Andrew12345
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Andrew12345
-
Hi All of your instructions above have been completed. Thank you so much for you help over the past few weeks. I have given a small donation to say thank you. many thanks Andrew
-
Hi, I completed both steps above. There was 3 threats found from the ESET SCAN as follows: C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\wth175.dll.vir Win32/Toolbar.Widgi.A potentially unwanted applicationC:\Users\Andrew\Documents\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe applicationC:\Users\Andrew\Documents\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application Many thanks Andrew
-
Hi Please find below the reports from MBAM scan and Hijack this. The computer is running very good, its being very quick and responsive. Many thanks Andrew Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.02.04.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Andrew :: ANDREW-HP [administrator] 04/02/2014 14:43:34mbam-log-2014-02-04 (14-43-34).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 215051Time elapsed: 9 minute(s), 32 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) ------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4Scan saved at 15:09:55, on 04/02/2014Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16428)Boot mode: Normal Running processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exeC:\Program Files (x86)\Steam\Steam.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exeC:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Users\Andrew\Documents\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)R3 - URLSearchHook: (no name) - {90eee664-34b1-422a-a782-779af65cdf6d} - (no file)O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dllO3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeO4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exeO4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeO4 - HKLM\..\Run: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupO4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnkO4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exeO4 - HKCU\..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TBO4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exeO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeO23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exeO23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exeO23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: vToolbarUpdater17.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 17534 bytes
-
Hi Here is the report as requested. Many thanks Andrew Update for Microsoft Office 2007 (KB2508958) 4x4 Hummer ADInstruments LabChart 7.3.4 Reader Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.9) Adobe Shockwave Player 11.5 Agatha Christie - Peril at End House Apple Application Support Apple Software Update Atheros Driver Installation Program Battlefield 1942 Battlefield 1942: Secret Weapons of WWII Battlefield 1942: The Road To Rome Battlefield 2 Bejeweled 2 Deluxe Bing Bar Blackhawk Striker 2 Blasterball 3 Bounce Symphony Bully Scholarship Edition Cake Mania Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) ColdFear Compaq Setup Manager Crysis® CyberLink DVD Suite CyberLink PowerDVD 9 CyberLink YouCam D3DX10 Doom 3 Dora's World Adventure Energy Star Digital Logo ERUNT 1.1j ESET Online Scanner v3 ESU for Microsoft Windows 7 Far Cry Farm Frenzy FATE Final Drive Nitro Freewire Television Full Spectrum Warrior Ten Hammers GameSpy Comrade Ghost Recon Google Chrome Google Update Helper GTA San Andreas Hewlett-Packard ACLM.NET v1.2.1.1 HP CloudDrive HP Customer Experience Enhancements HP Documentation HP Game Console HP Games HP Photo Creations HP Power Manager HP Quick Launch HP Setup HP Software Framework HP Support Assistant Java Auto Updater Java 6 Update 31 Junk Mail filter update LabelPrint LightScribe System Software Magic Desktop Malwarebytes Anti-Malware version 1.75.0.1300 Metro 2033 Microsoft .NET Framework 1.1 Microsoft Motocross Madness Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Windows Media Video 9 VCM MSVCRT MSVCRT_amd64 Mystery P.I. - The London Caper Norton Online Backup NVIDIA PhysX Penguins! PhotoNow! PictureMover Plants vs. Zombies Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PunkBuster for Battlefield 1942 PunkBuster Services Quake 4 QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver RealUpgrade 1.1 Recovery Manager S.T.A.L.K.E.R. - Clear Sky S.T.A.L.K.E.R. - Shadow of Chernobyl Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Skype Click to Call Skype™ 6.11 Steam Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Virtual Villagers 4 - The Tree of Life Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin World Cup Cricket 20-20 YTD Toolbar v8.5 Zuma Deluxe
-
Hi The report I posted before is from Combofix.exe. Are you wanting me to run it again? Many thanks Andrew
-
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64] "ImagePath"="system32\DRIVERS\netw5v64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960] "ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOBU] "ImagePath"="\"c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe\" SERVICE" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\odserv] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394] "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport] "ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia] "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw] "ImagePath"="System32\drivers\pcw.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost] "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrA] "ImagePath"="c:\windows\system32\PnkBstrA.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power] "ServiceDll"="%SystemRoot%\system32\umpo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor] "ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300] "ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx] "ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn] "ImagePath"="system32\DRIVERS\AgileVpn.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus] "ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP] "ImagePath"="system32\drivers\rdprefmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPUDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RdpVideoMiniport] "ImagePath"="System32\drivers\rdpvideominiport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost] "ImagePath"="System32\drivers\rdyboost.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper] "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167] "ImagePath"="system32\DRIVERS\Rt64win7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtVOsdService] "ImagePath"="\"c:\program files\Realtek\RtVOsd\RtVOsdService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter] "ImagePath"="System32\DRIVERS\scfilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus] "ImagePath"="\SystemRoot\system32\drivers\sdbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc] "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum] "ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial] "ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse] "ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy] "ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2] "ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4] "ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Skype C2C Service] "ImagePath"="\"c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate] "ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc] "ImagePath"="%SystemRoot%\system32\sppsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify] "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA] "ImagePath"="system32\DRIVERS\VSTAZL6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92] "ImagePath"="system32\DRIVERS\VSTDPV6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac] "ImagePath"="system32\DRIVERS\VSTCNXT6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Steam Client Service] "ImagePath"="\"c:\program files (x86)\Common Files\Steam\SteamService.exe\" /RunAsService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor] "ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum] "ImagePath"="\SystemRoot\system32\drivers\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP] "ImagePath"="system32\DRIVERS\SynTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD] "ImagePath"="\SystemRoot\system32\drivers\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes] "ServiceDll"="%SystemRoot%\system32\themeservice.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt] "ImagePath"="system32\drivers\tsusbflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35] "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus] "ImagePath"="\SystemRoot\system32\drivers\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass] "ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBAAPL64] "ImagePath"="System32\Drivers\usbaapl64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter] "ImagePath"="system32\DRIVERS\usbfilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci] "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo] "ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot] "ImagePath"="system32\drivers\vdrvroot.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp] "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid] "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vToolbarUpdater17.2.0] "ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus] "ImagePath"="system32\DRIVERS\vwifibus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt] "ImagePath"="system32\DRIVERS\vwififlt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen] "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc] "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc] "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd] "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf] "ImagePath"="system32\DRIVERS\wfplwf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount] "ImagePath"="system32\drivers\wimmount.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb] "ImagePath"="system32\DRIVERS\WinUsb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmBEnum] "ImagePath"="system32\drivers\WmBEnum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmFilter] "ImagePath"="system32\drivers\WmFilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi] "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc] "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmVirHid] "ImagePath"="system32\drivers\WmVirHid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmXlCore] "ImagePath"="system32\drivers\WmXlCore.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc] "ServiceDll"="%SystemRoot%\System32\wwansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7] "ImagePath"="system32\DRIVERS\yk62x64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\zghsmdm] "ImagePath"="system32\DRIVERS\zghsmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1036A8EF-95C9-478D-A098-7D8AFE1ABC88}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{DE4F408B-CD19-4F79-9CAC-145B200A757F}] . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2014-01-31 00:35:17 - machine was rebooted ComboFix-quarantined-files.txt 2014-01-31 00:35 ComboFix2.txt 2014-01-22 20:30 . Pre-Run: 333,111,926,784 bytes free Post-Run: 333,147,414,528 bytes free . - - End Of File - - 63509046C3D3459E132631680ED2DDAF 42E2EE4DA8F8747AD1CDB6C8E3D55401
-
ComboFix 14-01-29.01 - Andrew 30/01/2014 23:59:39.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3835.2456 [GMT 0:00] Running from: c:\users\Andrew\Documents\Downloads\ComboFix.exe Command switches used :: c:\users\Andrew\Desktop\CFScript.txt AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\users\Andrew\AppData\Local\Temp\libsqlitejdbc-6852834466981005715.lib c:\users\Andrew\AppData\Local\Temp\swt-gdip-win32-3448.dll c:\users\Andrew\AppData\Local\Temp\swt-win32-3448.dll c:\users\Andrew\AppData\Local\Temp\WindowsAPI.dll2257906531080440341.lib . . ((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-31 ))))))))))))))))))))))))))))))) . . 2014-01-31 00:14 . 2014-01-31 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-30 00:07 . 2014-01-30 00:07 -------- d-sh--w- c:\programdata\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-01-15 13:30 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-01-15 13:30 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-01-15 13:30 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-01-15 13:30 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-01-15 13:30 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-01-15 13:30 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-01-15 13:30 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-01-15 13:30 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-01-15 13:30 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-01-04 17:21 . 2014-01-04 17:21 -------- d-----w- C:\FRST 2014-01-04 15:38 . 2014-01-04 15:38 -------- d-----w- c:\program files (x86)\ESET 2014-01-04 15:26 . 2014-01-19 18:17 -------- d-----w- C:\AdwCleaner 2014-01-04 15:05 . 2014-01-04 15:05 -------- d-----w- c:\windows\ERUNT 2014-01-04 13:53 . 2014-01-04 15:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-01-04 13:53 . 2014-01-04 13:53 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-01-04 13:51 . 2014-01-04 13:53 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-01-04 13:49 . 2014-01-04 13:49 103808 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak 2014-01-04 13:43 . 2014-01-04 23:17 -------- d-----w- c:\program files (x86)\ERUNT . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-17 11:56 . 2012-04-22 23:50 86054176 ----a-w- c:\windows\system32\MRT.exe 2013-11-26 11:54 . 2013-12-13 18:13 23183360 ----a-w- c:\windows\system32\mshtml.dll 2013-11-26 10:19 . 2013-12-13 18:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 10:18 . 2013-12-13 18:13 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 09:48 . 2013-12-13 18:13 66048 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 09:46 . 2013-12-13 18:13 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 09:41 . 2013-12-13 18:13 2764288 ----a-w- c:\windows\system32\iertutil.dll 2013-11-26 09:29 . 2013-12-13 18:13 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-11-26 09:27 . 2013-12-13 18:13 33792 ----a-w- c:\windows\system32\iernonce.dll 2013-11-26 09:23 . 2013-12-13 18:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-11-26 09:21 . 2013-12-13 18:13 574976 ----a-w- c:\windows\system32\ieui.dll 2013-11-26 09:18 . 2013-12-13 18:13 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 09:18 . 2013-12-13 18:13 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 09:16 . 2013-12-13 18:13 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:57 . 2013-12-13 18:13 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2013-11-26 08:35 . 2013-12-13 18:13 5769216 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 08:28 . 2013-12-13 18:13 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2013-11-26 08:16 . 2013-12-13 18:13 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-11-26 08:02 . 2013-12-13 18:13 1995264 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 07:48 . 2013-12-13 18:13 12996608 ----a-w- c:\windows\system32\ieframe.dll 2013-11-26 07:32 . 2013-12-13 18:13 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-11-26 07:07 . 2013-12-13 18:13 2334208 ----a-w- c:\windows\system32\wininet.dll 2013-11-26 06:40 . 2013-12-13 18:13 1395200 ----a-w- c:\windows\system32\urlmon.dll 2013-11-26 06:34 . 2013-12-13 18:13 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2013-11-26 06:33 . 2013-12-13 18:13 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2013-11-25 01:48 . 2013-11-25 01:48 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-11-23 18:26 . 2013-12-12 13:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-12 13:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-19 20:44 . 2013-11-19 20:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-11-19 20:44 . 2013-11-19 20:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-11-19 20:44 . 2013-11-19 20:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-11-19 20:44 . 2013-11-19 20:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-11-19 20:44 . 2013-11-19 20:44 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-11-19 20:44 . 2013-11-19 20:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-11-19 20:44 . 2013-11-19 20:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-11-19 20:44 . 2013-11-19 20:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-11-19 20:44 . 2013-11-19 20:44 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-11-19 20:44 . 2013-11-19 20:44 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-11-19 20:44 . 2013-11-19 20:44 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-11-19 20:44 . 2013-11-19 20:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-11-19 20:44 . 2013-11-19 20:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-11-19 20:44 . 2013-11-19 20:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-11-19 20:44 . 2013-11-19 20:44 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-11-19 20:44 . 2013-11-19 20:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-11-19 20:44 . 2013-11-19 20:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-11-19 20:44 . 2013-11-19 20:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-11-19 20:44 . 2013-11-19 20:44 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-11-19 20:44 . 2013-11-19 20:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-11-19 20:44 . 2013-11-19 20:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-11-19 20:44 . 2013-11-19 20:44 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-11-19 20:44 . 2013-11-19 20:44 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-11-19 20:44 . 2013-11-19 20:44 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-11-19 20:44 . 2013-11-19 20:44 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-11-19 20:44 . 2013-11-19 20:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-11-19 20:44 . 2013-11-19 20:44 247808 ----a-w- c:\windows\system32\msls31.dll 2013-11-19 20:44 . 2013-11-19 20:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-11-19 20:44 . 2013-11-19 20:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-11-19 20:44 . 2013-11-19 20:44 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-11-19 20:44 . 2013-11-19 20:44 195584 ----a-w- c:\windows\system32\msrating.dll 2013-11-19 20:44 . 2013-11-19 20:44 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-11-19 20:44 . 2013-11-19 20:44 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-11-19 20:44 . 2013-11-19 20:44 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-11-19 20:44 . 2013-11-19 20:44 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-11-19 20:44 . 2013-11-19 20:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-11-19 20:44 . 2013-11-19 20:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-11-19 20:44 . 2013-11-19 20:44 413696 ----a-w- c:\windows\system32\html.iec 2013-11-19 20:44 . 2013-11-19 20:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-11-19 20:44 . 2013-11-19 20:44 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-11-19 20:44 . 2013-11-19 20:44 81408 ----a-w- c:\windows\system32\icardie.dll 2013-11-19 20:44 . 2013-11-19 20:44 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-11-19 20:44 . 2013-11-19 20:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-11-19 20:44 . 2013-11-19 20:44 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-11-19 20:44 . 2013-11-19 20:44 235520 ----a-w- c:\windows\system32\url.dll 2013-11-19 20:44 . 2013-11-19 20:44 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-11-19 20:44 . 2013-11-19 20:44 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-11-19 20:44 . 2013-11-19 20:44 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-11-19 20:44 . 2013-11-19 20:44 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-11-19 20:44 . 2013-11-19 20:44 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-11-19 20:44 . 2013-11-19 20:44 143872 ----a-w- c:\windows\system32\wextract.exe 2013-11-19 20:44 . 2013-11-19 20:44 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-19 20:44 . 2013-11-19 20:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-11-19 20:44 . 2013-11-19 20:44 774144 ----a-w- c:\windows\system32\jscript.dll 2013-11-19 20:44 . 2013-11-19 20:44 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-11-19 20:44 . 2013-11-19 20:44 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-11-19 20:44 . 2013-11-19 20:44 147968 ----a-w- c:\windows\system32\occache.dll 2013-11-19 20:44 . 2013-11-19 20:44 13824 ----a-w- c:\windows\system32\mshta.exe 2013-11-19 20:44 . 2013-11-19 20:44 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-11-12 02:23 . 2013-12-12 13:27 2048 ----a-w- c:\windows\system32\tzres.dll 2013-11-12 02:07 . 2013-12-12 13:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-11-11 19:16 . 2012-09-23 22:24 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 13:47] . 2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 13:47] . 2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 13:47] . 2014-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 13:47] . 2014-01-30 c:\windows\Tasks\HPCeeScheduleForANDREW-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2014-01-30 c:\windows\Tasks\HPCeeScheduleForAndrew.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 77.244.128.44 77.244.128.45 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci] "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI] "ImagePath"="system32\drivers\ACPI.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi] "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeARMservice] "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx] "ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci] "ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320] "ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AERTFilters] "ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility] "ImagePath"="%SystemRoot%\system32\atiesrxx.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8] "ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap] "ImagePath"="system32\DRIVERS\atikmpag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM] "ImagePath"="system32\DRIVERS\amdppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata] "ImagePath"="\SystemRoot\system32\drivers\amdsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs] "ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata] "ImagePath"="system32\drivers\amdxata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amd_sata] "ImagePath"="system32\DRIVERS\amd_sata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amd_xata] "ImagePath"="system32\DRIVERS\amd_xata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\androidusb] "ImagePath"="System32\Drivers\androidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID] "ImagePath"="\SystemRoot\system32\drivers\appid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc] "ServiceDll"="%SystemRoot%\System32\appidsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Apple Mobile Device] "ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc] "ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas] "ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET_1.1.4322] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\athr] "ImagePath"="system32\DRIVERS\athrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie] "ImagePath"="system32\DRIVERS\AtiPcie64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdrivera.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA] "ImagePath"="system32\DRIVERS\avgidsha.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64] "ImagePath"="system32\DRIVERS\avgldx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga] "ImagePath"="system32\DRIVERS\avgloga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64] "ImagePath"="system32\DRIVERS\avgmfx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64] "ImagePath"="system32\DRIVERS\avgrkx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia] "ImagePath"="system32\DRIVERS\avgtdia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgtp] "ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV] "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv] "ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a] "ImagePath"="system32\DRIVERS\b57nd60a.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BBSvc] "ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BBUpdate] "ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC] "ServiceDll"="%SystemRoot%\System32\bdesvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive] "ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Bonjour Service] "ImagePath"="\"c:\program files (x86)\Bonjour\mDNSResponder.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo] "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp] "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP] "ImagePath"="system32\DRIVERS\bridge.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid] "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm] "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM] "ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv] "ServiceDll"="%SystemRoot%\system32\bthserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme] "ImagePath"="\??\c:\combofix\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom] "ImagePath"="\SystemRoot\system32\drivers\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass] "ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64] "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64] "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clwvd] "ImagePath"="system32\DRIVERS\clwvd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt] "ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG] "ImagePath"="System32\Drivers\cng.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus] "ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk] "ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctxusbm] "ImagePath"="system32\DRIVERS\ctxusbm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc] "ServiceDll"="%Systemroot%\System32\defragsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache] "ImagePath"="System32\drivers\discache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud] "ImagePath"="\SystemRoot\system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv] "ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS] "ImagePath"="%SystemRoot%\System32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor] "ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ezSharedSvc] "ImagePath"="c:\windows\System32\ezSharedSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc] "ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk] "ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends] "ImagePath"="System32\drivers\FsDepends.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol] "ImagePath"="System32\DRIVERS\fvevol.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx] "ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\GameConsoleService] "ImagePath"="\"c:\program files (x86)\HP Games\HP Game Console\GameConsoleService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\GEARAspiWDM] "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdate] "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdatem] "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir] "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService] "ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus] "ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt] "ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth] "ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr] "ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener] "ServiceDll"="%SystemRoot%\system32\ListSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider] "ServiceDll"="%SystemRoot%\system32\provsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Support Assistant Service] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Wireless Assistant Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPClientSvc] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD] "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPWMISVC] "ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy] "ImagePath"="System32\drivers\hwpolicy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt] "ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IEEtwCollectorService] "ImagePath"="%SystemRoot%\system32\IEEtwCollector.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx] "ImagePath"="system32\DRIVERS\igdkmd64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp] "ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHD64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm] "ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT] "ImagePath"="System32\drivers\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt] "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass] "ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid] "ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg] "ImagePath"="System32\Drivers\ksecpkg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk] "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService] "ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMProtector] "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMScheduler] "ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService] "ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas] "ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR] "ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass] "ImagePath"="\SystemRoot\system32\drivers\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci] "ImagePath"="system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf] "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios] "ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig] "ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap] "ImagePath"="system32\DRIVERS\ndiscap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" .
-
Hi Please find below the log report for combofix as requested. Computer is running good after running combofix. many thanks Andrew
-
Hi The above instruction (via uninstalling in safe mode) was what i completed last time and led to the internet connection failure. I have now preformed a system restore to a time before I removed either Norton or Avast. The PC now connects to the internet again. I have also managed to uninstall avast through the control panel system, so I think it is fully uninstalled and I can connect to the internet! It may be the uninstalling of norton causing the problems? (norton was pre-installed on the PC when it was purchased) Should I continue with the prior instructions now of running combofix after uninstalling norton? Many thanks Andrew
-
Hi Once avast was uninstalled again, the computer lost its ability to connect again. Its not the internet source as the same lack of connection happens on different internet sources as well, such as at home or at work. Kind Regards Andrew
-
Hi I preformed a system restore so that I could get online to download the internet repair tool above. I downloaded it and uninstalled avast once again. Once i ran the internet repair tool, AVG popped up claiming it was a trojan horse. So i followed the procedure of stopping it and have returned here for further instructions. Should I continue to run the programme and ignore AVG or have i done the correct thing following AVG's instructions? Apologies for all the hassle this is causing. Many thanks Andrew
-
Hi, Apologies for the late reply, i have had trouble with uninstalling avast anti-virus. I followed their directions online, downloading avastclear.exe and operated it in safe mode. Now ever since I uninstalled avast, my computer wont connect to the internet, it just states limited access where as other computers can connect fine, which is one I am messaging back on now. I will be trying it on another internet source later this evening, so will see how it operates there, if it fails, should I run a system restore? Apologies for the delay again Many thanks Andrew
-
------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 77.244.128.44 77.244.128.45 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci] "ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI] "ImagePath"="system32\drivers\ACPI.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi] "ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeARMservice] "ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx] "ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci] "ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320] "ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc] "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AERTFilters] "ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD] "ImagePath"="\SystemRoot\system32\drivers\afd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440] "ImagePath"="\SystemRoot\system32\drivers\agp440.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide] "ImagePath"="\SystemRoot\system32\drivers\aliide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility] "ImagePath"="%SystemRoot%\system32\atiesrxx.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide] "ImagePath"="\SystemRoot\system32\drivers\amdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8] "ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag] "ImagePath"="system32\DRIVERS\atikmdag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap] "ImagePath"="system32\DRIVERS\atikmpag.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM] "ImagePath"="system32\DRIVERS\amdppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata] "ImagePath"="\SystemRoot\system32\drivers\amdsata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs] "ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata] "ImagePath"="system32\drivers\amdxata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amd_sata] "ImagePath"="system32\DRIVERS\amd_sata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\amd_xata] "ImagePath"="system32\DRIVERS\amd_xata.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\androidusb] "ImagePath"="System32\Drivers\androidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID] "ImagePath"="\SystemRoot\system32\drivers\appid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc] "ServiceDll"="%SystemRoot%\System32\appidsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo] "ServiceDll"="%SystemRoot%\System32\appinfo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Apple Mobile Device] "ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc] "ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas] "ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET_1.1.4322] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswFsBlk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswMonFlt] "ImagePath"="\??\c:\windows\system32\drivers\aswMonFlt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswRdr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswSnx] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswSP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswTdi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi] "ImagePath"="system32\drivers\atapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\athr] "ImagePath"="system32\DRIVERS\athrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie] "ImagePath"="system32\DRIVERS\AtiPcie64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avast! Antivirus] "ImagePath"="\"c:\program files\AVAST Software\Avast\AvastSvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver] "ImagePath"="system32\DRIVERS\avgidsdrivera.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA] "ImagePath"="system32\DRIVERS\avgidsha.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64] "ImagePath"="system32\DRIVERS\avgldx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga] "ImagePath"="system32\DRIVERS\avgloga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64] "ImagePath"="system32\DRIVERS\avgmfx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64] "ImagePath"="system32\DRIVERS\avgrkx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia] "ImagePath"="system32\DRIVERS\avgtdia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgtp] "ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd] "ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV] "ServiceDll"="%SystemRoot%\System32\AxInstSV.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv] "ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a] "ImagePath"="system32\DRIVERS\b57nd60a.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC] "MofImagePath"="system32\drivers\battc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BBSvc] "ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BBUpdate] "ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC] "ServiceDll"="%SystemRoot%\System32\bdesvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE] "ServiceDll"="%SystemRoot%\System32\bfe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BHDrvx64] "ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive] "ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Bonjour Service] "ImagePath"="\"c:\program files (x86)\Bonjour\mDNSResponder.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser] "ImagePath"="system32\DRIVERS\bowser.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo] "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp] "ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP] "ImagePath"="system32\DRIVERS\bridge.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid] "ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm] "ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer] "ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM] "ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv] "ServiceDll"="%SystemRoot%\system32\bthserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme] "ImagePath"="\??\c:\combofix\catchme.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs] "ImagePath"="system32\DRIVERS\cdfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom] "ImagePath"="\SystemRoot\system32\drivers\cdrom.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass] "ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS] "ImagePath"="System32\CLFS.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32] "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64] "ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64] "ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\clwvd] "ImagePath"="system32\DRIVERS\clwvd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt] "ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide] "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG] "ImagePath"="System32\Drivers\cng.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus] "ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp] "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk] "ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc] "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctxusbm] "ImagePath"="system32\DRIVERS\ctxusbm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc] "ServiceDll"="%Systemroot%\System32\defragsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC] "ImagePath"="System32\Drivers\dfsc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp] "ServiceDll"="%SystemRoot%\system32\dhcpcore.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache] "ImagePath"="System32\drivers\discache.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS] "ServiceDll"="%SystemRoot%\system32\dps.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud] "ImagePath"="\SystemRoot\system32\drivers\drmkaud.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl] "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv] "ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\eeCtrl] "ImagePath"="\??\c:\program files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS] "ImagePath"="%SystemRoot%\System32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr] "ImagePath"="%systemroot%\ehome\ehRecvr.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched] "ImagePath"="%systemroot%\ehome\ehsched.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor] "ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev] "ImagePath"="\SystemRoot\system32\drivers\errdev.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog] "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem] "ServiceDll"="%systemroot%\system32\es.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ezSharedSvc] "ImagePath"="c:\windows\System32\ezSharedSvcHost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc] "ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost] "ServiceDll"="%SystemRoot%\system32\fdPHost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub] "ServiceDll"="%SystemRoot%\system32\fdrespub.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo] "ImagePath"="system32\drivers\fileinfo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace] "ImagePath"="system32\drivers\filetrace.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk] "ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache] "ServiceDll"="%SystemRoot%\system32\FntCache.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0] "ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends] "ImagePath"="System32\drivers\FsDepends.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol] "ImagePath"="System32\DRIVERS\fvevol.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx] "ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\GameConsoleService] "ImagePath"="\"c:\program files (x86)\HP Games\HP Game Console\GameConsoleService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\GEARAspiWDM] "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc] "ServiceDll"="%SystemRoot%\System32\gpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdate] "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdatem] "ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir] "ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService] "ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus] "ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt] "ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth] "ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr] "ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc] "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener] "ServiceDll"="%SystemRoot%\system32\ListSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider] "ServiceDll"="%SystemRoot%\system32\provsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Support Assistant Service] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Wireless Assistant Service] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPClientSvc] "ImagePath"="\"c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex] "ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD] "ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPWMISVC] "ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP] "ImagePath"="system32\drivers\HTTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy] "ImagePath"="System32\drivers\hwpolicy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt] "ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV] "ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDSVia64] "ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IEEtwCollectorService] "ImagePath"="%SystemRoot%\system32\IEEtwCollector.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx] "ImagePath"="system32\DRIVERS\igdkmd64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp] "ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT] "ServiceDll"="%SystemRoot%\System32\ikeext.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService] "ImagePath"="system32\drivers\RTKVHD64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide] "ImagePath"="\SystemRoot\system32\drivers\intelide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm] "ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum] "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc] "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV] "ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT] "ImagePath"="System32\drivers\ipnat.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM] "ImagePath"="system32\drivers\irenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp] "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt] "ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass] "ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid] "ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD] "ImagePath"="System32\Drivers\ksecdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg] "ImagePath"="System32\Drivers\ksecpkg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk] "ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm] "ServiceDll"="%systemroot%\system32\msdtckrm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService] "ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio] "ImagePath"="system32\DRIVERS\lltdio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc] "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI] "ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv] "ImagePath"="\SystemRoot\system32\drivers\luafv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMProtector] "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMScheduler] "ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService] "ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc] "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas] "ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR] "ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem] "ImagePath"="system32\drivers\modem.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor] "ImagePath"="system32\DRIVERS\monitor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass] "ImagePath"="\SystemRoot\system32\drivers\mouclass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr] "ImagePath"="System32\drivers\mountmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio] "ImagePath"="\SystemRoot\system32\drivers\mpio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv] "ImagePath"="System32\drivers\mpsdrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc] "ServiceDll"="%SystemRoot%\system32\mpssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV] "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10] "ImagePath"="system32\DRIVERS\mrxsmb10.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20] "ImagePath"="system32\DRIVERS\mrxsmb20.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci] "ImagePath"="system32\drivers\msahci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm] "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC] "ImagePath"="%SystemRoot%\System32\msdtc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf] "ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv] "ImagePath"="system32\drivers\msisadrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI] "ServiceDll"="%systemroot%\system32\iscsiexe.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver] "ImagePath"="%systemroot%\system32\msiexec.exe /V" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios] "ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig] "ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup] "ImagePath"="System32\Drivers\mup.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent] "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP] "ImagePath"="system32\DRIVERS\nwifi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAVENG] "ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\ENG64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAVEX15] "ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\EX64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS] "ImagePath"="system32\drivers\ndis.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap] "ImagePath"="system32\DRIVERS\ndiscap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm] "ServiceDll"="%SystemRoot%\System32\netprofm.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing] "ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64] "ImagePath"="system32\DRIVERS\netw5v64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960] "ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc] "ServiceDll"="%SystemRoot%\System32\nlasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOBU] "ImagePath"="\"c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe\" SERVICE" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi] "ServiceDll"="%systemroot%\system32\nsisvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy] "ImagePath"="system32\drivers\nsiproxy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid] "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor] "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp] "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\odserv] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394] "ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose] "ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc] "ServiceDll"="%SystemRoot%\system32\p2psvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport] "ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr] "ImagePath"="System32\drivers\partmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc] "ServiceDll"="%SystemRoot%\System32\pcasvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci] "ImagePath"="system32\drivers\pci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide] "ImagePath"="\SystemRoot\system32\drivers\pciide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia] "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw] "ImagePath"="System32\drivers\pcw.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH] "ImagePath"="system32\drivers\peauth.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost] "ImagePath"="%SystemRoot%\SysWow64\perfhost.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla] "ServiceDll"="%systemroot%\system32\pla.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay] "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrA] "ImagePath"="c:\windows\system32\PnkBstrA.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg] "ServiceDll"="%SystemRoot%\system32\pnrpauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc] "ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent] "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power] "ServiceDll"="%SystemRoot%\system32\umpo.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor] "ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc] "ServiceDll"="%systemroot%\system32\profsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched] "ImagePath"="system32\DRIVERS\pacer.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300] "ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx] "ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE] "ServiceDll"="%windir%\system32\qwave.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv] "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn] "ImagePath"="system32\DRIVERS\AgileVpn.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp] "ImagePath"="system32\DRIVERS\rassstp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus] "ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD] "ImagePath"="system32\drivers\rdpencdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP] "ImagePath"="system32\drivers\rdprefmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPUDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RdpVideoMiniport] "ImagePath"="System32\drivers\rdpvideominiport.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost] "ImagePath"="System32\drivers\rdyboost.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess] "ServiceDLL"="%SystemRoot%\System32\mprdim.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper] "ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr] "ImagePath"="system32\DRIVERS\rspndr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167] "ImagePath"="system32\DRIVERS\Rt64win7.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtVOsdService] "ImagePath"="\"c:\program files\Realtek\RtVOsd\RtVOsdService.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port] "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr] "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter] "ImagePath"="System32\DRIVERS\scfilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule] "ServiceDll"="%systemroot%\system32\schedsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc] "ServiceDll"="%SystemRoot%\System32\certprop.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus] "ImagePath"="\SystemRoot\system32\drivers\sdbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC] "ServiceDll"="%Systemroot%\System32\SDRSVC.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon] "ServiceDll"="%windir%\system32\seclogon.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc] "ServiceDll"="%SystemRoot%\system32\sensrsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum] "ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial] "ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse] "ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv] "ServiceDLL"="%SystemRoot%\system32\sessenv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk] "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc] "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd] "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy] "ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2] "ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4] "ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Skype C2C Service] "ImagePath"="\"c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate] "ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb] "ImagePath"="system32\DRIVERS\smb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP] "ImagePath"="%SystemRoot%\System32\snmptrap.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler] "ImagePath"="%SystemRoot%\System32\spoolsv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc] "ImagePath"="%SystemRoot%\system32\sppsvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify] "ServiceDll"="%SystemRoot%\system32\sppuinotify.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SRTSP] "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SRTSPX] "ImagePath"="\SystemRoot\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv] "ImagePath"="System32\DRIVERS\srv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2] "ImagePath"="System32\DRIVERS\srv2.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA] "ImagePath"="system32\DRIVERS\VSTAZL6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92] "ImagePath"="system32\DRIVERS\VSTDPV6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac] "ImagePath"="system32\DRIVERS\VSTCNXT6.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet] "ImagePath"="System32\DRIVERS\srvnet.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc] "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Steam Client Service] "ImagePath"="\"c:\program files (x86)\Common Files\Steam\SteamService.exe\" /RunAsService" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor] "ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc] "ServiceDll"="%SystemRoot%\System32\wiaservc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum] "ImagePath"="\SystemRoot\system32\drivers\swenum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv] "ServiceDll"="%Systemroot%\System32\swprv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymDS] "ImagePath"="system32\drivers\NISx64\1207000.00D\SYMDS64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEFA] "ImagePath"="system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEvent] "ImagePath"="\??\c:\windows\system32\Drivers\SYMEVENT64x86.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymIRON] "ImagePath"="\SystemRoot\system32\drivers\NISx64\1207000.00D\Ironx64.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymNetS] "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP] "ImagePath"="system32\DRIVERS\SynTP.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain] "ServiceDll"="%systemroot%\system32\sysmain.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService] "ServiceDll"="%SystemRoot%\System32\TabSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS] "ServiceDll"="%SystemRoot%\System32\tbssvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip] "ImagePath"="System32\drivers\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6] "ImagePath"="system32\DRIVERS\tcpip.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg] "ImagePath"="System32\drivers\tcpipreg.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE] "ImagePath"="system32\drivers\tdpipe.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP] "ImagePath"="system32\drivers\tdtcp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx] "ImagePath"="system32\DRIVERS\tdx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD] "ImagePath"="\SystemRoot\system32\drivers\termdd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes] "ServiceDll"="%SystemRoot%\system32\themeservice.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER] "ServiceDll"="%SystemRoot%\system32\mmcss.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks] "ServiceDll"="%SystemRoot%\System32\trkwks.dll" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller] "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv] "ImagePath"="System32\DRIVERS\tssecsrv.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt] "ImagePath"="system32\drivers\tsusbflt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel] "ImagePath"="system32\DRIVERS\tunnel.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35] "ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs] "ImagePath"="system32\DRIVERS\udfs.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect] "ImagePath"="%SystemRoot%\system32\UI0Detect.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx] "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus] "ImagePath"="\SystemRoot\system32\drivers\umbus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass] "ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBAAPL64] "ImagePath"="System32\Drivers\usbaapl64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir] "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter] "ImagePath"="system32\DRIVERS\usbfilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci] "ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo] "ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms] "ServiceDll"="%SystemRoot%\System32\uxsms.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc] "ImagePath"="%SystemRoot%\system32\lsass.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot] "ImagePath"="system32\drivers\vdrvroot.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds] "ImagePath"="%SystemRoot%\System32\vds.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga] "ImagePath"="system32\DRIVERS\vgapnp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp] "ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide] "ImagePath"="\SystemRoot\system32\drivers\viaide.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr] "ImagePath"="system32\drivers\volmgr.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx] "ImagePath"="System32\drivers\volmgrx.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap] "ImagePath"="system32\drivers\volsnap.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid] "ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS] "ImagePath"="%systemroot%\system32\vssvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vToolbarUpdater17.2.0] "ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus] "ImagePath"="system32\DRIVERS\vwifibus.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt] "ImagePath"="system32\DRIVERS\vwififlt.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen] "ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6] "ImagePath"="system32\DRIVERS\wanarp.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc] "ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine] "ImagePath"="\"%systemroot%\system32\wbengine.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc] "ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc] "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService] "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd] "ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000] "ImagePath"="system32\drivers\Wdf01000.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost] "ServiceDll"="%SystemRoot%\system32\wdi.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc] "ServiceDll"="%SystemRoot%\system32\wecsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport] "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc] "ServiceDll"="%SystemRoot%\System32\WerSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf] "ImagePath"="system32\DRIVERS\wfplwf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount] "ImagePath"="system32\drivers\wimmount.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend] "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc] "ServiceDll"="winhttp.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM] "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb] "ImagePath"="system32\DRIVERS\WinUsb.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc] "ServiceDll"="%SystemRoot%\System32\wlansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmBEnum] "ImagePath"="system32\drivers\WmBEnum.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmFilter] "ImagePath"="system32\drivers\WmFilter.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi] "ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv] "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc] "ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmVirHid] "ImagePath"="system32\drivers\WmVirHid.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmXlCore] "ImagePath"="system32\drivers\WmXlCore.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc] "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum] "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl] "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch] "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv] "ServiceDll"="%systemroot%\system32\wuaueng.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf] "ImagePath"="system32\drivers\WudfPf.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd] "ImagePath"="system32\DRIVERS\WUDFRd.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc] "ServiceDll"="%SystemRoot%\System32\wwansvc.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7] "ImagePath"="system32\DRIVERS\yk62x64.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\zghsmdm] "ImagePath"="system32\DRIVERS\zghsmdm.sys" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1036A8EF-95C9-478D-A098-7D8AFE1ABC88}] . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{DE4F408B-CD19-4F79-9CAC-145B200A757F}] . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\ezSharedSvcHost.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2014-01-22 20:30:26 - machine was rebooted ComboFix-quarantined-files.txt 2014-01-22 20:30 . Pre-Run: 332,893,515,776 bytes free Post-Run: 333,701,931,008 bytes free . - - End Of File - - 5F11CBEF5BE10376981FE58E502C3636 42E2EE4DA8F8747AD1CDB6C8E3D55401
-
omboFix 14-01-22.01 - Andrew 22/01/2014 20:08:32.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3835.2417 [GMT 0:00] Running from: c:\users\Andrew\Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\prefs.js c:\users\Andrew\AppData\Local\Temp\libsqlitejdbc-336002140722856400.lib c:\users\Andrew\AppData\Local\Temp\swt-gdip-win32-3448.dll c:\users\Andrew\AppData\Local\Temp\swt-win32-3448.dll c:\users\Andrew\AppData\Local\Temp\WindowsAPI.dll574784018187710279.lib . . ((((((((((((((((((((((((( Files Created from 2013-12-22 to 2014-01-22 ))))))))))))))))))))))))))))))) . . 2014-01-22 20:20 . 2014-01-22 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-15 13:30 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-01-15 13:30 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-01-15 13:30 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-01-15 13:30 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-01-15 13:30 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-01-15 13:30 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-01-15 13:30 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-01-15 13:30 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-01-15 13:30 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-01-04 17:21 . 2014-01-04 17:21 -------- d-----w- C:\FRST 2014-01-04 15:38 . 2014-01-04 15:38 -------- d-----w- c:\program files (x86)\ESET 2014-01-04 15:26 . 2014-01-19 18:17 -------- d-----w- C:\AdwCleaner 2014-01-04 15:05 . 2014-01-04 15:05 -------- d-----w- c:\windows\ERUNT 2014-01-04 13:53 . 2014-01-04 15:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2014-01-04 13:53 . 2014-01-04 13:53 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2014-01-04 13:51 . 2014-01-04 13:53 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-01-04 13:49 . 2014-01-04 13:49 103808 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak 2014-01-04 13:43 . 2014-01-04 23:17 -------- d-----w- c:\program files (x86)\ERUNT 2013-12-31 02:19 . 2014-01-04 23:17 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP 2013-12-30 14:13 . 2013-12-30 14:13 -------- d-----w- c:\programdata\Wild Tangent . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-17 11:56 . 2012-04-22 23:50 86054176 ----a-w- c:\windows\system32\MRT.exe 2013-11-26 11:54 . 2013-12-13 18:13 23183360 ----a-w- c:\windows\system32\mshtml.dll 2013-11-26 10:19 . 2013-12-13 18:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 10:18 . 2013-12-13 18:13 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 09:48 . 2013-12-13 18:13 66048 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 09:46 . 2013-12-13 18:13 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 09:41 . 2013-12-13 18:13 2764288 ----a-w- c:\windows\system32\iertutil.dll 2013-11-26 09:29 . 2013-12-13 18:13 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-11-26 09:27 . 2013-12-13 18:13 33792 ----a-w- c:\windows\system32\iernonce.dll 2013-11-26 09:23 . 2013-12-13 18:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-11-26 09:21 . 2013-12-13 18:13 574976 ----a-w- c:\windows\system32\ieui.dll 2013-11-26 09:18 . 2013-12-13 18:13 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 09:18 . 2013-12-13 18:13 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 09:16 . 2013-12-13 18:13 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:57 . 2013-12-13 18:13 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2013-11-26 08:35 . 2013-12-13 18:13 5769216 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 08:28 . 2013-12-13 18:13 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2013-11-26 08:16 . 2013-12-13 18:13 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-11-26 08:02 . 2013-12-13 18:13 1995264 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 07:48 . 2013-12-13 18:13 12996608 ----a-w- c:\windows\system32\ieframe.dll 2013-11-26 07:32 . 2013-12-13 18:13 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-11-26 07:07 . 2013-12-13 18:13 2334208 ----a-w- c:\windows\system32\wininet.dll 2013-11-26 06:40 . 2013-12-13 18:13 1395200 ----a-w- c:\windows\system32\urlmon.dll 2013-11-26 06:34 . 2013-12-13 18:13 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2013-11-26 06:33 . 2013-12-13 18:13 1820160 ----a-w- c:\windows\SysWow64\wininet.dll 2013-11-25 01:48 . 2013-11-25 01:48 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2013-11-23 18:26 . 2013-12-12 13:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-11-23 17:47 . 2013-12-12 13:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-11-19 20:44 . 2013-11-19 20:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-11-19 20:44 . 2013-11-19 20:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-11-19 20:44 . 2013-11-19 20:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-11-19 20:44 . 2013-11-19 20:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-11-19 20:44 . 2013-11-19 20:44 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-11-19 20:44 . 2013-11-19 20:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-11-19 20:44 . 2013-11-19 20:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-11-19 20:44 . 2013-11-19 20:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-11-19 20:44 . 2013-11-19 20:44 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-11-19 20:44 . 2013-11-19 20:44 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-11-19 20:44 . 2013-11-19 20:44 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-11-19 20:44 . 2013-11-19 20:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-11-19 20:44 . 2013-11-19 20:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-11-19 20:44 . 2013-11-19 20:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-11-19 20:44 . 2013-11-19 20:44 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-11-19 20:44 . 2013-11-19 20:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-11-19 20:44 . 2013-11-19 20:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-11-19 20:44 . 2013-11-19 20:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-11-19 20:44 . 2013-11-19 20:44 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-11-19 20:44 . 2013-11-19 20:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-11-19 20:44 . 2013-11-19 20:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-11-19 20:44 . 2013-11-19 20:44 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-11-19 20:44 . 2013-11-19 20:44 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-11-19 20:44 . 2013-11-19 20:44 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-11-19 20:44 . 2013-11-19 20:44 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-11-19 20:44 . 2013-11-19 20:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-11-19 20:44 . 2013-11-19 20:44 247808 ----a-w- c:\windows\system32\msls31.dll 2013-11-19 20:44 . 2013-11-19 20:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-11-19 20:44 . 2013-11-19 20:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-11-19 20:44 . 2013-11-19 20:44 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-11-19 20:44 . 2013-11-19 20:44 195584 ----a-w- c:\windows\system32\msrating.dll 2013-11-19 20:44 . 2013-11-19 20:44 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-11-19 20:44 . 2013-11-19 20:44 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-11-19 20:44 . 2013-11-19 20:44 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-11-19 20:44 . 2013-11-19 20:44 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-11-19 20:44 . 2013-11-19 20:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-11-19 20:44 . 2013-11-19 20:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-11-19 20:44 . 2013-11-19 20:44 413696 ----a-w- c:\windows\system32\html.iec 2013-11-19 20:44 . 2013-11-19 20:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-11-19 20:44 . 2013-11-19 20:44 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-11-19 20:44 . 2013-11-19 20:44 81408 ----a-w- c:\windows\system32\icardie.dll 2013-11-19 20:44 . 2013-11-19 20:44 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-11-19 20:44 . 2013-11-19 20:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-11-19 20:44 . 2013-11-19 20:44 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-11-19 20:44 . 2013-11-19 20:44 235520 ----a-w- c:\windows\system32\url.dll 2013-11-19 20:44 . 2013-11-19 20:44 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-11-19 20:44 . 2013-11-19 20:44 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-11-19 20:44 . 2013-11-19 20:44 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-11-19 20:44 . 2013-11-19 20:44 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-11-19 20:44 . 2013-11-19 20:44 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-11-19 20:44 . 2013-11-19 20:44 143872 ----a-w- c:\windows\system32\wextract.exe 2013-11-19 20:44 . 2013-11-19 20:44 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-19 20:44 . 2013-11-19 20:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-11-19 20:44 . 2013-11-19 20:44 774144 ----a-w- c:\windows\system32\jscript.dll 2013-11-19 20:44 . 2013-11-19 20:44 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-11-19 20:44 . 2013-11-19 20:44 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-11-19 20:44 . 2013-11-19 20:44 147968 ----a-w- c:\windows\system32\occache.dll 2013-11-19 20:44 . 2013-11-19 20:44 13824 ----a-w- c:\windows\system32\mshta.exe 2013-11-19 20:44 . 2013-11-19 20:44 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-11-12 02:23 . 2013-12-12 13:27 2048 ----a-w- c:\windows\system32\tzres.dll 2013-11-12 02:07 . 2013-12-12 13:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-11-11 19:16 . 2012-09-23 22:24 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-10-30 02:32 . 2013-12-12 13:27 335360 ----a-w- c:\windows\system32\msieftp.dll 2013-10-30 02:19 . 2013-12-12 13:27 301568 ----a-w- c:\windows\SysWow64\msieftp.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run "TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x] R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207000.00D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207000.00D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [x] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 13:47] . 2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 13:47] . 2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 13:47] . 2014-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job - c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 13:47] . 2013-12-27 c:\windows\Tasks\HPCeeScheduleForANDREW-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2014-01-21 c:\windows\Tasks\HPCeeScheduleForAndrew.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536] .
-
Hi Please find below the log for combofix. There was no problems during the scan. The computer is running good, there is no pop ups which was the original problem. The YTD toolbar file is still present when viewing the uninstall a programme from the control panel. But the overall performance of the computer is great. many thanks Andrew
-
Hi Here are the two reports as requested. The computer is running good at the moment, no pop ups and I'm happy with its performance. The YTD toolbar is still present under programmes and features, however it seems to have no effect on the PC. many thanks Andrew # AdwCleaner v3.017 - Report created 19/01/2014 at 18:17:22 # Updated 12/01/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Andrew - ANDREW-HP # Running from : C:\Users\Andrew\Documents\Downloads\AdwCleaner (1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v [ File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [12269 octets] - [04/01/2014 15:28:24] AdwCleaner[R1].txt - [890 octets] - [19/01/2014 18:15:56] AdwCleaner[s0].txt - [12350 octets] - [04/01/2014 15:30:56] AdwCleaner[s1].txt - [812 octets] - [19/01/2014 18:17:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [871 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Home Premium x64 Ran by Andrew on 20/01/2014 at 0:03:12.62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 20/01/2014 at 0:20:05.24 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Hi I followed the steps above, and the following comes up (I was connected to the internet when carrying it out): C:\Qoobox\ refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or your network, and try again. If still cannot be located, the information might have been moved to a different location. Also could today my anti-virus popped up with FRST.exe as a trojan horse. MSIL2.ITN is the name of the trojan horse in the virus vault on my anti-virus system. The anti-virus has dealt with the trojan and removed it. Is there anything else I should do on this matter? Many thanks Andrew
-
Hi, Here is the results of the first scan. As for the running of the PC, it seems ok, however the unwanted file is present when I go onto [control panel> un-install a programme]. However the random surveys and websites that popped up have not been appearing for a few weeks now. Sorry for putting the information up in several posts, I had to do this as it said the post was too big if all the information was in one post. Many thanks Andrew
-
Addition.txt: ==================== Security Center ======================== AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft) 4x4 Hummer (x32 Version: 1.00.0000 - 1C Company) ADInstruments LabChart 7.3.4 Reader (x32 Version: 7.3.4400 - ADInstruments) Adobe Flash Player 10 ActiveX (x32 Version: 10.3.183.10 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171 - Adobe Systems Incorporated) Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated) Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612 - Adobe Systems, Inc) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden Apple Application Support (x32 Version: 2.0.1 - Apple Inc.) Apple Mobile Device Support (Version: 3.4.1.2 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) Atheros Driver Installation Program (x32 Version: 9.0 - Atheros) ATI Catalyst Install Manager (Version: 3.0.790.0 - ATI Technologies, Inc.) avast! Free Antivirus (x32 Version: 6.0.1367.0 - AVAST Software) AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden AVG 2013 (Version: 13.0.3658 - AVG Technologies) Hidden AVG 2013 (Version: 2013.0.3462 - AVG Technologies) Battlefield 1942: Secret Weapons of WWII (x32 Version: - ) Battlefield 1942: The Road To Rome (x32 Version: - ) Battlefield 2 (x32 Version: - ) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Bing Bar (x32 Version: 7.2.241.0 - Microsoft Corporation) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden Bonjour (Version: 3.0.0.2 - Apple Inc.) Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) Hidden Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0929.2212.37971 - ATI) Hidden Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0929.2212.37971 - ATI) Hidden Catalyst Control Center InstallProxy (x32 Version: 2010.0929.2212.37971 - ATI Technologies, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2010.0929.2212.37971 - ATI) Hidden CCC Help Chinese Standard (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Chinese Traditional (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Czech (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Danish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Dutch (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help English (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Finnish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help French (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help German (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Greek (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Hungarian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Italian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Japanese (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Korean (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Norwegian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Polish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Portuguese (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Russian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Spanish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Swedish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Thai (x32 Version: 2010.0929.2211.37971 - ATI) Hidden CCC Help Turkish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden ccc-core-static (x32 Version: 2010.0929.2212.37971 - ATI) Hidden ccc-utility64 (Version: 2010.0929.2212.37971 - ATI) Hidden Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Citrix online plug-in - web (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Citrix online plug-in (DV) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden Citrix online plug-in (HDX) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden Citrix online plug-in (USB) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden Citrix online plug-in (Web) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden ColdFear (x32 Version: 1.00.0000 - Ubisoft) Compaq Setup Manager (x32 Version: 1.0.12844.3519 - Hewlett-Packard Company) Crysis® (x32 Version: 1.00.0000 - Electronic Arts) CyberLink DVD Suite (x32 Version: 7.0.3320 - CyberLink Corp.) CyberLink DVD Suite (x32 Version: 7.0.3320 - CyberLink Corp.) Hidden CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.) CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.) Hidden CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Doom 3 (x32 Version: 1.00.0000 - Activision) Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard) ERUNT 1.1j (x32 Version: - Lars Hederer) ESET Online Scanner v3 (x32 Version: - ) ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard) Far Cry (x32 Version: 1.00.0000 - Ubisoft) Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden Freewire Television (x32 Version: 2.15.0.0 - Freewire) Full Spectrum Warrior Ten Hammers (x32 Version: 1.0.0 - Pandemic Studios LLC) GameSpy Comrade (x32 Version: 1.5.0.156 - GameSpy) Ghost Recon (x32 Version: - ) Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GTA San Andreas (x32 Version: 1.00.00001 - Rockstar Games) Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden HP CloudDrive (x32 Version: - Zecter Inc.) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (x32 Version: 1.1.2.1 - Hewlett-Packard) HP Game Console (x32 Version: - WildTangent) Hidden HP Games (x32 Version: 1.0.1.5 - WildTangent) HP Photo Creations (x32 Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife) HP Power Manager (x32 Version: 1.1.2 - Hewlett-Packard Company) HP Quick Launch (x32 Version: 2.3.6 - Hewlett-Packard Company) HP Setup (x32 Version: 8.4.4400.3525 - Hewlett-Packard Company) HP Software Framework (x32 Version: 4.0.108.1 - Hewlett-Packard Company) HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company) HP Wireless Assistant (Version: 4.0.10.0 - Hewlett-Packard Company) iTunes (Version: 10.4.1.10 - Apple Inc.) Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden Java 6 Update 21 (64-bit) (Version: 6.0.210 - Oracle) Java 6 Update 31 (x32 Version: 6.0.310 - Oracle) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden LightScribe System Software (x32 Version: 1.18.18.1 - LightScribe) Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech) Magic Desktop (x32 Version: 3.0 - EasyBits Software AS) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Metro 2033 (x32 Version: - THQ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Motocross Madness (x32 Version: - ) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Microsoft Windows Media Video 9 VCM (x32 Version: - ) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden Norton Internet Security (x32 Version: 18.7.0.13 - Symantec Corporation) Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation) NVIDIA PhysX (x32 Version: 9.10.0222 - NVIDIA Corporation) Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden PictureMover (x32 Version: 3.5.0.33 - Hewlett-Packard Company) Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden PunkBuster for Battlefield 1942 (x32 Version: - ) PunkBuster Services (x32 Version: 0.986 - Even Balance, Inc.) Quake 4 (x32 Version: 1.0 - Activision) Quake 4 (x32 Version: 1.0 - Activision) Hidden QuickTime (x32 Version: 7.70.80.34 - Apple Inc.) RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (x32 Version: - RealNetworks) Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010 - Realtek) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206 - Realtek Semiconductor Corp.) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden RtVOsd (Version: 1.0.6 - Realtek Semiconductor Corp.) S.T.A.L.K.E.R. - Clear Sky (x32 Version: 1.0001 - Deep Silver) S.T.A.L.K.E.R. - Shadow of Chernobyl (x32 Version: 1.0000 - THQ) Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.) Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.) Steam (x32 Version: 1.0.0.0 - Valve Corporation) Synaptics Pointing Device Driver (Version: 15.1.6.64 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp) World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden YTD Toolbar v8.5 (x32 Version: 8.5 - Spigot, Inc.) Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden ==================== Restore Points ========================= 19-11-2013 20:40:43 Windows Update 30-11-2013 12:14:39 Scheduled Checkpoint 13-12-2013 18:11:32 Windows Update 15-12-2013 13:30:44 Windows Update 02-01-2014 19:30:48 Removed YTD Toolbar v8.5. 02-01-2014 19:36:11 Removed YTD Toolbar v8.5. 04-01-2014 12:49:45 Removed YTD Toolbar v8.5. 04-01-2014 12:52:25 Removed YTD Toolbar v8.5. 04-01-2014 12:54:11 Removed YTD Toolbar v8.5. 04-01-2014 12:55:13 Removed YTD Toolbar v8.5. 04-01-2014 13:07:01 Removed YTD Toolbar v8.5. ==================== Hosts content: ========================== 2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05F13195-9D20-4CB2-B1F2-B7C24D1C5A37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNCF267864 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {09B59B6E-14A5-492C-8033-275EEBC35401} - \Scheduled Update for Ask Toolbar No Task File Task: {0B853B96-C68A-476D-A11D-E3B0070EDAEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_NetworkCheck.exe [2013-12-12] (Hewlett-Packard) Task: {14042329-E69E-4A0D-B779-2B779E7511E7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3657174505-1360388305-3814514265-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-11-08] (RealNetworks, Inc.) Task: {238EEDCD-4257-479B-A641-80282B8D738F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-09-29] (CyberLink) Task: {3118564B-376B-4630-8BEC-CF75E85F9F27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN34U148QM => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {44482FCC-702B-4F1C-BA48-F4266E95BE5F} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2011-12-02] (RealNetworks, Inc.) Task: {51C56E57-01E4-4EE8-A04C-A3920C4C08E1} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.0.13 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\symerr.exe [2012-01-27] (Symantec Corporation) Task: {53E6F6EB-9FFD-4A04-80CD-56B6C171F173} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.) Task: {5B3B3FDF-6828-479D-B0D9-61FCC0B174BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company) Task: {63419603-CFAE-44FF-8C6A-7836F409BA20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {703FF9AD-EEEA-403E-9549-833E7C75B3DB} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{28B96B25-4954-4229-A995-7D2ACFD6D2F6}.exe Task: {71C02D59-01F8-47FE-8710-36DA4FD68647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.) Task: {ACB1D1BF-0AEF-400A-9E58-55EF0EC0EB85} - System32\Tasks\{FEF75F2E-312E-4BA8-A91D-DA6F11E77752} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.116.259/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered Task: {B032395E-DAD5-475F-9506-87617DC54EF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {BC78BFC3-B089-4C09-BB5B-5CBC8C3C5F89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.) Task: {BEC4D5CA-72DE-44AC-A488-4424B13EA200} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] () Task: {BF031AF2-CB5B-4432-A61D-61AC7742B390} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH3761219X => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {C3588230-F4FD-4E0A-A544-62C2553DAA5A} - System32\Tasks\Google Updater and Installer => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.) Task: {C3E362A3-184E-41B5-8FEF-429E86DD3767} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {CD8B5AE6-196B-49FA-8268-BB003C18031A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {D08DBF33-6096-4F3E-A485-8EF1C243CECF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {D70A9DE9-5741-44C3-9AA8-4DFC7F913474} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.) Task: {DAA47A98-000E-4ABD-AF8F-A3B0C2556701} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {EAE2483E-6F22-4420-822E-CE1CD3BA8926} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3657174505-1360388305-3814514265-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-11-08] (RealNetworks, Inc.) Task: {EE56BBBE-D119-4F4D-8B20-F0A6212F452E} - System32\Tasks\Symantec\Norton Error Processor 18.7.0.13 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\symerr.exe [2012-01-27] (Symantec Corporation) Task: {EE6AA5FD-1023-4B6A-8B0C-EF01FA716CE8} - System32\Tasks\HPCeeScheduleForAndrew => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {F106B398-82B9-468E-8F07-479AAA0EB4CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNCF267853 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard) Task: {FB90D050-039B-47FF-B7A2-F831775C78CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.) Task: {FC0D8E91-CF36-4E3B-B751-E656D7999979} - System32\Tasks\HPCeeScheduleForANDREW-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{28B96B25-4954-4229-A995-7D2ACFD6D2F6}.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForAndrew.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============= 2010-08-27 00:51 - 2010-08-27 00:51 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2010-09-30 06:11 - 2010-09-30 06:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2010-07-21 21:33 - 2010-07-21 21:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll 2010-07-21 21:33 - 2010-07-21 21:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll 2010-07-21 21:33 - 2010-07-21 21:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll 2010-08-16 21:21 - 2010-08-16 21:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll 2010-08-16 21:21 - 2010-08-16 21:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll 2010-08-16 21:21 - 2010-08-16 21:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll 2011-08-01 13:18 - 2010-09-28 19:59 - 12286008 _____ () C:\Users\Andrew\AppData\Roaming\PictureMover\Bin\Core.dll 2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2011-08-01 13:18 - 2010-09-28 20:09 - 01698872 _____ () C:\Users\Andrew\AppData\Roaming\PictureMover\EN-GB\Presentation.dll 2014-01-04 15:35 - 2014-01-04 15:35 - 00199168 ____N () C:\Users\Andrew\AppData\Local\Temp\WindowsAPI.dll8523927446406700632.lib 2014-01-04 15:35 - 2014-01-04 15:35 - 00379904 _____ () C:\Users\Andrew\AppData\Local\Temp\libsqlitejdbc-5720975279225898019.lib 2013-12-05 10:49 - 2013-12-04 02:47 - 00702416 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll 2013-12-05 10:49 - 2013-12-04 02:47 - 00099792 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll 2013-12-05 10:49 - 2013-12-04 02:48 - 04055504 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll 2013-12-05 10:49 - 2013-12-04 02:48 - 00399312 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll 2013-12-05 10:49 - 2013-12-04 02:47 - 01619408 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/04/2014 03:38:27 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (01/04/2014 03:38:22 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (01/04/2014 03:34:38 PM) (Source: Service Control Manager) (User: ) Description: The vToolbarUpdater17.2.0 service failed to start due to the following error: %%2 Error: (01/04/2014 03:34:38 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error: (01/04/2014 03:33:06 PM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Microsoft Office Sessions: ========================= Error: (10/21/2012 04:00:05 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 577 seconds with 180 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 56% Total physical RAM: 3834.9 MB Available physical RAM: 1655.68 MB Total Pagefile: 7667.98 MB Available Pagefile: 5143.33 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:448.12 GB) (Free:311.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:17.34 GB) (Free:2.51 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (FSW2) (CDROM) (Total:2.86 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: C6D5F87E) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ==================== End Of Log ============================
-
==================== One Month Modified Files and Folders ======= 2014-01-18 23:44 - 2011-08-31 18:49 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job 2014-01-18 23:37 - 2011-08-01 13:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-18 23:34 - 2011-08-31 18:54 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype 2014-01-18 23:31 - 2009-07-14 04:51 - 00138548 _____ C:\Windows\setupact.log 2014-01-18 23:19 - 2010-11-28 09:20 - 01984721 _____ C:\Windows\WindowsUpdate.log 2014-01-18 21:37 - 2011-08-01 13:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-18 21:28 - 2011-10-05 07:03 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\ZumoDrive 2014-01-18 21:01 - 2012-09-23 22:14 - 00000000 ____D C:\ProgramData\MFAData 2014-01-17 20:59 - 2011-08-31 18:51 - 00002374 _____ C:\Users\Andrew\Desktop\Google Chrome.lnk 2014-01-17 20:44 - 2011-08-31 18:49 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job 2014-01-17 20:34 - 2013-07-02 18:51 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAndrew 2014-01-17 20:34 - 2013-07-02 18:51 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForAndrew.job 2014-01-17 20:34 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-17 20:34 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-17 20:29 - 2011-09-15 20:54 - 00000000 ____D C:\Program Files (x86)\Steam 2014-01-17 20:25 - 2013-06-08 19:17 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2014-01-17 20:24 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-17 12:38 - 2009-07-14 04:45 - 00320720 _____ C:\Windows\system32\FNTCACHE.DAT 2014-01-17 12:03 - 2011-08-01 13:59 - 00000000 ____D C:\ProgramData\Microsoft Help 2014-01-17 11:56 - 2013-07-14 18:18 - 00000000 ____D C:\Windows\system32\MRT 2014-01-17 11:56 - 2012-04-22 23:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-01-14 16:22 - 2011-11-01 22:18 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-01-14 16:22 - 2011-09-27 14:22 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log 2014-01-09 18:51 - 2013-09-11 15:23 - 00000000 ____D C:\Users\Andrew\Documents\PHARMACY 2014-01-09 16:14 - 2009-07-14 05:13 - 00739918 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-09 15:58 - 2010-11-28 09:36 - 00000000 ____D C:\ProgramData\WildTangent 2014-01-09 15:56 - 2011-08-01 14:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps 2014-01-09 10:46 - 2013-04-30 18:27 - 00000000 ____D C:\Users\Andrew\Documents\CV 2014-01-05 14:44 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache 2014-01-04 23:17 - 2014-01-04 13:43 - 00000000 ____D C:\Program Files (x86)\ERUNT 2014-01-04 23:17 - 2013-12-31 02:19 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP 2014-01-04 23:17 - 2011-08-01 13:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\Microsoft Help 2014-01-04 23:16 - 2014-01-04 13:51 - 00000000 ____D C:\Users\Andrew\Desktop\mbar 2014-01-04 23:16 - 2014-01-04 13:45 - 00000000 ____D C:\Users\Andrew\Desktop\RK_Quarantine 2014-01-04 23:16 - 2014-01-04 12:31 - 00000000 ____D C:\Windows\pss 2014-01-04 23:16 - 2011-08-01 13:11 - 00000000 ____D C:\Users\Andrew 2014-01-04 23:16 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2014-01-04 23:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration 2014-01-04 17:26 - 2014-01-04 15:23 - 00000000 ____D C:\Users\Andrew\Documents\For experts 2014-01-04 17:21 - 2014-01-04 17:21 - 00000000 ____D C:\FRST 2014-01-04 15:38 - 2014-01-04 15:38 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-04 15:31 - 2014-01-04 15:26 - 00000000 ____D C:\AdwCleaner 2014-01-04 15:21 - 2014-01-04 15:21 - 00016923 _____ C:\Users\Andrew\Desktop\JRT.txt 2014-01-04 15:05 - 2014-01-04 15:05 - 00000000 ____D C:\Windows\ERUNT 2014-01-04 15:02 - 2014-01-04 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-04 13:53 - 2014-01-04 13:53 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-04 13:53 - 2014-01-04 13:51 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-04 13:50 - 2014-01-04 13:50 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 01485312 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTDPV6.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 01390640 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTCNXT6.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00389120 _____ (Marvell) C:\Windows\system32\Drivers\yk62x64.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00292864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTAZL6.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00174200 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00122624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsmdm.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00077512 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmXlCore.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00051712 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00043976 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmFilter.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00038528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00026440 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmBEnum.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00016200 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmVirHid.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00002299 _____ C:\Users\Andrew\Desktop\RKreport[0]_S_01042014_135026.txt 2014-01-04 13:50 - 2014-01-04 13:49 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 07767552 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 06108416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 05434368 _____ (Intel Corporation) C:\Windows\system32\Drivers\netw5v64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 02494056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 02374656 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00347680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00279040 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00116536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00087600 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\ctxusbm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00073856 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00038424 _____ (Google Inc) C:\Windows\system32\Drivers\androidusb.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00034152 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031088 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00028800 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak 2014-01-04 13:44 - 2014-01-04 13:44 - 00000000 ____D C:\Windows\ERDNT 2014-01-04 13:43 - 2014-01-04 13:43 - 00000928 _____ C:\Users\Andrew\Desktop\NTREGOPT.lnk 2014-01-04 13:43 - 2014-01-04 13:43 - 00000909 _____ C:\Users\Andrew\Desktop\ERUNT.lnk 2014-01-04 12:16 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-12-31 02:19 - 2010-10-19 12:19 - 00010108 _____ C:\Windows\SysWOW64\ezdigsgn.dat 2013-12-31 02:17 - 2011-08-01 22:07 - 00035242 _____ C:\Windows\PFRO.log 2013-12-30 14:13 - 2013-12-30 14:13 - 00000000 ____D C:\ProgramData\Wild Tangent 2013-12-27 19:58 - 2011-08-31 18:43 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANDREW-HP$ 2013-12-27 19:58 - 2011-08-31 18:43 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job Some content of TEMP: ==================== C:\Users\Andrew\AppData\Local\Temp\avguidx.dll C:\Users\Andrew\AppData\Local\Temp\BackupSetup.exe C:\Users\Andrew\AppData\Local\Temp\bitool.dll C:\Users\Andrew\AppData\Local\Temp\Extract.exe C:\Users\Andrew\AppData\Local\Temp\FreemakeVideoDownloader_3.5.2.6.exe C:\Users\Andrew\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\Andrew\AppData\Local\Temp\MachineIdCreator.exe C:\Users\Andrew\AppData\Local\Temp\ntdll_dump.dll C:\Users\Andrew\AppData\Local\Temp\oi_{5836C8CC-7868-4D23-90F1-82C29FAC0C12}.exe C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe C:\Users\Andrew\AppData\Local\Temp\sp58915.exe C:\Users\Andrew\AppData\Local\Temp\swt-gdip-win32-3448.dll C:\Users\Andrew\AppData\Local\Temp\swt-win32-3448.dll C:\Users\Andrew\AppData\Local\Temp\{464C257B-0728-4521-92E8-1D4A5596783C}-32.0.1700.76_31.0.1650.63_chrome_updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-13 10:35 ==================== End Of Log ============================
-
==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-15 13:30 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-01-15 13:30 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-01-15 13:30 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-01-15 13:30 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-01-15 13:30 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-01-15 13:30 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-01-15 13:30 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-01-15 13:30 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-01-15 13:30 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-01-04 17:21 - 2014-01-04 17:21 - 00000000 ____D C:\FRST 2014-01-04 15:38 - 2014-01-04 15:38 - 00000000 ____D C:\Program Files (x86)\ESET 2014-01-04 15:26 - 2014-01-04 15:31 - 00000000 ____D C:\AdwCleaner 2014-01-04 15:23 - 2014-01-04 17:26 - 00000000 ____D C:\Users\Andrew\Documents\For experts 2014-01-04 15:21 - 2014-01-04 15:21 - 00016923 _____ C:\Users\Andrew\Desktop\JRT.txt 2014-01-04 15:05 - 2014-01-04 15:05 - 00000000 ____D C:\Windows\ERUNT 2014-01-04 13:53 - 2014-01-04 15:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-01-04 13:53 - 2014-01-04 13:53 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-01-04 13:51 - 2014-01-04 23:16 - 00000000 ____D C:\Users\Andrew\Desktop\mbar 2014-01-04 13:51 - 2014-01-04 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-01-04 13:50 - 2014-01-04 13:50 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 01485312 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTDPV6.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 01390640 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTCNXT6.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00389120 _____ (Marvell) C:\Windows\system32\Drivers\yk62x64.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00292864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTAZL6.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00174200 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00122624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsmdm.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00077512 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmXlCore.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00051712 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00043976 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmFilter.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00038528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00026440 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmBEnum.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00016200 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmVirHid.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak 2014-01-04 13:50 - 2014-01-04 13:50 - 00002299 _____ C:\Users\Andrew\Desktop\RKreport[0]_S_01042014_135026.txt 2014-01-04 13:49 - 2014-01-04 13:50 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 07767552 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 06108416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 05434368 _____ (Intel Corporation) C:\Windows\system32\Drivers\netw5v64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 02494056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 02374656 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00347680 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00279040 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00116536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00087600 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\ctxusbm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00073856 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00038424 _____ (Google Inc) C:\Windows\system32\Drivers\androidusb.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00034152 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00031088 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00028800 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie64.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak 2014-01-04 13:49 - 2014-01-04 13:49 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak 2014-01-04 13:45 - 2014-01-04 23:16 - 00000000 ____D C:\Users\Andrew\Desktop\RK_Quarantine 2014-01-04 13:44 - 2014-01-04 13:44 - 00000000 ____D C:\Windows\ERDNT 2014-01-04 13:43 - 2014-01-04 23:17 - 00000000 ____D C:\Program Files (x86)\ERUNT 2014-01-04 13:43 - 2014-01-04 13:43 - 00000928 _____ C:\Users\Andrew\Desktop\NTREGOPT.lnk 2014-01-04 13:43 - 2014-01-04 13:43 - 00000909 _____ C:\Users\Andrew\Desktop\ERUNT.lnk 2014-01-04 12:31 - 2014-01-04 23:16 - 00000000 ____D C:\Windows\pss 2013-12-31 02:19 - 2014-01-04 23:17 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP 2013-12-30 14:13 - 2013-12-30 14:13 - 00000000 ____D C:\ProgramData\Wild Tangent
-
==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE (Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe (Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Andrew\Documents\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated) HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor) HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company) HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [3744552 2011-11-28] (AVAST Software) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-10-04] () HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [] - [x] HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-31] (Easybits) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company) HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-10-04] () HKCU\...\Run: [Google Update] - C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-01] (Google Inc.) HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) MountPoints2: {b4be6452-bc8a-11e0-a743-806e6f6e6963} - E:\Autorun.exe Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2 URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKCU - {EF182A10-C4B1-47AB-B70D-03FCC4171131} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms} BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation) BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-10-19] (EasyBits Software Corp.) Tcpip\Parameters: [DhcpNameServer] 192.168.16.7 Chrome: ======= CHR DefaultSearchKeyword: yahoo.com search CHR DefaultSearchProvider: Yahoo CHR DefaultSearchURL: http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=407453&p={searchTerms} CHR DefaultNewTabURL: CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Andrew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15] CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15] CHR Extension: (AdBlock) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-22] CHR Extension: (avast! WebRep) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-09-01] CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-02] CHR Extension: (Skype Click to Call) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-22] CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12] CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15] CHR HKLM-x32\...\Chrome\Extension: [aaaamnpffgnockjfnlelgnclclgfcllg] - C:\Users\Andrew\AppData\Local\APN\GoogleCRXs\aaaamnpffgnockjfnlelgnclclgfcllg_7.17.6.0.crx [2011-12-15] CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-08-01] CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-02] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09] CHR StartMenuInternet: Google Chrome - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-11-28] (AVAST Software) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-02-03] () S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x] ==================== Drivers (Whitelisted) ==================== S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc) R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-11-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66904 2011-11-28] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software) R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [591192 2011-11-28] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [304472 2011-11-28] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58712 2011-11-28] (AVAST Software) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [1152632 2011-09-09] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-08-31] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys [488568 2011-08-30] (Symantec Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\ENG64.SYS [117880 2011-08-31] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\EX64.SYS [2048632 2011-08-31] (Symantec Corporation) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-08-31] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation) S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)
-
Hi On the 17th of december, there was a download of the YTD toolbar v8.5. I was not using the computer at the time of the download and have not intentially downloaded it myself. Ever since this occurrence on websites, a random survery website pops up all the time, and seems to be triggered more on sites such as Ebay. I tried to uninstall the YTD v8.5 from the control panel options, however it claims the installation source is not available. So im unsure of the nature of this file that has appeared on its own. I have followed the steps on another forum : https://forums.malwa...howtopic=130561 followed all steps 1-7 and have posted the logs below. the file is still present, however the pop-ups seem to have halted for now. Any help is much appreciated on where to proceed with this. Thanks Addition.txt AdwCleanerR0.txt AdwCleanerS0.txt ESET.txt FRST.txt JRT.txt mbar-log-2014-01-04 (13-53-23).txt RKreport0_S_01042014_135026.txt system-log.txt