3-2 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-3-2 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-3-2 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-3-2 34304]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2010-8-2 31744]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-14 25928]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-7-16 220672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-26 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-11 1255736]
.
=============== Created Last 30 ================
.
2012-12-16 23:56:16 20480 ------w- C:\Windows\svchost.exe
2012-12-15 05:03:57 -------- d-----w- C:\Users\Alan\AppData\Roaming\Malwarebytes
2012-12-15 05:03:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-15 05:03:48 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-15 05:03:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-13 03:08:17 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-13 03:08:17 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-13 03:08:08 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-13 03:08:07 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-13 03:08:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-13 03:08:07 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-13 03:08:07 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-13 03:05:19 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-13 03:05:19 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-01 23:22:34 -------- d-----w- C:\Windows\pss
2012-11-23 08:39:23 -------- d-----w- C:\Users\Alan\AppData\Local\{57D326E5-CE84-4E9B-ADDF-493FA8E08B84}
2012-11-23 07:17:16 -------- d-----r- C:\Users\Alan\Dropbox
2012-11-23 06:59:54 -------- d-----w- C:\Users\Alan\AppData\Roaming\Dropbox
2012-11-22 21:28:38 -------- d-----w- C:\Users\Alan\AppData\Roaming\AVG2013
2012-11-22 21:25:46 -------- d-----w- C:\Users\Alan\AppData\Roaming\TuneUp Software
2012-11-22 21:24:34 -------- d--h--w- C:\$AVG
2012-11-22 21:24:34 -------- d-----w- C:\ProgramData\AVG2013
2012-11-22 21:22:19 -------- d-----w- C:\Program Files (x86)\AVG
2012-11-22 21:18:40 -------- d--h--w- C:\ProgramData\Common Files
2012-11-22 21:18:40 -------- d-----w- C:\Users\Alan\AppData\Local\MFAData
2012-11-22 21:18:40 -------- d-----w- C:\Users\Alan\AppData\Local\Avg2013
2012-11-22 21:18:40 -------- d-----w- C:\ProgramData\MFAData
2012-11-20 15:48:57 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{159D35BE-80DD-4D09-B631-82A34B7F24AC}\mpengine.dll
.
==================== Find3M ====================
.
2012-12-13 04:04:00 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 04:04:00 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-22 21:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 11:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-05 11:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 11:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-21 11:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 11:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
.
============= FINISH: 16:06:33.29 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
It showed an infection and had me reboot.


17:28:17.0962 4748 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:28:18.0620 4748 ============================================================
17:28:18.0620 4748 Current date / time: 2012/12/17 17:28:18.0620
17:28:18.0620 4748 SystemInfo:
17:28:18.0620 4748
17:28:18.0621 4748 OS Version: 6.1.7601 ServicePack: 1.0
17:28:18.0621 4748 Product type: Workstation
17:28:18.0621 4748 ComputerName: ALAN-PC
17:28:18.0621 4748 UserName: Alan
17:28:18.0621 4748 Windows directory: C:\Windows
17:28:18.0621 4748 System windows directory: C:\Windows
17:28:18.0621 4748 Running under WOW64
17:28:18.0621 4748 Processor architecture: Intel x64
17:28:18.0622 4748 Number of processors: 4
17:28:18.0622 4748 Page size: 0x1000
17:28:18.0622 4748 Boot type: Normal boot
17:28:18.0622 4748 ============================================================
17:28:26.0417 4748 BG loaded
17:28:27.0345 4748 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:27.0351 4748 ============================================================
17:28:27.0352 4748 \Device\Harddisk0\DR0:
17:28:27.0352 4748 MBR partitions:
17:28:27.0352 4748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
17:28:27.0352 4748 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
17:28:27.0392 4748 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x88EB000, BlocksNum 0x148DA000
17:28:27.0392 4748 ============================================================
17:28:27.0502 4748 C: <-> \Device\Harddisk0\DR0\Partition2
17:28:28.0009 4748 D: <-> \Device\Harddisk0\DR0\Partition3
17:28:28.0009 4748 ============================================================
17:28:28.0009 4748 Initialize success
17:28:28.0009 4748 ============================================================
 
Oops..

17:13:43.0021 9164 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:13:43.0544 9164 ============================================================
17:13:43.0544 9164 Current date / time: 2012/12/17 17:13:43.0544
17:13:43.0544 9164 SystemInfo:
17:13:43.0544 9164
17:13:43.0544 9164 OS Version: 6.1.7601 ServicePack: 1.0
17:13:43.0544 9164 Product type: Workstation
17:13:43.0544 9164 ComputerName: ALAN-PC
17:13:43.0544 9164 UserName: Alan
17:13:43.0544 9164 Windows directory: C:\Windows
17:13:43.0544 9164 System windows directory: C:\Windows
17:13:43.0544 9164 Running under WOW64
17:13:43.0544 9164 Processor architecture: Intel x64
17:13:43.0544 9164 Number of processors: 4
17:13:43.0544 9164 Page size: 0x1000
17:13:43.0544 9164 Boot type: Normal boot
17:13:43.0544 9164 ============================================================
17:13:45.0439 9164 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:45.0445 9164 ============================================================
17:13:45.0446 9164 \Device\Harddisk0\DR0:
17:13:45.0446 9164 MBR partitions:
17:13:45.0446 9164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1388000
17:13:45.0446 9164 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13BA800, BlocksNum 0x7530000
17:13:45.0446 9164 ============================================================
17:13:45.0481 9164 C: <-> \Device\Harddisk0\DR0\Partition2
17:13:45.0481 9164 ============================================================
17:13:45.0482 9164 Initialize success
17:13:45.0482 9164 ============================================================
17:13:47.0946 10724 ============================================================
17:13:47.0946 10724 Scan started
17:13:47.0946 10724 Mode: Manual;
17:13:47.0946 10724 ============================================================
17:13:53.0895 10724 ================ Scan system memory ========================
17:13:53.0895 10724 System memory - ok
17:13:53.0896 10724 ================ Scan services =============================
17:13:54.0673 10724 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:13:54.0677 10724 1394ohci - ok
17:13:54.0723 10724 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:13:54.0729 10724 ACPI - ok
17:13:54.0778 10724 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:13:54.0780 10724 AcpiPmi - ok
17:13:54.0924 10724 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:13:54.0928 10724 AdobeFlashPlayerUpdateSvc - ok
17:13:54.0989 10724 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:54.0997 10724 adp94xx - ok
17:13:55.0048 10724 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:13:55.0054 10724 adpahci - ok
17:13:55.0085 10724 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:13:55.0088 10724 adpu320 - ok
17:13:55.0112 10724 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:13:55.0114 10724 AeLookupSvc - ok
17:13:55.0153 10724 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:13:55.0160 10724 AFD - ok
17:13:55.0204 10724 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:13:55.0206 10724 agp440 - ok
17:13:55.0228 10724 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:13:55.0230 10724 ALG - ok
17:13:55.0260 10724 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:13:55.0262 10724 aliide - ok
17:13:55.0274 10724 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:13:55.0276 10724 amdide - ok
17:13:55.0319 10724 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:13:55.0322 10724 AmdK8 - ok
17:13:55.0340 10724 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:13:55.0343 10724 AmdPPM - ok
17:13:55.0389 10724 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:13:55.0391 10724 amdsata - ok
17:13:55.0426 10724 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:55.0430 10724 amdsbs - ok
17:13:55.0450 10724 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:13:55.0452 10724 amdxata - ok
17:13:55.0497 10724 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
17:13:55.0499 10724 Andbus - ok
17:13:55.0527 10724 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
17:13:55.0529 10724 AndDiag - ok
17:13:55.0547 10724 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
17:13:55.0549 10724 AndGps - ok
17:13:55.0607 10724 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
17:13:55.0609 10724 ANDModem - ok
17:13:55.0643 10724 [ 9C1751B2E733471AE07561028B7D2A9B ] androidusb C:\Windows\system32\Drivers\lgandadb.sys
17:13:55.0645 10724 androidusb - ok
17:13:55.0718 10724 [ 8655A2983A86D6675135B1FF6892055D ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
17:13:55.0723 10724 ApfiltrService - ok
17:13:55.0765 10724 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:13:55.0768 10724 AppID - ok
17:13:55.0797 10724 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:13:55.0799 10724 AppIDSvc - ok
17:13:55.0866 10724 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:13:55.0868 10724 Appinfo - ok
17:13:56.0032 10724 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:13:56.0035 10724 Apple Mobile Device - ok
17:13:56.0075 10724 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:13:56.0078 10724 arc - ok
17:13:56.0092 10724 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:13:56.0095 10724 arcsas - ok
17:13:56.0116 10724 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:56.0118 10724 AsyncMac - ok
17:13:56.0152 10724 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:13:56.0153 10724 atapi - ok
17:13:56.0218 10724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:13:56.0226 10724 AudioEndpointBuilder - ok
17:13:56.0238 10724 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:13:56.0245 10724 AudioSrv - ok
17:13:56.0458 10724 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
17:13:56.0605 10724 AVGIDSAgent - ok
17:13:56.0655 10724 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:13:56.0658 10724 AVGIDSDriver - ok
17:13:56.0688 10724 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:13:56.0690 10724 AVGIDSHA - ok
17:13:56.0733 10724 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:13:56.0737 10724 Avgldx64 - ok
17:13:56.0774 10724 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
17:13:56.0778 10724 Avgloga - ok
17:13:56.0833 10724 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:13:56.0836 10724 Avgmfx64 - ok
17:13:56.0876 10724 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:13:56.0878 10724 Avgrkx64 - ok
17:13:57.0046 10724 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:13:57.0050 10724 Avgtdia - ok
17:13:57.0093 10724 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
17:13:57.0097 10724 avgwd - ok
17:13:57.0141 10724 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:13:57.0144 10724 AxInstSV - ok
17:13:57.0197 10724 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:13:57.0203 10724 b06bdrv - ok
17:13:57.0245 10724 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:13:57.0249 10724 b57nd60a - ok
17:13:57.0295 10724 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
17:13:57.0297 10724 BCM42RLY - ok
17:13:57.0399 10724 [ 37394D3553E220FB732C21E217E1BD8B ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:13:57.0466 10724 BCM43XX - ok
17:13:57.0541 10724 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:13:57.0546 10724 BDESVC - ok
17:13:57.0596 10724 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:13:57.0598 10724 Beep - ok
17:13:57.0668 10724 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:13:57.0676 10724 BFE - ok
17:13:57.0739 10724 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:13:57.0791 10724 BITS - ok
17:13:57.0854 10724 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:57.0856 10724 blbdrive - ok
17:13:57.0980 10724 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:13:57.0987 10724 Bonjour Service - ok
17:13:58.0027 10724 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:13:58.0029 10724 bowser - ok
17:13:58.0059 10724 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:58.0061 10724 BrFiltLo - ok
17:13:58.0089 10724 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:58.0091 10724 BrFiltUp - ok
17:13:58.0124 10724 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:13:58.0126 10724 Browser - ok
17:13:58.0151 10724 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:13:58.0155 10724 Brserid - ok
17:13:58.0191 10724 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:58.0193 10724 BrSerWdm - ok
17:13:58.0219 10724 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:58.0221 10724 BrUsbMdm - ok
17:13:58.0231 10724 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:58.0232 10724 BrUsbSer - ok
17:13:58.0252 10724 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:58.0254 10724 BTHMODEM - ok
17:13:58.0305 10724 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:13:58.0307 10724 bthserv - ok
17:13:58.0343 10724 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:13:58.0345 10724 cdfs - ok
17:13:58.0411 10724 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:13:58.0414 10724 cdrom - ok
17:13:58.0470 10724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:13:58.0473 10724 CertPropSvc - ok
17:13:58.0518 10724 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:13:58.0522 10724 circlass - ok
17:13:58.0560 10724 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:13:58.0564 10724 CLFS - ok
17:13:58.0678 10724 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:58.0680 10724 clr_optimization_v2.0.50727_32 - ok
17:13:58.0724 10724 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:13:58.0726 10724 clr_optimization_v2.0.50727_64 - ok
17:13:58.0793 10724 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:58.0811 10724 clr_optimization_v4.0.30319_32 - ok
17:13:58.0843 10724 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:13:58.0846 10724 clr_optimization_v4.0.30319_64 - ok
17:13:58.0884 10724 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:58.0886 10724 CmBatt - ok
17:13:58.0915 10724 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:13:58.0917 10724 cmdide - ok
17:13:58.0966 10724 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:13:58.0972 10724 CNG - ok
17:13:59.0014 10724 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:13:59.0015 10724 Compbatt - ok
17:13:59.0066 10724 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:13:59.0068 10724 CompositeBus - ok
17:13:59.0077 10724 COMSysApp - ok
17:13:59.0102 10724 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:59.0103 10724 crcdisk - ok
17:13:59.0161 10724 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:13:59.0164 10724 CryptSvc - ok
17:13:59.0234 10724 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:13:59.0238 10724 CtClsFlt - ok
17:13:59.0302 10724 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
17:13:59.0304 10724 ctxusbm - ok
17:13:59.0362 10724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:13:59.0369 10724 DcomLaunch - ok
17:13:59.0426 10724 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:13:59.0429 10724 defragsvc - ok
17:13:59.0496 10724 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:13:59.0498 10724 DfsC - ok
17:14:00.0031 10724 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:14:00.0036 10724 Dhcp - ok
17:14:00.0241 10724 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:14:00.0263 10724 discache - ok
17:14:00.0334 10724 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:14:00.0364 10724 Disk - ok
17:14:00.0415 10724 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:14:00.0418 10724 Dnscache - ok
17:14:00.0521 10724 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
17:14:00.0524 10724 DockLoginService - ok
17:14:00.0585 10724 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:14:00.0589 10724 dot3svc - ok
17:14:00.0632 10724 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:14:00.0635 10724 DPS - ok
17:14:00.0671 10724 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:14:00.0672 10724 drmkaud - ok
17:14:00.0723 10724 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:14:00.0752 10724 DXGKrnl - ok
17:14:00.0796 10724 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:14:00.0798 10724 EapHost - ok
17:14:00.0809 10724 easytether - ok
17:14:00.0898 10724 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:14:00.0977 10724 ebdrv - ok
17:14:01.0023 10724 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:14:01.0026 10724 EFS - ok
17:14:01.0107 10724 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:14:01.0115 10724 ehRecvr - ok
17:14:01.0157 10724 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:14:01.0159 10724 ehSched - ok
17:14:01.0195 10724 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:14:01.0201 10724 elxstor - ok
17:14:01.0240 10724 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:14:01.0242 10724 ErrDev - ok
17:14:01.0299 10724 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:14:01.0304 10724 EventSystem - ok
17:14:01.0327 10724 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:14:01.0330 10724 exfat - ok
17:14:01.0351 10724 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:14:01.0354 10724 fastfat - ok
17:14:01.0419 10724 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:14:01.0427 10724 Fax - ok
17:14:01.0465 10724 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:14:01.0467 10724 fdc - ok
17:14:01.0497 10724 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:14:01.0499 10724 fdPHost - ok
17:14:01.0517 10724 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:14:01.0519 10724 FDResPub - ok
17:14:01.0565 10724 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:14:01.0567 10724 FileInfo - ok
17:14:01.0574 10724 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:14:01.0576 10724 Filetrace - ok
17:14:01.0587 10724 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:14:01.0589 10724 flpydisk - ok
17:14:01.0648 10724 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:14:01.0652 10724 FltMgr - ok
17:14:01.0719 10724 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:14:01.0763 10724 FontCache - ok
17:14:01.0868 10724 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:14:01.0869 10724 FontCache3.0.0.0 - ok
17:14:01.0891 10724 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:14:01.0893 10724 FsDepends - ok
17:14:01.0923 10724 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:14:01.0924 10724 Fs_Rec - ok
17:14:01.0983 10724 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:14:01.0986 10724 fvevol - ok
17:14:02.0010 10724 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:14:02.0012 10724 gagp30kx - ok
17:14:02.0114 10724 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
17:14:02.0118 10724 GameConsoleService - ok
17:14:02.0196 10724 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:14:02.0197 10724 GEARAspiWDM - ok
17:14:02.0240 10724 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:14:02.0241 10724 GoToAssist - ok
17:14:02.0298 10724 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:14:02.0311 10724 gpsvc - ok
17:14:02.0368 10724 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:14:02.0369 10724 hcw85cir - ok
17:14:02.0422 10724 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:14:02.0426 10724 HdAudAddService - ok
17:14:02.0506 10724 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:14:02.0508 10724 HDAudBus - ok
17:14:02.0537 10724 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
17:14:02.0539 10724 HECIx64 - ok
17:14:02.0568 10724 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:14:02.0570 10724 HidBatt - ok
17:14:02.0593 10724 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:14:02.0595 10724 HidBth - ok
17:14:02.0617 10724 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:14:02.0619 10724 HidIr - ok
17:14:02.0652 10724 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:14:02.0655 10724 hidserv - ok
17:14:02.0701 10724 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:14:02.0703 10724 HidUsb - ok
17:14:02.0737 10724 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:14:02.0739 10724 hkmsvc - ok
17:14:02.0775 10724 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:14:02.0780 10724 HomeGroupListener - ok
17:14:02.0819 10724 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:14:02.0823 10724 HomeGroupProvider - ok
17:14:02.0838 10724 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:14:02.0840 10724 HpSAMD - ok
17:14:02.0885 10724 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:14:02.0894 10724 HTTP - ok
17:14:02.0957 10724 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:14:02.0958 10724 hwpolicy - ok
17:14:02.0994 10724 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:14:02.0996 10724 i8042prt - ok
17:14:03.0056 10724 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:14:03.0063 10724 iaStorV - ok
17:14:03.0131 10724 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:14:03.0146 10724 idsvc - ok
17:14:03.0342 10724 [ 0372C154226F7074CD150F475A4870A6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:14:03.0536 10724 igfx - ok
17:14:03.0570 10724 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:14:03.0573 10724 iirsp - ok
17:14:03.0623 10724 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:14:03.0637 10724 IKEEXT - ok
17:14:03.0686 10724 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
17:14:03.0688 10724 Impcd - ok
17:14:03.0710 10724 IntcAzAudAddService - ok
17:14:03.0726 10724 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
17:14:03.0729 10724 IntcDAud - ok
17:14:03.0745 10724 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:14:03.0747 10724 intelide - ok
17:14:03.0798 10724 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:14:03.0800 10724 intelppm - ok
17:14:03.0828 10724 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:14:03.0831 10724 IPBusEnum - ok
17:14:03.0864 10724 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:14:03.0867 10724 IpFilterDriver - ok
17:14:03.0916 10724 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:14:03.0923 10724 iphlpsvc - ok
17:14:03.0968 10724 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:14:03.0970 10724 IPMIDRV - ok
17:14:04.0001 10724 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:14:04.0004 10724 IPNAT - ok
17:14:04.0101 10724 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:14:04.0112 10724 iPod Service - ok
17:14:04.0174 10724 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:14:04.0176 10724 IRENUM - ok
17:14:04.0197 10724 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:14:04.0198 10724 isapnp - ok
17:14:04.0248 10724 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:14:04.0252 10724 iScsiPrt - ok
17:14:04.0286 10724 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:14:04.0288 10724 kbdclass - ok
17:14:04.0333 10724 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:14:04.0335 10724 kbdhid - ok
17:14:04.0345 10724 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:14:04.0347 10724 KeyIso - ok
17:14:04.0383 10724 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:14:04.0385 10724 KSecDD - ok
17:14:04.0431 10724 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:14:04.0434 10724 KSecPkg - ok
17:14:04.0487 10724 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:14:04.0488 10724 ksthunk - ok
17:14:04.0525 10724 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:14:04.0535 10724 KtmRm - ok
17:14:04.0596 10724 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:14:04.0601 10724 LanmanServer - ok
17:14:04.0656 10724 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:14:04.0661 10724 LanmanWorkstation - ok
17:14:04.0692 10724 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:14:04.0694 10724 lltdio - ok
17:14:04.0725 10724 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:14:04.0731 10724 lltdsvc - ok
17:14:04.0772 10724 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:14:04.0775 10724 lmhosts - ok
17:14:04.0815 10724 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:14:04.0818 10724 LSI_FC - ok
17:14:04.0838 10724 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:14:04.0843 10724 LSI_SAS - ok
17:14:04.0857 10724 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:14:04.0860 10724 LSI_SAS2 - ok
17:14:04.0883 10724 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:14:04.0885 10724 LSI_SCSI - ok
17:14:04.0932 10724 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:14:04.0935 10724 luafv - ok
17:14:04.0992 10724 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:14:04.0994 10724 MBAMProtector - ok
17:14:05.0064 10724 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:14:05.0069 10724 MBAMScheduler - ok
17:14:05.0148 10724 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:14:05.0155 10724 MBAMService - ok
17:14:05.0241 10724 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
17:14:05.0245 10724 McComponentHostService - ok
17:14:05.0281 10724 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:14:05.0284 10724 Mcx2Svc - ok
17:14:05.0308 10724 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:14:05.0309 10724 megasas - ok
17:14:05.0342 10724 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:14:05.0347 10724 MegaSR - ok
17:14:05.0451 10724 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:14:05.0464 10724 MMCSS - ok
17:14:05.0502 10724 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:14:05.0503 10724 Modem - ok
17:14:05.0620 10724 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:14:05.0693 10724 monitor - ok
17:14:05.0735 10724 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:14:05.0737 10724 mouclass - ok
17:14:05.0781 10724 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:14:05.0783 10724 mouhid - ok
17:14:05.0820 10724 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:14:05.0822 10724 mountmgr - ok
17:14:05.0841 10724 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:14:05.0844 10724 mpio - ok
17:14:05.0867 10724 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:14:05.0869 10724 mpsdrv - ok
17:14:05.0918 10724 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:14:05.0933 10724 MpsSvc - ok
17:14:05.0973 10724 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:14:05.0976 10724 MRxDAV - ok
17:14:06.0013 10724 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:14:06.0016 10724 mrxsmb - ok
17:14:06.0055 10724 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:14:06.0059 10724 mrxsmb10 - ok
17:14:06.0073 10724 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:14:06.0076 10724 mrxsmb20 - ok
17:14:06.0111 10724 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:14:06.0113 10724 msahci - ok
17:14:06.0163 10724 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:14:06.0166 10724 msdsm - ok
17:14:06.0197 10724 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:14:06.0201 10724 MSDTC - ok
17:14:06.0233 10724 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:14:06.0234 10724 Msfs - ok
17:14:06.0250 10724 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:14:06.0252 10724 mshidkmdf - ok
17:14:06.0289 10724 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:14:06.0291 10724 msisadrv - ok
17:14:06.0336 10724 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:14:06.0340 10724 MSiSCSI - ok
17:14:06.0344 10724 msiserver - ok
17:14:06.0379 10724 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:14:06.0381 10724 MSKSSRV - ok
17:14:06.0391 10724 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:14:06.0393 10724 MSPCLOCK - ok
17:14:06.0427 10724 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:14:06.0436 10724 MSPQM - ok
17:14:06.0479 10724 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:14:06.0485 10724 MsRPC - ok
17:14:06.0518 10724 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:14:06.0520 10724 mssmbios - ok
17:14:06.0536 10724 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:14:06.0537 10724 MSTEE - ok
17:14:06.0558 10724 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:14:06.0560 10724 MTConfig - ok
17:14:06.0583 10724 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:14:06.0585 10724 Mup - ok
17:14:06.0636 10724 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:14:06.0644 10724 napagent - ok
17:14:06.0694 10724 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:14:06.0699 10724 NativeWifiP - ok
17:14:06.0752 10724 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:14:06.0781 10724 NDIS - ok
17:14:06.0823 10724 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:14:06.0825 10724 NdisCap - ok
17:14:06.0875 10724 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:14:06.0877 10724 NdisTapi - ok
17:14:06.0916 10724 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:14:06.0919 10724 Ndisuio - ok
17:14:06.0953 10724 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:14:06.0957 10724 NdisWan - ok
17:14:06.0989 10724 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:14:06.0992 10724 NDProxy - ok
17:14:07.0003 10724 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:14:07.0005 10724 NetBIOS - ok
17:14:07.0054 10724 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:14:07.0059 10724 NetBT - ok
17:14:07.0067 10724 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:14:07.0070 10724 Netlogon - ok
17:14:07.0115 10724 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:14:07.0122 10724 Netman - ok
17:14:07.0141 10724 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:14:07.0147 10724 netprofm - ok
17:14:07.0192 10724 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:14:07.0195 10724 NetTcpPortSharing - ok
17:14:07.0232 10724 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:14:07.0233 10724 nfrd960 - ok
17:14:07.0251 10724 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:14:07.0257 10724 NlaSvc - ok
17:14:07.0270 10724 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:14:07.0272 10724 Npfs - ok
17:14:07.0288 10724 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:14:07.0290 10724 nsi - ok
17:14:07.0306 10724 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:14:07.0308 10724 nsiproxy - ok
17:14:07.0385 10724 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:14:07.0430 10724 Ntfs - ok
17:14:07.0450 10724 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:14:07.0452 10724 Null - ok
17:14:07.0492 10724 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:14:07.0495 10724 nvraid - ok
17:14:07.0524 10724 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:14:07.0527 10724 nvstor - ok
17:14:07.0569 10724 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:14:07.0572 10724 nv_agp - ok
17:14:07.0668 10724 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:14:07.0673 10724 odserv - ok
17:14:07.0730 10724 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:14:07.0741 10724 ohci1394 - ok
17:14:07.0793 10724 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:14:07.0796 10724 ose - ok
17:14:07.0823 10724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:14:07.0829 10724 p2pimsvc - ok
17:14:07.0881 10724 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:14:07.0887 10724 p2psvc - ok
17:14:07.0941 10724 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:14:07.0943 10724 Parport - ok
17:14:07.0977 10724 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:14:07.0979 10724 partmgr - ok
17:14:07.0995 10724 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:14:07.0998 10724 PcaSvc - ok
17:14:08.0014 10724 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:14:08.0017 10724 pci - ok
17:14:08.0047 10724 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:14:08.0049 10724 pciide - ok
17:14:08.0081 10724 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:14:08.0085 10724 pcmcia - ok
17:14:08.0156 10724 [ 8F38FFFA9E7B9D547B7921EFA8EDFF3C ] PCTCore C:\Windows\system32\drivers\PCTCore64.sys
17:14:08.0160 10724 PCTCore - ok
17:14:08.0237 10724 [ FF43E3B1687E4E2140DE6349EA5C7372 ] pctDS C:\Windows\system32\drivers\pctDS64.sys
17:14:08.0243 10724 pctDS - ok
17:14:08.0293 10724 [ 60E9A05852AF7E9CB11237C00AEE4CCF ] pctEFA C:\Windows\system32\drivers\pctEFA64.sys
17:14:08.0307 10724 pctEFA - ok
17:14:08.0333 10724 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:14:08.0335 10724 pcw - ok
17:14:08.0369 10724 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:14:08.0377 10724 PEAUTH - ok
17:14:08.0486 10724 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:14:08.0488 10724 PerfHost - ok
17:14:08.0562 10724 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:14:08.0592 10724 pla - ok
17:14:08.0653 10724 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:14:08.0659 10724 PlugPlay - ok
17:14:08.0718 10724 [ FE74BA87CDAA80AC9261F49167F0608A ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
17:14:08.0721 10724 pneteth - ok
17:14:08.0756 10724 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:14:08.0760 10724 PNRPAutoReg - ok
17:14:08.0779 10724 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:14:08.0783 10724 PNRPsvc - ok
17:14:08.0826 10724 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:14:08.0834 10724 PolicyAgent - ok
17:14:08.0871 10724 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:14:08.0875 10724 Power - ok
17:14:08.0910 10724 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:14:08.0913 10724 PptpMiniport - ok
17:14:08.0933 10724 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:14:08.0936 10724 Processor - ok
17:14:08.0984 10724 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:14:08.0989 10724 ProfSvc - ok
 
Continued:


17:14:09.0001 10724 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:14:09.0003 10724 ProtectedStorage - ok
17:14:09.0046 10724 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:14:09.0049 10724 Psched - ok
17:14:09.0081 10724 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
17:14:09.0083 10724 PxHlpa64 - ok
17:14:09.0150 10724 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:14:09.0205 10724 ql2300 - ok
17:14:09.0230 10724 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:14:09.0236 10724 ql40xx - ok
17:14:09.0265 10724 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:14:09.0271 10724 QWAVE - ok
17:14:09.0283 10724 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:14:09.0286 10724 QWAVEdrv - ok
17:14:09.0322 10724 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:14:09.0324 10724 RasAcd - ok
17:14:09.0375 10724 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:14:09.0377 10724 RasAgileVpn - ok
17:14:09.0397 10724 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:14:09.0402 10724 RasAuto - ok
17:14:09.0442 10724 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:14:09.0445 10724 Rasl2tp - ok
17:14:09.0488 10724 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:14:09.0495 10724 RasMan - ok
17:14:09.0516 10724 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:14:09.0519 10724 RasPppoe - ok
17:14:09.0557 10724 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:14:09.0560 10724 RasSstp - ok
17:14:09.0595 10724 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:14:09.0601 10724 rdbss - ok
17:14:09.0626 10724 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:14:09.0628 10724 rdpbus - ok
17:14:09.0652 10724 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:14:09.0654 10724 RDPCDD - ok
17:14:09.0690 10724 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:14:09.0692 10724 RDPENCDD - ok
17:14:09.0715 10724 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:14:09.0717 10724 RDPREFMP - ok
17:14:09.0767 10724 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:14:09.0771 10724 RDPWD - ok
17:14:09.0828 10724 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:14:09.0832 10724 rdyboost - ok
17:14:09.0877 10724 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:14:09.0881 10724 RemoteAccess - ok
17:14:09.0909 10724 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:14:09.0914 10724 RemoteRegistry - ok
17:14:09.0955 10724 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:14:09.0959 10724 RpcEptMapper - ok
17:14:09.0992 10724 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:14:09.0995 10724 RpcLocator - ok
17:14:10.0039 10724 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:14:10.0044 10724 RpcSs - ok
17:14:10.0074 10724 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:14:10.0077 10724 rspndr - ok
17:14:10.0134 10724 [ 502B316947EA887CDDD325D4745EB7D0 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
17:14:10.0137 10724 RSUSBSTOR - ok
17:14:10.0177 10724 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:14:10.0182 10724 RTL8167 - ok
17:14:10.0212 10724 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:14:10.0213 10724 SamSs - ok
17:14:10.0261 10724 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:14:10.0263 10724 sbp2port - ok
17:14:10.0294 10724 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:14:10.0300 10724 SCardSvr - ok
17:14:10.0331 10724 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:14:10.0332 10724 scfilter - ok
17:14:10.0388 10724 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:14:10.0418 10724 Schedule - ok
17:14:10.0459 10724 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:14:10.0460 10724 SCPolicySvc - ok
17:14:10.0529 10724 [ A1089AC7683826E6C7C9FAB9723DD80F ] sdAuxService C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
17:14:10.0532 10724 sdAuxService - ok
17:14:10.0584 10724 [ ED6C2EFEB47524BFF4D5E5109FB1A2BB ] sdCoreService C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
17:14:10.0591 10724 sdCoreService - ok
17:14:10.0627 10724 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:14:10.0631 10724 SDRSVC - ok
17:14:11.0061 10724 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:14:11.0086 10724 SeaPort - ok
17:14:11.0153 10724 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:14:11.0155 10724 secdrv - ok
17:14:11.0189 10724 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:14:11.0192 10724 seclogon - ok
17:14:11.0228 10724 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:14:11.0231 10724 SENS - ok
17:14:11.0260 10724 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:14:11.0262 10724 SensrSvc - ok
17:14:11.0281 10724 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:14:11.0283 10724 Serenum - ok
17:14:11.0297 10724 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:14:11.0300 10724 Serial - ok
17:14:11.0346 10724 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:14:11.0349 10724 sermouse - ok
17:14:11.0383 10724 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:14:11.0387 10724 SessionEnv - ok
17:14:11.0430 10724 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:14:11.0432 10724 sffdisk - ok
17:14:11.0443 10724 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:14:11.0446 10724 sffp_mmc - ok
17:14:11.0461 10724 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:14:11.0463 10724 sffp_sd - ok
17:14:11.0492 10724 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:14:11.0494 10724 sfloppy - ok
17:14:11.0539 10724 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:14:11.0544 10724 SharedAccess - ok
17:14:11.0588 10724 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:14:11.0622 10724 ShellHWDetection - ok
17:14:11.0671 10724 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:14:11.0673 10724 SiSRaid2 - ok
17:14:11.0692 10724 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:14:11.0694 10724 SiSRaid4 - ok
17:14:11.0764 10724 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:14:11.0766 10724 SkypeUpdate - ok
17:14:11.0796 10724 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:14:11.0799 10724 Smb - ok
17:14:11.0859 10724 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:14:11.0862 10724 SNMPTRAP - ok
17:14:11.0888 10724 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:14:11.0890 10724 spldr - ok
17:14:11.0943 10724 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:14:11.0951 10724 Spooler - ok
17:14:12.0063 10724 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:14:12.0186 10724 sppsvc - ok
17:14:12.0214 10724 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:14:12.0217 10724 sppuinotify - ok
17:14:12.0274 10724 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:14:12.0280 10724 srv - ok
17:14:12.0318 10724 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:14:12.0324 10724 srv2 - ok
17:14:12.0335 10724 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:14:12.0338 10724 srvnet - ok
17:14:12.0388 10724 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:14:12.0392 10724 SSDPSRV - ok
17:14:12.0410 10724 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:14:12.0413 10724 SstpSvc - ok
17:14:12.0437 10724 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:14:12.0439 10724 stexstor - ok
17:14:12.0496 10724 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:14:12.0504 10724 stisvc - ok
17:14:12.0541 10724 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:14:12.0543 10724 swenum - ok
17:14:12.0605 10724 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:14:12.0613 10724 swprv - ok
17:14:12.0686 10724 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:14:12.0732 10724 SysMain - ok
17:14:12.0764 10724 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:14:12.0767 10724 TabletInputService - ok
17:14:12.0812 10724 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:14:12.0818 10724 TapiSrv - ok
17:14:12.0870 10724 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:14:12.0873 10724 TBS - ok
17:14:12.0950 10724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:14:13.0005 10724 Tcpip - ok
17:14:13.0085 10724 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:14:13.0095 10724 TCPIP6 - ok
17:14:13.0129 10724 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:14:13.0131 10724 tcpipreg - ok
17:14:13.0165 10724 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:14:13.0167 10724 TDPIPE - ok
17:14:13.0196 10724 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:14:13.0198 10724 TDTCP - ok
17:14:13.0243 10724 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:14:13.0246 10724 tdx - ok
17:14:13.0266 10724 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:14:13.0268 10724 TermDD - ok
17:14:13.0324 10724 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:14:13.0333 10724 TermService - ok
17:14:13.0385 10724 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:14:13.0388 10724 Themes - ok
17:14:13.0405 10724 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:14:13.0407 10724 THREADORDER - ok
17:14:13.0419 10724 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:14:13.0423 10724 TrkWks - ok
17:14:13.0484 10724 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:14:13.0487 10724 TrustedInstaller - ok
17:14:13.0521 10724 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:14:13.0523 10724 tssecsrv - ok
17:14:13.0576 10724 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:14:13.0577 10724 TsUsbFlt - ok
17:14:13.0645 10724 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:14:13.0647 10724 tunnel - ok
17:14:13.0673 10724 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:14:13.0675 10724 uagp35 - ok
17:14:13.0724 10724 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:14:13.0729 10724 udfs - ok
17:14:13.0782 10724 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:14:13.0785 10724 UI0Detect - ok
17:14:13.0812 10724 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:14:13.0814 10724 uliagpkx - ok
17:14:13.0875 10724 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:14:13.0877 10724 umbus - ok
17:14:13.0911 10724 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:14:13.0913 10724 UmPass - ok
17:14:13.0939 10724 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:14:13.0945 10724 upnphost - ok
17:14:13.0993 10724 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:14:13.0995 10724 usbccgp - ok
17:14:14.0049 10724 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:14:14.0051 10724 usbcir - ok
17:14:14.0075 10724 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
17:14:14.0078 10724 usbehci - ok
17:14:14.0120 10724 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:14:14.0125 10724 usbhub - ok
17:14:14.0175 10724 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:14:14.0177 10724 usbohci - ok
17:14:14.0211 10724 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:14:14.0213 10724 usbprint - ok
17:14:14.0250 10724 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:14:14.0252 10724 USBSTOR - ok
17:14:14.0277 10724 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:14:14.0278 10724 usbuhci - ok
17:14:14.0345 10724 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:14:14.0349 10724 usbvideo - ok
17:14:14.0367 10724 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:14:14.0370 10724 UxSms - ok
17:14:14.0378 10724 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:14:14.0379 10724 VaultSvc - ok
17:14:14.0440 10724 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:14:14.0442 10724 vdrvroot - ok
17:14:14.0486 10724 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:14:14.0494 10724 vds - ok
17:14:14.0545 10724 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:14.0546 10724 vga - ok
17:14:14.0559 10724 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:14:14.0560 10724 VgaSave - ok
17:14:14.0594 10724 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:14:14.0598 10724 vhdmp - ok
17:14:14.0628 10724 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:14:14.0630 10724 viaide - ok
17:14:14.0667 10724 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:14:14.0681 10724 volmgr - ok
17:14:14.0730 10724 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:14:14.0736 10724 volmgrx - ok
17:14:14.0791 10724 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:14:14.0796 10724 volsnap - ok
17:14:14.0830 10724 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:14.0833 10724 vsmraid - ok
17:14:14.0898 10724 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:14:14.0954 10724 VSS - ok
17:14:14.0993 10724 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:14:14.0995 10724 vwifibus - ok
17:14:15.0015 10724 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:14:15.0017 10724 vwififlt - ok
17:14:15.0055 10724 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:14:15.0057 10724 vwifimp - ok
17:14:15.0094 10724 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:14:15.0101 10724 W32Time - ok
17:14:15.0141 10724 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:14:15.0143 10724 WacomPen - ok
17:14:15.0188 10724 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:14:15.0191 10724 WANARP - ok
17:14:15.0202 10724 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:14:15.0203 10724 Wanarpv6 - ok
17:14:15.0359 10724 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:14:15.0404 10724 WatAdminSvc - ok
17:14:15.0473 10724 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:14:15.0528 10724 wbengine - ok
17:14:15.0582 10724 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:14:15.0588 10724 WbioSrvc - ok
17:14:15.0630 10724 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:14:15.0638 10724 wcncsvc - ok
17:14:15.0678 10724 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:15.0682 10724 WcsPlugInService - ok
17:14:15.0705 10724 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:14:15.0707 10724 Wd - ok
17:14:15.0822 10724 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:14:15.0831 10724 Wdf01000 - ok
17:14:15.0879 10724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:14:15.0884 10724 WdiServiceHost - ok
17:14:15.0888 10724 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:14:15.0891 10724 WdiSystemHost - ok
17:14:15.0955 10724 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:14:15.0962 10724 WebClient - ok
17:14:16.0012 10724 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:14:16.0018 10724 Wecsvc - ok
17:14:16.0055 10724 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:14:16.0063 10724 wercplsupport - ok
17:14:16.0109 10724 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:14:16.0474 10724 WerSvc - ok
17:14:16.0554 10724 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:16.0555 10724 WfpLwf - ok
17:14:16.0572 10724 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:14:16.0573 10724 WIMMount - ok
17:14:16.0621 10724 WinDefend - ok
17:14:16.0626 10724 WinHttpAutoProxySvc - ok
17:14:16.0728 10724 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:14:16.0732 10724 Winmgmt - ok
17:14:16.0813 10724 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:14:16.0873 10724 WinRM - ok
17:14:17.0024 10724 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
17:14:17.0026 10724 WinUSB - ok
17:14:17.0257 10724 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:14:17.0270 10724 Wlansvc - ok
17:14:18.0153 10724 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:14:18.0220 10724 wlidsvc - ok
17:14:18.0378 10724 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
17:14:18.0380 10724 wltrysvc - ok
17:14:18.0448 10724 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:14:18.0450 10724 WmiAcpi - ok
17:14:18.0540 10724 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:14:18.0543 10724 wmiApSrv - ok
17:14:18.0632 10724 WMPNetworkSvc - ok
17:14:18.0690 10724 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:14:18.0693 10724 WPCSvc - ok
17:14:18.0744 10724 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:14:18.0747 10724 WPDBusEnum - ok
17:14:18.0808 10724 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:14:18.0810 10724 ws2ifsl - ok
17:14:18.0876 10724 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:14:18.0879 10724 wscsvc - ok
17:14:18.0964 10724 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
17:14:18.0966 10724 WSDPrintDevice - ok
17:14:18.0974 10724 WSearch - ok
17:14:19.0119 10724 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:14:19.0177 10724 wuauserv - ok
17:14:19.0239 10724 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:14:19.0242 10724 WudfPf - ok
17:14:19.0294 10724 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:19.0298 10724 WUDFRd - ok
17:14:19.0340 10724 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:14:19.0345 10724 wudfsvc - ok
17:14:19.0383 10724 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:14:19.0390 10724 WwanSvc - ok
17:14:19.0476 10724 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:14:19.0484 10724 YahooAUService - ok
17:14:19.0531 10724 ================ Scan global ===============================
17:14:19.0577 10724 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:14:19.0625 10724 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
17:14:19.0646 10724 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
17:14:19.0680 10724 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:14:19.0720 10724 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:14:19.0726 10724 [Global] - ok
17:14:19.0727 10724 ================ Scan MBR ==================================
17:14:19.0749 10724 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:14:19.0749 10724 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:14:19.0783 10724 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:14:19.0783 10724 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:14:19.0784 10724 ================ Scan VBR ==================================
17:14:19.0788 10724 [ A4623D7E46A0FB16BB5AE4B5DB0BD957 ] \Device\Harddisk0\DR0\Partition1
17:14:19.0790 10724 \Device\Harddisk0\DR0\Partition1 - ok
17:14:19.0805 10724 [ 5FBEEC304255B89F9F44BFBC42EA0A09 ] \Device\Harddisk0\DR0\Partition2
17:14:19.0807 10724 \Device\Harddisk0\DR0\Partition2 - ok
17:14:19.0811 10724 ============================================================
17:14:19.0811 10724 Scan finished
17:14:19.0811 10724 ============================================================
17:14:19.0828 9512 Detected object count: 1
17:14:19.0828 9512 Actual detected object count: 1
17:19:18.0382 9512 \Device\Harddisk0\DR0\# - copied to quarantine
17:19:18.0385 9512 \Device\Harddisk0\DR0 - copied to quarantine
17:19:18.0480 9512 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:19:18.0482 9512 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:19:18.0508 9512 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:19:18.0520 9512 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:19:18.0522 9512 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:19:18.0523 9512 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:19:18.0525 9512 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:19:18.0535 9512 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:19:18.0539 9512 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:19:18.0542 9512 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:19:18.0545 9512 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:19:18.0548 9512 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:19:18.0564 9512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:19:18.0586 9512 \Device\Harddisk0\DR0 - ok
17:19:18.0653 9512 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:21:01.0452 5892 Deinitialize success
 
:)

Please re-run MBAM one more time and post new log.

Next....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==========================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.16.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alan :: ALAN-PC [administrator]
Protection: Enabled
12/17/2012 6:06:37 PM
mbam-log-2012-12-17 (18-06-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207532
Time elapsed: 4 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
RogueKiller V8.4.0 [Dec 15 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Alan [Admin rights]
Mode : Remove -- Date : 12/17/2012 18:14:44
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-75A23T0 ATA Device +++++
--- User ---
[MBR] 2bed1a9787d2649a1b12137ceffff9ab
[BSP] 8fb5f825e3fff5a0332dbf7838ed38cf : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 10000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20686848 | Size: 60000 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143566848 | Size: 168373 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_12172012_02d1814.txt >>
RKreport[1]_S_12172012_02d1814.txt ; RKreport[2]_D_12172012_02d1814.txt
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-17 18:18:09
-----------------------------
18:18:09.524 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:09.524 Number of processors: 4 586 0x2502
18:18:09.525 ComputerName: ALAN-PC UserName: Alan
18:18:10.648 Initialize success
18:19:24.820 AVAST engine defs: 12121702
18:20:04.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:20:04.977 Disk 0 Vendor: WDC_WD2500BEVT-75A23T0 01.01A01 Size: 238475MB BusType: 11
18:20:04.992 Disk 0 MBR read successfully
18:20:04.996 Disk 0 MBR scan
18:20:05.005 Disk 0 Windows 7 default MBR code
18:20:05.014 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
18:20:05.036 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
18:20:05.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
18:20:05.068 Disk 0 Partition - 00 0F Extended LBA 168373 MB offset 143566848
18:20:05.098 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 168372 MB offset 143568896
18:20:05.137 Disk 0 scanning C:\Windows\system32\drivers
18:20:18.671 Service scanning
18:20:50.424 Modules scanning
18:20:50.440 Disk 0 trace - called modules:
18:20:50.466 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:20:50.478 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be0790]
18:20:50.489 3 CLASSPNP.SYS[fffff88001b4a43f] -> nt!IofCallDriver -> [0xfffffa8004a8dcf0]
18:20:50.500 5 PCTCore64.sys[fffff88001138094] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004913550]
18:20:51.353 AVAST engine scan C:\Windows
18:20:53.418 AVAST engine scan C:\Windows\system32
18:24:35.540 AVAST engine scan C:\Windows\system32\drivers
18:24:55.788 AVAST engine scan C:\Users\Alan
18:33:58.170 AVAST engine scan C:\ProgramData
18:38:37.840 Scan finished successfully
18:44:04.080 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"
18:44:04.085 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt"
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

=================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-17 18:18:09
-----------------------------
18:18:09.524 OS Version: Windows x64 6.1.7601 Service Pack 1
18:18:09.524 Number of processors: 4 586 0x2502
18:18:09.525 ComputerName: ALAN-PC UserName: Alan
18:18:10.648 Initialize success
18:19:24.820 AVAST engine defs: 12121702
18:20:04.972 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:20:04.977 Disk 0 Vendor: WDC_WD2500BEVT-75A23T0 01.01A01 Size: 238475MB BusType: 11
18:20:04.992 Disk 0 MBR read successfully
18:20:04.996 Disk 0 MBR scan
18:20:05.005 Disk 0 Windows 7 default MBR code
18:20:05.014 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
18:20:05.036 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
18:20:05.058 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
18:20:05.068 Disk 0 Partition - 00 0F Extended LBA 168373 MB offset 143566848
18:20:05.098 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 168372 MB offset 143568896
18:20:05.137 Disk 0 scanning C:\Windows\system32\drivers
18:20:18.671 Service scanning
18:20:50.424 Modules scanning
18:20:50.440 Disk 0 trace - called modules:
18:20:50.466 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:20:50.478 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004be0790]
18:20:50.489 3 CLASSPNP.SYS[fffff88001b4a43f] -> nt!IofCallDriver -> [0xfffffa8004a8dcf0]
18:20:50.500 5 PCTCore64.sys[fffff88001138094] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004913550]
18:20:51.353 AVAST engine scan C:\Windows
18:20:53.418 AVAST engine scan C:\Windows\system32
18:24:35.540 AVAST engine scan C:\Windows\system32\drivers
18:24:55.788 AVAST engine scan C:\Users\Alan
18:33:58.170 AVAST engine scan C:\ProgramData
18:38:37.840 Scan finished successfully
18:44:04.080 Disk 0 MBR has been saved successfully to "C:\Users\Alan\Desktop\MBR.dat"
18:44:04.085 The log file has been saved successfully to "C:\Users\Alan\Desktop\aswMBR.txt"
 
I guess the file didnt originally copy to the clipboard. Sorry. Lets try again,


ComboFix 12-12-17.02 - Alan 12/17/2012 20:58:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2234 [GMT -8:00]
Running from: c:\users\Alan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\016060e8-e1de-4d82-bd11-b667007b1f12.dll
c:\programdata\PCDr\6032\AddOnDownloaded\111e1115-314f-4404-be4a-ad58e8e2423d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1d151f53-1500-414d-85b4-ab85d24f0785.dll
c:\programdata\PCDr\6032\AddOnDownloaded\2390e056-e2db-44ed-91a5-5ca43aefea83.dll
c:\programdata\PCDr\6032\AddOnDownloaded\406007ac-5ba8-43e6-97b6-0c6ed58bb6e8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\468d25c7-baa8-4db4-a17f-ceac895a9bc8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4cfdf1e7-d0b2-449c-bd2d-084cd975e5d8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4f1c58d6-ca02-4906-b156-709481baca61.dll
c:\programdata\PCDr\6032\AddOnDownloaded\59bb1a7b-2122-4c71-82b0-30bee96f063e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\62089595-46e8-4c4f-9d7b-48be969390bb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\73a14ca6-4567-413f-a60f-d04159cb72eb.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7779c9df-2dc0-4fd5-92bb-c64027285f8b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\788ad19e-7745-402f-a5a5-20d2ab8b5f1b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9881c561-a45a-4c53-9d45-de93a99e2898.dll
c:\programdata\PCDr\6032\AddOnDownloaded\b72409f9-df97-4592-bbfd-fff1ce0a9559.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ba58cab8-833c-4868-95e2-cff538a852a7.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bbd4d2b0-9dc6-46d0-a352-dbcd92f63c4d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\cb7af81b-44d9-4f99-b223-18a71e8c85b6.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d220b53c-6a3c-4b5d-8797-965d39e82fff.dll
c:\programdata\PCDr\6032\AddOnDownloaded\e16f2788-babe-4a60-93d0-d507a5228753.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ff24953d-0c6e-4af9-a727-84ce58c99035.dll
c:\users\Alan\Documents\~WRL2536.tmp
c:\users\Alan\Documents\~WRL2750.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 05:08 . 2012-12-18 05:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-18 01:19 . 2012-12-18 01:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-15 05:03 . 2012-12-15 05:03 -------- d-----w- c:\users\Alan\AppData\Roaming\Malwarebytes
2012-12-15 05:03 . 2012-12-15 05:03 -------- d-----w- c:\programdata\Malwarebytes
2012-12-15 05:03 . 2012-12-15 05:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-15 05:03 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-13 03:08 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 03:08 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 03:08 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 03:08 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-13 03:08 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 03:08 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-13 03:08 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 03:05 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 03:05 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-13 02:51 . 2012-12-13 02:51 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2012-11-23 07:17 . 2012-12-18 02:12 -------- d-----r- c:\users\Alan\Dropbox
2012-11-23 06:59 . 2012-12-18 02:12 -------- d-----w- c:\users\Alan\AppData\Roaming\Dropbox
2012-11-22 21:28 . 2012-11-22 21:28 -------- d-----w- c:\users\Alan\AppData\Roaming\AVG2013
2012-11-22 21:25 . 2012-11-22 21:25 -------- d-----w- c:\users\Alan\AppData\Roaming\TuneUp Software
2012-11-22 21:24 . 2012-11-23 02:20 -------- d-----w- c:\programdata\AVG2013
2012-11-22 21:24 . 2012-11-22 21:24 -------- d-----w- C:\$AVG
2012-11-22 21:22 . 2012-11-22 21:22 -------- d-----w- c:\program files (x86)\AVG
2012-11-22 21:18 . 2012-12-18 02:55 -------- d-----w- c:\programdata\MFAData
2012-11-22 21:18 . 2012-11-23 00:21 -------- d-----w- c:\users\Alan\AppData\Local\Avg2013
2012-11-22 21:18 . 2012-11-22 21:18 -------- d--h--w- c:\programdata\Common Files
2012-11-22 21:18 . 2012-11-22 21:18 -------- d-----w- c:\users\Alan\AppData\Local\MFAData
2012-11-20 15:48 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{159D35BE-80DD-4D09-B631-82A34B7F24AC}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 04:04 . 2012-05-08 04:16 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-13 04:04 . 2012-05-08 04:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-16 03:42 . 2010-10-28 18:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-22 21:02 . 2012-10-22 21:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 01:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 01:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 01:06 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 11:48 . 2012-10-15 11:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-09 18:17 . 2012-11-15 06:40 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 06:40 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 06:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 06:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-05 11:32 . 2012-10-05 11:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-13 03:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-15 06:40 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 06:40 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 06:40 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 06:40 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 06:40 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 06:40 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 06:40 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 06:40 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 06:40 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 06:40 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 06:40 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-02 11:30 . 2012-10-02 11:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-25 22:47 . 2012-11-15 06:39 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 06:39 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 11:46 . 2012-09-21 11:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-09-21 11:46 . 2012-09-21 11:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
c:\users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-11-21 28791288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 220672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-12 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-11-25 257232]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [2010-06-29 452872]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [2010-07-16 816016]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2012-03-02 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2012-03-02 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2012-03-02 27136]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2012-03-02 34304]
S3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [2010-08-02 31744]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2010-09-03 15360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31319439
*NewlyCreated* - 31422766
*NewlyCreated* - ASWMBR
*Deregistered* - 31319439
*Deregistered* - 31422766
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 04:04]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450620413-958074166-3036180015-1000Core.job
- c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-13 03:24]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1450620413-958074166-3036180015-1000UA.job
- c:\users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-13 03:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Alan\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-04 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-04 408600]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-10-01 3189016]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com./
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\6t8pgoq2.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-31422766.sys
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Andbus]
"ImagePath"="system32\DRIVERS\lgandbus64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AndDiag]
"ImagePath"="system32\DRIVERS\lganddiag64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AndGps]
"ImagePath"="system32\DRIVERS\lgandgps64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ANDModem]
"ImagePath"="system32\DRIVERS\lgandmodem64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\androidusb]
"ImagePath"="System32\Drivers\lgandadb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ApfiltrService]
"ImagePath"="system32\DRIVERS\Apfiltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCM42RLY]
"ImagePath"="system32\drivers\BCM42RLY.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl664.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMLogon]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
 
Cont:

.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CtClsFlt]
"ImagePath"="system32\DRIVERS\CtClsFlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ctxusbm]
"ImagePath"="system32\DRIVERS\ctxusbm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DockLoginService]
"ImagePath"="c:\program files\Dell\DellDock\DockLogin.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\easytether]
"ImagePath"="system32\DRIVERS\easytthr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GameConsoleService]
"ImagePath"="\"c:\program files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GoToAssist]
"ImagePath"="\"c:\program files (x86)\Citrix\GoToAssist\514\g2aservice.exe\" Start=service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HECIx64]
"ImagePath"="system32\DRIVERS\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ialm]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKFileSec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKSysFlt]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Impcd]
"ImagePath"="system32\DRIVERS\Impcd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcDAud]
"ImagePath"="system32\DRIVERS\IntcDAud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMScheduler]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBAMService]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\McComponentHostService]
"ImagePath"="\"c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\odserv]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]
"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCTCore]
"ImagePath"="system32\drivers\PCTCore64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctDS]
"ImagePath"="system32\drivers\pctDS64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pctEFA]
"ImagePath"="system32\drivers\pctEFA64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pneteth]
"ImagePath"="system32\DRIVERS\pneteth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHlpa64]
"ImagePath"="System32\Drivers\PxHlpa64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RSUSBSTOR]
"ImagePath"="System32\Drivers\RtsUStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
 
Cont:

.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdAuxService]
"ImagePath"="c:\program files (x86)\PC Tools Security\pctsAuxs.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdCoreService]
"ImagePath"="c:\program files (x86)\PC Tools Security\pctsSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SeaPort]
"ImagePath"="\"c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbvideo]
"ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]
"ImagePath"="system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VxD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUSB]
"ImagePath"="system32\DRIVERS\WinUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]
"ImagePath"="\"c:\program files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE\" \"c:\program files\Dell\Dell Wireless WLAN Card\bcmwltry.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]
"ImagePath"="system32\DRIVERS\WSDPrint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\YahooAUService]
"ImagePath"="\"c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{62660644-B190-41ED-8657-98D66C90A03A}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{781AD294-1FF5-4C77-AFB0-9281E1721A60}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{964044E1-667B-4E68-A362-75DFFBCBFABD}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{A4B019E3-1BA1-4A7C-9A39-4B3B65F7618B}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:75,94,fd,8a,b8,bf,cd,01
.
[HKEY_USERS\S-1-5-21-1450620413-958074166-3036180015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1450620413-958074166-3036180015-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-17 21:14:11
ComboFix-quarantined-files.txt 2012-12-18 05:14
.
Pre-Run: 11,039,657,984 bytes free
Post-Run: 13,596,131,328 bytes free
.
- - End Of File - - 0C0AB7C0E23CC692FE88A293B5123D70
 
Looks good.

How is computer doing?

==============================

Uninstall McAfee Security Scan, typical foistware.

============================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thanks again for your help Broni!! Computer crashed yesterday but looking good now. 2 symptoms that I am noticing that I didnt have before all these problems. 1- computer takes a long time to load from off position (security software?). 2- for some reason when I plug in my charger into my laptop I get a message saying that the charger is not a Dell approved charger and it will not charge the battery but it will run off the power source. The charger is the same that I have been using and it is the one that came with the laptop.

I will start the next set of protocols now.
 
So I ran the first protocol with the log below. The only problem that seems to have occured is that I am unable to connect to the internet (via wireless). I reset the modem but it keeps saying that it is trying to identify the network. Any ideas?


# AdwCleaner v2.101 - Logfile created 12/18/2012 at 21:44:02
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Alan - ALAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Alan\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
***** [Registry] *****
Key Deleted : HKLM\Software\Freeze.com
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v4.0.1 (en-US)
Profile name : default
File : C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\6t8pgoq2.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [798 octets] - [18/12/2012 21:44:02]
########## EOF - C:\AdwCleaner[S1].txt - [857 octets] ##########
 
FYI, sent the above message from the above is sent from a different system. Once I get the internet running I will complete the protocol.

Thanks again!!
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
midian182
Blizzard may have just confirmed that Diablo IV will receive annual expansions
Replies
4
Views
426
Bobbydpue
Bobbydpue
A
A clever trick turns antivirus software into unstoppable data wiping scourges
Replies
1
Views
594
johnhzzz16
J

Latest posts

Back