Jump to content

lloyd329

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. (1) I connect through a wireless router. So I will not need to install a outbound firewall. I already use AVG Anti-Virus. I downloaded SuperAntiSpyware. I downloaded Spyware Blaster (2) I am set up to do auto-updates for Windows (3) I will save the link to do an occasional Secunia scan of my programs. Sound good? Thank you for your time!!!
  2. C:\Program Files\DailyBibleGuide\bar\2.bin\2vdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined C:\Program Files\DailyBibleGuide\bar\2.bin\2vhtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined C:\Program Files\DailyBibleGuide\bar\2.bin\2vhtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined C:\Program Files\DailyBibleGuide\bar\2.bin\2vPlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined C:\Program Files\DailyBibleGuide\bar\2.bin\2vskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined C:\Program Files\GamingWonderland\bar\2.bin\gtdatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined C:\Program Files\GamingWonderland\bar\2.bin\gthtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined C:\Program Files\GamingWonderland\bar\2.bin\gthtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined C:\Program Files\GamingWonderland\bar\2.bin\gtieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting (after the next restart) - quarantined C:\Program Files\GamingWonderland\bar\2.bin\gtPlugin.dll probably a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined C:\Program Files\GamingWonderland\bar\2.bin\gtskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RMWR8EW2\DailyBibleGuide[1].exe a variant of Win32/AdInstaller application cleaned by deleting - quarantined C:\Users\user\AppData\Local\temp\NODAB41.tmp probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined C:\Users\user\AppData\Local\temp\NODD691.tmp probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting (after the next restart) - quarantined C:\Users\user\AppData\LocalLow\BringMeSports_1cEI\Installr\Cache\061E2A5A.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined C:\Users\user\AppData\LocalLow\DailyBibleGuide\bar\setups\DailyBibleGuideAuto.exe probably a variant of Win32/Toolbar.MyWebSearch.L application deleted - quarantined
  3. I see a Java SE 7u4. Is this a newer version. Do you want me to download this? The only 7u3 version I see is JDK 7u3 with Java EE. Is that the one?
  4. FIXED!!! When I did it a 4th time. I made sure the text you wanted me to cut and paste in the textbox was over 4 lines. I didn't have the 1st and 2nd lines seperated. Still no window popped up to cut and paste, but no error message came up either. I guess that is a good thing!!! Thanks. p.s. I will make sure I make a donation as soon as I get a few extra bucks.
  5. Sorry again for taking so long. I went away the last 4 days and didn't have my laptop with me. I think I messed up. After the computer rebooted, I accidently "x"-ed off the report you wanted me to cut and paste. I did the process again but no report came up. On both reboots the error message came up again. I will try the process a 3rd time to see what happens. If anything different happens I will post another response. If nothing, I will wait for you response. Thanks,
  6. Sorry for getting back a little late. Things were a little hectic the last few days. Here's the logs: OTL Extras logfile created on: 5/17/2012 3:11:54 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\user\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.84% Memory free 4.22 Gb Paging File | 2.77 Gb Available in Paging File | 65.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 39.41 Gb Free Space | 52.88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{033B6874-4886-41D4-B977-64EE1B85F792}" = lport=139 | protocol=6 | dir=in | app=system | "{0455A73C-0258-4986-AEE8-963B0D9D2DAB}" = lport=445 | protocol=6 | dir=in | app=system | "{0A9DA994-8552-4700-8D3B-3160D243C587}" = rport=138 | protocol=17 | dir=out | app=system | "{20B34AC9-ADB9-4D02-BA30-E7859E61BB59}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3AE1AB4B-8B92-4180-94E6-87AB48A87535}" = lport=138 | protocol=17 | dir=in | app=system | "{4D5EF4B9-726B-485A-84DF-07141B7BE801}" = rport=139 | protocol=6 | dir=out | app=system | "{5318547E-ACD5-4316-94EB-74E6E41EEDAE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{88B3BAA7-C5C3-4053-A4D8-EFC4A1E66273}" = rport=137 | protocol=17 | dir=out | app=system | "{A2AB14D5-3795-44B4-A46A-73F4F5B3FE7C}" = rport=445 | protocol=6 | dir=out | app=system | "{AEA30351-295F-4A85-810D-B4ABBEEBADE8}" = lport=137 | protocol=17 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07B55622-E637-4F29-B198-C2DDF28C4D7E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{1BFF6AB2-3F2F-496E-ADE0-D8F0BD0FF87F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{24AC9597-990B-4797-AA8C-DE53D0BDC628}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{3137CD32-76B8-4A14-A8E0-B07C30165304}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{33FC9321-AE1E-4254-9D5F-C803A022618C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{352FCF0A-BB9F-4DC1-BE77-3957B1CA016B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{3CF8C8A2-3324-4A76-9349-44BFA0226401}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{3FEE4063-9E69-4DE8-98D9-9499FF3DDFEA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{521DC71C-2407-4DD9-A23C-88C92EF4417F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{5A8524F4-600A-4565-82B5-E5C6558BBFB6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{5DD089E2-E90F-4824-BC5D-F9030845C6B5}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{6F183DD5-DF64-4D95-B226-DB40150AD237}" = dir=in | app=c:\windows\system32\lxebcoms.exe | "{72A1E832-63FB-46BE-AF22-48F13BAEA3CC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{733E6DB3-129B-41CF-B1F4-F48AA333B035}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{895343C6-EE3A-4332-8B73-D6C6EE17BD9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{938F69B3-6482-4EE9-AF1A-A2E526F1D845}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{BF8C99C4-A88B-46B9-9D51-70CAE7A8DF9B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{C18731F7-3DC9-4BB1-AC86-1770E70F76DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F5546A30-6DA9-4D6D-B4A4-ABD2EF25A485}" = dir=in | app=c:\windows\system32\lxebcoms.exe | "{FE73E28D-1FF3-4C37-85B3-2DD7DCCD68D9}" = dir=in | app=c:\windows\system32\lxebcoms.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 30 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix online plug-in (DV) "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100 "{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix online plug-in (HDX) "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2 "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB) "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012 "{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix online plug-in (Web) "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AVG" = AVG 2012 "Cisco Connect" = Cisco Connect "CitrixOnlinePluginPackWeb" = Citrix online plug-in - web "DailyBibleGuidebar Uninstall" = DailyBibleGuide "Dell Support Center" = Dell Support Center "Gadwin PrintScreen" = Gadwin PrintScreen "GamingWonderlandbar Uninstall" = GamingWonderland Toolbar "HDMI" = Intel® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "iLivid" = iLivid "Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update "Zune" = Zune ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3276012984-298645577-3270156227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon Kindle" = Amazon Kindle ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 5/11/2012 12:40:23 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/11/2012 3:51:55 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/11/2012 9:30:30 PM | Computer Name = user-PC | Source = Application Error | ID = 1000 Description = Faulting application SearchIndexer.exe, version 7.0.6002.18005, time stamp 0x49e02459, faulting module TQUERY.DLL, version 7.0.6002.18005, time stamp 0x49e0382e, exception code 0xc0000005, fault offset 0x000b1f69, process id 0xc7c, application start time 0x01cd2faf57d1d730. Error - 5/11/2012 10:12:24 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/12/2012 7:47:24 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/13/2012 1:53:29 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/13/2012 12:55:24 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/13/2012 1:28:56 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/13/2012 1:40:20 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 5/13/2012 5:22:46 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 5/13/2012 1:28:57 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 5/13/2012 1:40:20 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009 Description = Error - 5/13/2012 1:40:20 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 5/13/2012 5:22:46 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009 Description = Error - 5/13/2012 5:22:46 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 5/14/2012 9:32:36 AM | Computer Name = user-PC | Source = DCOM | ID = 10016 Description = Error - 5/14/2012 11:16:46 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009 Description = Error - 5/14/2012 11:16:46 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = Error - 5/15/2012 11:55:37 AM | Computer Name = user-PC | Source = DCOM | ID = 10016 Description = Error - 5/16/2012 2:48:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034 Description = < End of report > OTL logfile created on: 5/17/2012 3:11:54 PM - Run 1 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\user\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.84% Memory free 4.22 Gb Paging File | 2.77 Gb Available in Paging File | 65.65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 39.41 Gb Free Space | 52.88% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/17 15:11:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2012/05/13 23:02:08 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files\GamingWonderland\bar\1.bin\gtbarsvc.exe PRC - [2012/05/13 23:02:08 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files\GamingWonderland\bar\1.bin\gtbrmon.exe PRC - [2012/05/05 12:02:40 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/10/11 13:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe PRC - [2011/04/25 02:24:16 | 000,726,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe PRC - [2011/04/25 02:22:40 | 000,305,088 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe PRC - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe PRC - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe PRC - [2010/11/11 13:55:46 | 000,159,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2010/10/14 04:11:39 | 000,487,424 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe PRC - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxebcoms.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe ========== Modules (No Company Name) ========== MOD - [2011/08/22 01:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe MOD - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epoemdll.dll MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epstring.dll MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizres.dll MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epwizard.dll MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\customui.dll MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\epfunct.dll MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\eputil.dll MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\imagutil.dll MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebdrs.dll MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebscw.dll MOD - [2009/11/09 03:06:45 | 000,159,744 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebprpr.dll MOD - [2009/11/04 08:14:38 | 000,165,376 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebdrui.dll MOD - [2009/11/04 08:14:06 | 000,236,032 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebdr.dll MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebdatr.dll MOD - [2009/05/18 08:29:08 | 000,819,200 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxebptpc.dll MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\iptk.dll MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebcaps.dll MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro200-S500 Series\lxebptp.dll MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXEBsmr.dll MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXEBsm.dll ========== Win32 Services (SafeList) ========== SRV - [2012/05/13 23:02:08 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\GamingWonderland\bar\1.bin\gtbarsvc.exe -- (GamingWonderlandService) SRV - [2012/05/05 12:02:41 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/11/11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2010/11/11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2010/11/11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxebcoms.exe -- (lxeb_device) SRV - [2010/04/14 14:55:54 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe -- (lxebCATSCustConnectService) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2011/04/25 01:49:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/01/20 22:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel® DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel® DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm0187Qus&ptb=07D3A9B7-0036-41B6-A9E3-0F1F3D91EB5E&psa=&ind=2011030806&ptnrS=XMxdm0187Qus&si=&st=sb&n=77dde516&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value found IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60644 IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XMxdm0187Qus&ptb=07D3A9B7-0036-41B6-A9E3-0F1F3D91EB5E&psa=&ind=2011030806&ptnrS=XMxdm0187Qus&si=&st=sb&n=77dde516&searchfor={searchTerms} IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=FBAEF31001CC0C770F1110FF&install_time=2011-05-07T05:31:16Z&src_id=11009&camp_id=861&tb_version=2.5.18000.3 IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80273&lng=en IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\SearchScopes\{C87B3755-68D0-B39D-C7B6-1302A12C8A19}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF IE - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@DailyBibleGuide.com/Plugin: C:\Program Files\DailyBibleGuide\bar\2.bin\NP2vStub.dll (DailyBibleGuide) FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2vffxtbr@DailyBibleGuide.com: C:\Program Files\DailyBibleGuide\bar\2.bin [2012/05/13 13:25:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/15 10:59:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/10 17:32:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\gtffxtbr@GamingWonderland.com: C:\Program Files\GamingWonderland\bar\1.bin [2012/05/13 23:02:12 | 000,000,000 | ---D | M] O1 HOSTS File: ([2012/05/13 13:27:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Toolbar BHO) - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark) O2 - BHO: (Search Assistant BHO) - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files\GamingWonderland\bar\1.bin\gtSrcAs.dll (MindSpark) O3 - HKLM\..\Toolbar: (GamingWonderland) - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark) O3 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..\Toolbar\WebBrowser: (GamingWonderland) - {A899079D-206F-43A6-BE6A-07E0FA648EA0} - C:\Program Files\GamingWonderland\bar\1.bin\gtbar.dll (MindSpark) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro200-S500 Series\ezprint.exe () O4 - HKLM..\Run: [GamingWonderland Browser Plugin Loader] C:\Program Files\GamingWonderland\bar\1.bin\gtbrmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [GamingWonderland Search Scope Monitor] C:\Program Files\GamingWonderland\bar\1.bin\gtSrchMn.exe (MindSpark) O4 - HKLM..\Run: [lxebmon.exe] C:\Program Files\Lexmark Pro200-S500 Series\lxebmon.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000..\Run: [installIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC) O4 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000..\Run: [systemCommonvga] rundll32.exe "C:\Users\user\AppData\Local\kbdnetEnum\SystemCommonvga.dll",CRLMousePort smiapiPort File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O15 - HKU\S-1-5-21-3276012984-298645577-3270156227-1000\..Trusted Domains: upsfreight.net ([www] https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB (DellSystem.Scanner) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F3AA6F5-7D2E-4174-A285-BB759629E5D2}: DhcpNameServer = 192.168.2.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBC51C5D-A831-41E2-872B-ED7EEA27C7F7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/17 15:11:20 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012/05/15 10:59:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012/05/13 23:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\GamingWonderland [2012/05/13 13:28:04 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012/05/13 13:25:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2012/05/13 13:16:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/13 13:16:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/13 13:16:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/13 13:16:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/13 13:16:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/12 20:13:31 | 000,983,121 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lxk_gf.dll [2012/05/12 20:12:32 | 000,372,736 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXEBwupd.dll [2012/05/12 20:12:32 | 000,213,672 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXEBwupd.exe [2012/05/12 20:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark [2012/05/12 20:11:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar [2012/05/12 20:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark [2012/05/12 20:11:34 | 000,086,183 | ---- | C] (Lexmark International) -- C:\Windows\System32\LXEBcfg.dll [2012/05/12 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Pro200-S500 Series [2012/05/11 22:23:59 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.com [2012/05/11 21:59:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2012/05/11 21:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/11 21:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/11 21:59:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/11 21:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/05/09 22:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair [2012/05/09 22:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Free Window Registry Repair [2012/05/09 21:51:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ParetoLogic [2012/05/09 21:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2012/05/09 19:30:12 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/05/09 19:30:12 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/05/09 19:30:12 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/05/09 19:30:12 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/05/09 19:30:12 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/05/09 19:30:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/05/09 19:30:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/05/09 19:30:06 | 002,044,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/04/29 16:27:26 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\usbmemkeyboot [2012/04/29 01:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems [2012/04/29 01:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems [2012/04/27 20:26:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Dell [2012/04/27 20:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2012/04/27 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center [2012/04/27 20:16:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PCDr [2012/04/25 15:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark Pro200-S500 Series [2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys [2012/03/01 12:11:36 | 003,278,888 | ---- | C] (Yahoo! Inc.) -- C:\Users\user\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe ========== Files - Modified Within 30 Days ========== [2012/05/17 15:11:31 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012/05/17 15:09:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/17 15:09:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/17 15:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/05/17 14:55:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/17 14:55:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/17 11:15:23 | 098,466,176 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/16 22:45:32 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/16 22:43:13 | 000,319,179 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/05/15 10:59:52 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk [2012/05/14 23:21:14 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/14 23:21:14 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/14 23:15:18 | 2136,965,120 | -HS- | M] () -- C:\hiberfil.sys [2012/05/13 17:21:25 | 000,006,648 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat [2012/05/13 13:27:56 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012/05/12 20:18:30 | 000,209,977 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf [2012/05/12 20:12:13 | 000,001,836 | ---- | M] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK [2012/05/11 22:24:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.com [2012/05/11 21:59:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/10 02:13:46 | 000,253,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/05/05 12:02:40 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/05/05 12:02:40 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/04/28 21:02:17 | 000,130,448 | ---- | M] () -- C:\Windows\hpoins18.dat [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys ========== Files Created - No Company Name ========== [2012/05/13 13:16:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/13 13:16:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/13 13:16:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/13 13:16:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/13 13:16:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/05/12 20:13:42 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxebvs.dll [2012/05/12 20:13:39 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\lxebcoin.dll [2012/05/12 20:13:31 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxebgcfg.dll [2012/05/12 20:13:31 | 000,065,106 | ---- | C] () -- C:\Windows\System32\lxebprpr.chm [2012/05/12 20:13:29 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxebcui.dll [2012/05/12 20:13:29 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxebcuir.dll [2012/05/12 20:13:29 | 000,008,694 | ---- | C] () -- C:\Windows\System32\lxebcommuilogo_rtl.bmp [2012/05/12 20:13:29 | 000,008,694 | ---- | C] () -- C:\Windows\System32\lxebcommuilogo.bmp [2012/05/12 20:12:13 | 000,001,836 | ---- | C] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK [2012/05/12 20:11:35 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxebserv.dll [2012/05/12 20:11:35 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxebusb1.dll [2012/05/12 20:11:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxebhbn3.dll [2012/05/12 20:11:35 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxebpmui.dll [2012/05/12 20:11:35 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxeblmpm.dll [2012/05/12 20:11:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxebinpa.dll [2012/05/12 20:11:35 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEBhcp.dll [2012/05/12 20:11:35 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxebiesc.dll [2012/05/12 20:11:35 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEBinst.dll [2012/05/12 20:11:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxebih.exe [2012/05/12 20:11:35 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxebins.dll [2012/05/12 20:11:35 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxebinsb.dll [2012/05/12 20:11:35 | 000,209,977 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf [2012/05/12 20:11:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxebgrd.dll [2012/05/12 20:11:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\lxebinsr.dll [2012/05/12 20:11:35 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxebcub.dll [2012/05/12 20:11:35 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxebjswr.dll [2012/05/12 20:11:34 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxebcomc.dll [2012/05/12 20:11:34 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxebcoms.exe [2012/05/12 20:11:34 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxebcfg.exe [2012/05/12 20:11:34 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxebcomm.dll [2012/05/12 20:11:34 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxebcu.dll [2012/05/12 20:11:34 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxebcur.dll [2012/05/12 20:11:34 | 000,002,110 | ---- | C] () -- C:\Windows\System32\lxeb.loc [2012/05/11 21:59:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/29 01:35:53 | 000,001,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk [2012/03/25 19:49:17 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEBsm.dll [2012/03/25 19:49:17 | 000,023,552 | ---- | C] () -- C:\Windows\System32\LXEBsmr.dll [2011/10/10 00:12:11 | 000,130,835 | ---- | C] () -- C:\Windows\hpoins18.dat.temp [2011/10/10 00:12:11 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp [2011/07/04 17:31:45 | 000,005,120 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/27 10:30:57 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2011/06/27 10:30:57 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2011/06/27 10:30:57 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2011/06/27 10:30:57 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2011/02/03 14:31:54 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/12/26 21:33:11 | 000,130,448 | ---- | C] () -- C:\Windows\hpoins18.dat [2010/12/26 21:32:58 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat [2010/12/20 17:09:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010/12/20 17:09:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010/12/20 17:08:23 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/05/26 10:01:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/05/26 07:47:19 | 000,006,648 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FFE7D42E @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:61AAA96B < End of report >
  7. When I first disabled the AVG, I disabled it until the next reboot. While ComboFix was running it did an auto reboot. I believe the AVG came back on after this. I hope it didn't interfere with the process. Also, before posting here, I rebooted again. The error messase I listed above was still there. Here's the file: ComboFix 12-05-13.03 - user 05/13/2012 13:18:41.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1004 [GMT -4:00] Running from: c:\users\user\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\progra~1\DAILYB~2\bar\2.bin\2vBAr.dll c:\program files\DailyBibleGuide\bar\2.bin\2vBAr.dll c:\program files\DailyBibleGuide\bar\2.bin\2vSRcas.dll c:\program files\DailyBibleGuideEI c:\users\user\AppData\Local\Temp\{A245E408-39AB-473D-824B-A6CEEB689876}\fpb.tmp . . ((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 ))))))))))))))))))))))))))))))) . . 2012-05-13 00:18 . 2009-11-04 12:14 157696 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxebdrpp.dll 2012-05-13 00:13 . 2008-03-05 01:55 40960 ----a-w- c:\windows\system32\lxebvs.dll 2012-05-13 00:13 . 2010-04-13 18:41 442368 ----a-w- c:\windows\system32\lxebcoin.dll 2012-05-13 00:13 . 2009-11-09 06:59 86016 ----a-w- c:\windows\system32\lxebgcfg.dll 2012-05-13 00:13 . 2008-04-30 05:32 983121 ----a-w- c:\windows\system32\lxk_gf.dll 2012-05-13 00:13 . 2009-10-21 09:06 110592 ----a-w- c:\windows\system32\lxebcuir.dll 2012-05-13 00:13 . 2009-10-21 09:06 294912 ----a-w- c:\windows\system32\lxebcui.dll 2012-05-13 00:12 . 2010-04-14 18:55 213672 ----a-w- c:\windows\system32\LXEBwupd.exe 2012-05-13 00:12 . 2010-02-22 09:08 372736 ----a-w- c:\windows\system32\LXEBwupd.dll 2012-05-13 00:12 . 2012-05-13 00:13 -------- d-----w- c:\program files\Lexmark 2012-05-12 01:59 . 2012-05-12 01:59 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2012-05-12 01:59 . 2012-05-12 01:59 -------- d-----w- c:\programdata\Malwarebytes 2012-05-12 01:59 . 2012-05-12 01:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-12 01:59 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-10 02:02 . 2012-05-12 02:22 -------- d-----w- c:\program files\Free Window Registry Repair 2012-05-10 01:51 . 2012-05-10 01:51 -------- d-----w- c:\users\user\AppData\Roaming\ParetoLogic 2012-05-10 01:50 . 2012-05-10 01:59 -------- d-----w- c:\programdata\ParetoLogic 2012-04-29 05:35 . 2012-04-29 05:35 -------- d-----w- c:\program files\Cisco Systems 2012-04-29 05:29 . 2012-04-29 05:29 -------- d-----w- c:\programdata\Cisco Systems 2012-04-28 00:26 . 2012-04-28 00:26 -------- d-----w- c:\users\user\AppData\Roaming\Dell 2012-04-28 00:26 . 2012-04-28 00:26 -------- d-----w- c:\programdata\PCDr 2012-04-28 00:24 . 2012-04-28 00:26 -------- d-----w- c:\program files\Dell Support Center 2012-04-28 00:16 . 2012-04-28 00:16 -------- d-----w- c:\users\user\AppData\Roaming\PCDr 2012-04-25 19:55 . 2012-04-25 19:55 -------- d-----w- c:\programdata\Lexmark Pro200-S500 Series 2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 16:02 . 2012-04-02 01:31 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 16:02 . 2011-06-12 21:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-19 09:17 . 2012-03-19 09:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-02-29 15:11 . 2012-04-13 07:07 5120 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:11 . 2012-04-13 07:07 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:09 . 2012-04-13 07:07 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 13:32 . 2012-04-13 07:07 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-02-28 01:18 . 2012-04-13 07:07 1799168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 01:11 . 2012-04-13 07:07 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 01:11 . 2012-04-13 07:07 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 01:03 . 2012-04-13 07:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-22 09:25 . 2012-02-22 09:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:02] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-01 18:03] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-01 18:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll Trusted Zone: upsfreight.net\www TCP: DhcpNameServer = 192.168.2.1 192.168.1.1 DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://dell.com/support/troubleshooting/Content/Ode/pcd86.cab . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{f15ff29f-85a1-43cd-9674-e5ba40016c97} - c:\program files\DailyBibleGuide\bar\2.bin\2vSrcAs.dll Toolbar-10 - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{A73A8D1F-7E6C-45C6-90E5-2799C895CB0C}\FFOv2011-8_Setup.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="system32\drivers\acpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeARMservice] "ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AdobeFlashPlayerUpdateSvc] "ImagePath"="c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adp94xx] "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpahci] "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu320] "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdagp] "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7] "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK8] "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ApfiltrService] "ImagePath"="system32\DRIVERS\Apfiltr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arc] "ImagePath"="\SystemRoot\system32\drivers\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\arcsas] "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Audiosrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSAgent] "ImagePath"="\"c:\program files\AVG\AVG2012\AVGIDSAgent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdriverx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSFilter] "ImagePath"="system32\DRIVERS\avgidsfilterx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSHX] "ImagePath"="system32\DRIVERS\avgidshx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVGIDSShim] "ImagePath"="system32\DRIVERS\avgidsshimx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgldx86] "ImagePath"="system32\DRIVERS\avgldx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgmfx86] "ImagePath"="system32\DRIVERS\avgmfx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgrkx86] "ImagePath"="system32\DRIVERS\avgrkx86.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Avgtdix] "ImagePath"="system32\DRIVERS\avgtdix.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\avgwd] "ImagePath"="\"c:\program files\AVG\AVG2012\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\b57nd60x] "ImagePath"="system32\DRIVERS\b57nd60x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BCM43XV] "ImagePath"="system32\DRIVERS\bcmwl6.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\blbdrive] "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltLo] "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrFiltUp] "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Brserid] "ImagePath"="\SystemRoot\system32\drivers\brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrSerWdm] "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbMdm] "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BrUsbSer] "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHMODEM] "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\c:\users\user\AppData\Local\Temp\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\circlass] "ImagePath"="\SystemRoot\system32\drivers\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmBatt] "ImagePath"="system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crcdisk] "ImagePath"="system32\drivers\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Crusoe] "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CSC] "ImagePath"="system32\drivers\csc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CscService] "ServiceDll"="%SystemRoot%\System32\cscsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ctxusbm] "ImagePath"="system32\DRIVERS\ctxusbm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DFSR] "ImagePath"="%SystemRoot%\system32\DFSR.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\disk] "ImagePath"="system32\drivers\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4] "ImagePath"="system32\DRIVERS\Dot4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dot4Print] "ImagePath"="system32\DRIVERS\Dot4Prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dot4usb] "ImagePath"="system32\DRIVERS\dot4usb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\E1G60] "ImagePath"="system32\DRIVERS\E1G60I32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ecache] "ImagePath"="System32\drivers\ecache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\elxstor] "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EmdCache] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EMDMgmt] "ServiceDll"="%systemroot%\system32\emdmgmt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdc] "ImagePath"="system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\flpydisk] "ImagePath"="system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gagp30kx] "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdate] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\gupdatem] "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidBth] "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidIr] "ImagePath"="\SystemRoot\system32\drivers\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HpCISSs] "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqcxs08] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpqddsvc] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HPSLPSVC] "ServiceDll"="c:\program files\HP\Digital Imaging\bin\HPSLPSVC32.DLL" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSFHWAZL] "ImagePath"="system32\DRIVERS\VSTAZL3.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HSF_DPV] "ImagePath"="system32\DRIVERS\VSTDPV3.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ialm] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\igfx] "ImagePath"="system32\DRIVERS\igdkmd32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iirsp] "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelide] "ImagePath"="system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPNAT] "ImagePath"="system32\DRIVERS\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iScsiPrt] "ImagePath"="system32\DRIVERS\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteatapi] "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\iteraid] "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid] "ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_FC] "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SAS] "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lxebCATSCustConnectService] "ImagePath"="c:\windows\system32\spool\DRIVERS\W32X86\3\\lxebserv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lxeb_device] "ImagePath"="c:\windows\system32\lxebcoms.exe -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\megasas] "ImagePath"="\SystemRoot\system32\drivers\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MegaSR] "ImagePath"="\SystemRoot\system32\drivers\megasr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid] "ImagePath"="\SystemRoot\system32\drivers\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mraid35x] "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msahci] "ImagePath"="\SystemRoot\system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Net Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZinw12.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netbt] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NETw3v32] "ImagePath"="system32\DRIVERS\NETw3v32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NETw4v32] "ImagePath"="system32\DRIVERS\NETw4v32.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nfrd960] "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ntrigdigi] "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="\SystemRoot\system32\drivers\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parvdm] "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pcmcia] "ImagePath"="system32\DRIVERS\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pml Driver HPZ12] "ServiceDll"="c:\windows\system32\HPZipm12.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="\SystemRoot\system32\drivers\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql2300] "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql40xx] "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="system32\DRIVERS\rdpdr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serenum] "ImagePath"="system32\DRIVERS\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sermouse] "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfloppy] "ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisagp] "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid2] "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSRaid4] "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\slsvc] "ImagePath"="%SystemRoot%\system32\SLsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLUINotify] "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sscdbus] "ImagePath"="system32\DRIVERS\sscdbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\StillCam] "ImagePath"="system32\DRIVERS\serscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Symc8xx] "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_hi] "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sym_u3] "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\system32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunmp] "ImagePath"="system32\DRIVERS\tunmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35] "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uliahci] "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UlSata] "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ulsata2] "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\umbus] "ImagePath"="system32\DRIVERS\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UmRdpService] "ServiceDll"="%SystemRoot%\System32\umrdp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usb] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBCCID] "ImagePath"="system32\DRIVERS\usbccid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci] "ImagePath"="\SystemRoot\system32\drivers\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaagp] "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaC7] "ImagePath"="\SystemRoot\system32\drivers\viac7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsmraid] "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WacomPen] "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wd] "ImagePath"="\SystemRoot\system32\drivers\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\winachsf] "ImagePath"="system32\DRIVERS\VSTCNXT3.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinUSB] "ImagePath"="system32\DRIVERS\WinUSB.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiAcpi] "ImagePath"="system32\DRIVERS\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc] "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMZuneComm] "ImagePath"="\"c:\program files\Zune\WMZuneComm.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WPFFontCache_v0400] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\YahooAUService] "ImagePath"="\"c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ZuneNetworkSvc] "ImagePath"="\"c:\program files\Zune\ZuneNss.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ZuneWlanCfgSvc] "ImagePath"="\"c:\program files\Zune\ZuneWlanCfgSvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{4E192B53-FCCA-4A8E-A837-F8525C5FD8FC}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{7F3AA6F5-7D2E-4174-A285-BB759629E5D2}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{EBC51C5D-A831-41E2-872B-ED7EEA27C7F7}] . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG2012\avgwdsvc.exe c:\windows\system32\lxebcoms.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe c:\program files\HP\HP Software Update\hpwuSchd2.exe c:\windows\System32\hkcmd.exe c:\windows\System32\igfxpers.exe c:\program files\Zune\ZuneLauncher.exe c:\program files\Citrix\ICA Client\concentr.exe c:\program files\AVG\AVG2012\avgtray.exe c:\program files\Common Files\Java\Java Update\jusched.exe c:\program files\Citrix\ICA Client\wfcrun32.exe c:\program files\DellTPad\Apoint.exe c:\program files\Lexmark Pro200-S500 Series\lxebmon.exe c:\program files\Lexmark Pro200-S500 Series\ezprint.exe c:\program files\Windows Sidebar\sidebar.exe c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\DellTPad\ApMsgFwd.exe c:\program files\DellTPad\HidFind.exe c:\program files\DellTPad\Apntex.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\\?\c:\windows\system32\wbem\WMIADAP.EXE c:\program files\AVG\AVG2012\avgcfgex.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-05-13 13:34:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-13 17:33 . Pre-Run: 41,032,892,416 bytes free Post-Run: 42,644,721,664 bytes free . - - End Of File - - 8262495953805EBA832DA4A1D2166950
  8. I get an error every time I boot my laptop up. Error says: "Error loading C:\Users\user\AppData\Local\kbdnetEnum\SystemCommonvga.dll The specified module could not be found" Any suggestions? Thank You DDS.txt Attach.txt
  9. I hope I am in the correct place. If not, maybe someone can point me in the right direction. I found this site using a yahoo search engine by entering parts of my problem. "kbdnetEnum" dll error. I get an error every time I boot my laptop up. Error says: "Error loading C:\Users\user\AppData\Local\kbdnetEnum\SystemCommonvga.dll The specified module could not be found" Any suggestions? Thank You
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.