Jump to content

spigot YTD v8.5


Recommended Posts

Hi

 

On the 17th of december, there was a download of the YTD toolbar v8.5. I was not using the computer at the time of the download and have not intentially downloaded it myself. Ever since this occurrence on websites, a random survery website pops up all the time, and seems to be triggered more on sites such as Ebay.

 

I tried to uninstall the YTD v8.5 from the control panel options, however it claims the installation source is not available. So im unsure of the nature of this file that has appeared on its own. 

 

I have followed the steps on another forum : https://forums.malwa...howtopic=130561

 

followed all steps 1-7 and have posted the logs below.

 

the file is still present, however the pop-ups seem to have halted for now.

 

Any help is much appreciated on where to proceed with this.

 

Thanks 

Addition.txt

AdwCleanerR0.txt

AdwCleanerS0.txt

ESET.txt

FRST.txt

JRT.txt

mbar-log-2014-01-04 (13-53-23).txt

RKreport0_S_01042014_135026.txt

system-log.txt

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hello Andrew12345

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Zecter Inc.) C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe

(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE

(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe

(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Andrew\Documents\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-22] (Realtek Semiconductor)

HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)

HKLM\...\Run: [start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2010-08-30] (EasyBits Software AS)

HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [3744552 2011-11-28] (AVAST Software)

HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-10-04] ()

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Magic Desktop for HP notification] - C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-31] (Easybits)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)

HKCU\...\Run: [ZumoDrive] - C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2084 2011-10-04] ()

HKCU\...\Run: [Google Update] - C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-08-01] (Google Inc.)

HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)

HKCU\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

MountPoints2: {b4be6452-bc8a-11e0-a743-806e6f6e6963} - E:\Autorun.exe

Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2

URLSearchHook: HKCU - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File

URLSearchHook: HKCU - (No Name) - {90eee664-34b1-422a-a782-779af65cdf6d} - No File

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Notebooks

SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Notebooks

SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/710-111095-2958-0/4?satitle={searchTerms}&mfe=Notebooks

SearchScopes: HKCU - {EF182A10-C4B1-47AB-B70D-03FCC4171131} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=407453&p={searchTerms}

BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)

BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Toolbar: HKCU - No Name - {1392B8D2-5C05-419F-A8F6-B9F15A596612} -  No File

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-10-19] (EasyBits Software Corp.)

Tcpip\Parameters: [DhcpNameServer] 192.168.16.7

 

Chrome: 

=======

 

CHR DefaultSearchKeyword: yahoo.com search

CHR DefaultSearchProvider: Yahoo

CHR DefaultSearchURL: http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=407453&p={searchTerms}

CHR DefaultNewTabURL: 

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Andrew\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]

CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]

CHR Extension: (AdBlock) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-22]

CHR Extension: (avast! WebRep) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2011-09-01]

CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2011-12-02]

CHR Extension: (Skype Click to Call) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-22]

CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]

CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

CHR HKLM-x32\...\Chrome\Extension: [aaaamnpffgnockjfnlelgnclclgfcllg] - C:\Users\Andrew\AppData\Local\APN\GoogleCRXs\aaaamnpffgnockjfnlelgnclclgfcllg_7.17.6.0.crx [2011-12-15]

CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2011-08-01]

CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-12-02]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

CHR StartMenuInternet: Google Chrome - C:\Users\Andrew\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768 2011-11-28] (AVAST Software)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [130008 2011-04-17] (Symantec Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2012-02-03] ()

S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-11-28] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66904 2011-11-28] (AVAST Software)

R1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-11-28] (AVAST Software)

R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [591192 2011-11-28] (AVAST Software)

R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [304472 2011-11-28] (AVAST Software)

R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58712 2011-11-28] (AVAST Software)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-11] (AVG Technologies)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [1152632 2011-09-09] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [481912 2011-08-31] (Symantec Corporation)

R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys [488568 2011-08-30] (Symantec Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\ENG64.SYS [117880 2011-08-31] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\EX64.SYS [2048632 2011-08-31] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS [744568 2011-03-31] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-31] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-15] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-08-31] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)

S3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [122624 2011-01-13] (ZTE Incorporated)

 

 

Link to post
Share on other sites

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-15 13:30 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-01-15 13:30 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-01-15 13:30 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-01-15 13:30 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-01-15 13:30 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-01-15 13:30 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2014-01-15 13:30 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-01-15 13:30 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-01-15 13:30 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-01-04 17:21 - 2014-01-04 17:21 - 00000000 ____D C:\FRST

2014-01-04 15:38 - 2014-01-04 15:38 - 00000000 ____D C:\Program Files (x86)\ESET

2014-01-04 15:26 - 2014-01-04 15:31 - 00000000 ____D C:\AdwCleaner

2014-01-04 15:23 - 2014-01-04 17:26 - 00000000 ____D C:\Users\Andrew\Documents\For experts

2014-01-04 15:21 - 2014-01-04 15:21 - 00016923 _____ C:\Users\Andrew\Desktop\JRT.txt

2014-01-04 15:05 - 2014-01-04 15:05 - 00000000 ____D C:\Windows\ERUNT

2014-01-04 13:53 - 2014-01-04 15:02 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-04 13:53 - 2014-01-04 13:53 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-01-04 13:51 - 2014-01-04 23:16 - 00000000 ____D C:\Users\Andrew\Desktop\mbar

2014-01-04 13:51 - 2014-01-04 13:53 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-01-04 13:50 - 2014-01-04 13:50 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 01485312 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTDPV6.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 01390640 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTCNXT6.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00389120 _____ (Marvell) C:\Windows\system32\Drivers\yk62x64.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00292864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTAZL6.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00174200 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00122624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsmdm.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00077512 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmXlCore.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00051712 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00043976 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmFilter.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00038528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00026440 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmBEnum.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00016200 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmVirHid.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00002299 _____ C:\Users\Andrew\Desktop\RKreport[0]_S_01042014_135026.txt

2014-01-04 13:49 - 2014-01-04 13:50 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 07767552 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 06108416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 05434368 _____ (Intel Corporation) C:\Windows\system32\Drivers\netw5v64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 02494056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 02374656 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00347680 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00279040 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00116536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00087600 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\ctxusbm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00073856 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00038424 _____ (Google Inc) C:\Windows\system32\Drivers\androidusb.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00034152 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031088 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00028800 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak

2014-01-04 13:45 - 2014-01-04 23:16 - 00000000 ____D C:\Users\Andrew\Desktop\RK_Quarantine

2014-01-04 13:44 - 2014-01-04 13:44 - 00000000 ____D C:\Windows\ERDNT

2014-01-04 13:43 - 2014-01-04 23:17 - 00000000 ____D C:\Program Files (x86)\ERUNT

2014-01-04 13:43 - 2014-01-04 13:43 - 00000928 _____ C:\Users\Andrew\Desktop\NTREGOPT.lnk

2014-01-04 13:43 - 2014-01-04 13:43 - 00000909 _____ C:\Users\Andrew\Desktop\ERUNT.lnk

2014-01-04 12:31 - 2014-01-04 23:16 - 00000000 ____D C:\Windows\pss

2013-12-31 02:19 - 2014-01-04 23:17 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP

2013-12-30 14:13 - 2013-12-30 14:13 - 00000000 ____D C:\ProgramData\Wild Tangent

Link to post
Share on other sites

==================== One Month Modified Files and Folders =======

 

2014-01-18 23:44 - 2011-08-31 18:49 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job

2014-01-18 23:37 - 2011-08-01 13:47 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-18 23:34 - 2011-08-31 18:54 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype

2014-01-18 23:31 - 2009-07-14 04:51 - 00138548 _____ C:\Windows\setupact.log

2014-01-18 23:19 - 2010-11-28 09:20 - 01984721 _____ C:\Windows\WindowsUpdate.log

2014-01-18 21:37 - 2011-08-01 13:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-18 21:28 - 2011-10-05 07:03 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\ZumoDrive

2014-01-18 21:01 - 2012-09-23 22:14 - 00000000 ____D C:\ProgramData\MFAData

2014-01-17 20:59 - 2011-08-31 18:51 - 00002374 _____ C:\Users\Andrew\Desktop\Google Chrome.lnk

2014-01-17 20:44 - 2011-08-31 18:49 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job

2014-01-17 20:34 - 2013-07-02 18:51 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAndrew

2014-01-17 20:34 - 2013-07-02 18:51 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForAndrew.job

2014-01-17 20:34 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-17 20:34 - 2009-07-14 04:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-17 20:29 - 2011-09-15 20:54 - 00000000 ____D C:\Program Files (x86)\Steam

2014-01-17 20:25 - 2013-06-08 19:17 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-01-17 20:24 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2014-01-17 12:38 - 2009-07-14 04:45 - 00320720 _____ C:\Windows\system32\FNTCACHE.DAT

2014-01-17 12:03 - 2011-08-01 13:59 - 00000000 ____D C:\ProgramData\Microsoft Help

2014-01-17 11:56 - 2013-07-14 18:18 - 00000000 ____D C:\Windows\system32\MRT

2014-01-17 11:56 - 2012-04-22 23:50 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-01-14 16:22 - 2011-11-01 22:18 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-01-14 16:22 - 2011-09-27 14:22 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log

2014-01-09 18:51 - 2013-09-11 15:23 - 00000000 ____D C:\Users\Andrew\Documents\PHARMACY

2014-01-09 16:14 - 2009-07-14 05:13 - 00739918 _____ C:\Windows\system32\PerfStringBackup.INI

2014-01-09 15:58 - 2010-11-28 09:36 - 00000000 ____D C:\ProgramData\WildTangent

2014-01-09 15:56 - 2011-08-01 14:07 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps

2014-01-09 10:46 - 2013-04-30 18:27 - 00000000 ____D C:\Users\Andrew\Documents\CV

2014-01-05 14:44 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache

2014-01-04 23:17 - 2014-01-04 13:43 - 00000000 ____D C:\Program Files (x86)\ERUNT

2014-01-04 23:17 - 2013-12-31 02:19 - 00000000 ____D C:\ProgramData\Easybits Magic Desktop for HP

2014-01-04 23:17 - 2011-08-01 13:59 - 00000000 ____D C:\Users\Andrew\AppData\Local\Microsoft Help

2014-01-04 23:16 - 2014-01-04 13:51 - 00000000 ____D C:\Users\Andrew\Desktop\mbar

2014-01-04 23:16 - 2014-01-04 13:45 - 00000000 ____D C:\Users\Andrew\Desktop\RK_Quarantine

2014-01-04 23:16 - 2014-01-04 12:31 - 00000000 ____D C:\Windows\pss

2014-01-04 23:16 - 2011-08-01 13:11 - 00000000 ____D C:\Users\Andrew

2014-01-04 23:16 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD

2014-01-04 23:16 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration

2014-01-04 17:26 - 2014-01-04 15:23 - 00000000 ____D C:\Users\Andrew\Documents\For experts

2014-01-04 17:21 - 2014-01-04 17:21 - 00000000 ____D C:\FRST

2014-01-04 15:38 - 2014-01-04 15:38 - 00000000 ____D C:\Program Files (x86)\ESET

2014-01-04 15:31 - 2014-01-04 15:26 - 00000000 ____D C:\AdwCleaner

2014-01-04 15:21 - 2014-01-04 15:21 - 00016923 _____ C:\Users\Andrew\Desktop\JRT.txt

2014-01-04 15:05 - 2014-01-04 15:05 - 00000000 ____D C:\Windows\ERUNT

2014-01-04 15:02 - 2014-01-04 13:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-01-04 13:53 - 2014-01-04 13:53 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-01-04 13:53 - 2014-01-04 13:51 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-01-04 13:50 - 2014-01-04 13:50 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 01485312 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTDPV6.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 01390640 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTCNXT6.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spsys.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00389120 _____ (Marvell) C:\Windows\system32\Drivers\yk62x64.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00363392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00328192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00295808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00292864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\VSTAZL6.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00215936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00174200 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00171392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scsiport.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00161872 _____ (VIA Technologies Inc.,Ltd) C:\Windows\system32\Drivers\vsmraid.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00122624 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\zghsmdm.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00094208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smb.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00080464 _____ (Silicon Integrated Systems) C:\Windows\system32\Drivers\sisraid4.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00077512 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmXlCore.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00071552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00068864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00064592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ULIAGPKX.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00064080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UAGP35.SYS.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00063360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\termdd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00051712 _____ (Apple, Inc.) C:\Windows\system32\Drivers\usbaapl64.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umbus.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00043976 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmFilter.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00043584 _____ (Silicon Integrated Systems Corp.) C:\Windows\system32\Drivers\sisraid2.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00038528 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00036432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vdrvroot.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBCAMD2.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbrpm.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vgapnp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vga.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tape.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00027776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wacompen.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdi.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00026440 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmBEnum.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00024656 _____ (Promise Technology) C:\Windows\system32\Drivers\stexstor.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00023040 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\Windows\system32\Drivers\secdrv.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00022096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00021056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\smclib.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00019008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spldr.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00017488 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viaide.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sfloppy.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00016464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmilib.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00016200 _____ (Logitech Inc.) C:\Windows\system32\Drivers\WmVirHid.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdpipe.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wmiacpi.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_sd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffdisk.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sffp_mmc.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwf.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00012496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\swenum.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\umpass.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys.bak

2014-01-04 13:50 - 2014-01-04 13:50 - 00002299 _____ C:\Users\Andrew\Desktop\RKreport[0]_S_01042014_135026.txt

2014-01-04 13:50 - 2014-01-04 13:49 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\scfilter.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 07767552 _____ (ATI Technologies Inc.) C:\Windows\system32\Drivers\atikmdag.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 06108416 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 05434368 _____ (Intel Corporation) C:\Windows\system32\Drivers\netw5v64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 03286016 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\evbda.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 02494056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 02374656 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 01524816 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql2300.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00530496 _____ (Emulex) C:\Windows\system32\Drivers\elxstor.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00491088 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adp94xx.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00468480 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bxvbda.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00366976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00347680 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00339536 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpahci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00334208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00309248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00289664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00284736 _____ (LSI Corporation, Inc.) C:\Windows\system32\Drivers\MegaSR.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00279040 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00273792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00270848 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\b57nd60a.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00240952 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394ohci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00220752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcmcia.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00213888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00194128 _____ (AMD Technologies Inc.) C:\Windows\system32\Drivers\amdsbs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00184704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00182864 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\adpu320.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00179072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00155008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdrom.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00140672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00128592 _____ (QLogic Corporation) C:\Windows\system32\Drivers\ql40xx.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00122960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NV_AGP.SYS.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irda.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00116536 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00115776 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_scsi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00114752 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_fc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspptp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00106560 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00103808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sbp2port.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxg.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00097856 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arcsas.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00094592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\raspppoe.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cdfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00087632 _____ (Adaptec, Inc.) C:\Windows\system32\Drivers\arc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00087600 _____ (Citrix Systems, Inc.) C:\Windows\system32\Drivers\ctxusbm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rassstp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipfltdrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00078720 _____ (Hewlett-Packard Company) C:\Windows\system32\Drivers\HpSAMD.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rspndr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00073856 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00073280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00072832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ohci1394.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthmodem.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00070224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\1394bus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00065600 _____ (LSI Corporation) C:\Windows\system32\Drivers\lsi_sas2.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00065088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\GAGP30KX.SYS.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00061008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AGP440.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\lltdio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00055376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fsdepends.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00055128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00051264 _____ (IBM Corporation) C:\Windows\system32\Drivers\nfrd960.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pcw.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00049216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00048720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciidex.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00047104 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerWdm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\qwavedrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidir.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00045880 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\circlass.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\blbdrive.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00044112 _____ (Intel Corp./ICP vortex GmbH) C:\Windows\system32\Drivers\iirsp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\discache.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00039504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crashdmp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00038424 _____ (Google Inc) C:\Windows\system32\Drivers\androidusb.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00035392 _____ (LSI Corporation) C:\Windows\system32\Drivers\megasas.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiscap.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\filetrace.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00034152 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031232 _____ (Hauppauge Computer Works, Inc.) C:\Windows\system32\Drivers\hcw85cir.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msahci.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00031088 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fdc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00028800 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00028736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Dumpata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00028240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\battc.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbatt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msfs.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\flpydisk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\crcdisk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\atapi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpbus.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\asyncmac.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mcd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00021584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\compbatt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksthunk.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00020544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\isapnp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00018432 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltLo.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\irenum.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00017664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CmBatt.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00017488 _____ (CMD Technology, Inc.) C:\Windows\system32\Drivers\cmdide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00016960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxapi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\AtiPcie64.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015440 _____ (Acer Laboratories Inc.) C:\Windows\system32\Drivers\aliide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msisadrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\MTConfig.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014976 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbMdm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasacd.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hwpolicy.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00014720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrUsbSer.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpipmi.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00012352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pciide.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00011136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mskssrv.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\errdev.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008704 _____ (Brother Industries, Ltd.) C:\Windows\system32\Drivers\BrFiltUp.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPREFMP.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mshidkmdf.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00008064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mstee.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPENCDD.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RDPCDD.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspclock.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00006784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mspqm.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\beep.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\null.sys.bak

2014-01-04 13:49 - 2014-01-04 13:49 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys.bak

2014-01-04 13:44 - 2014-01-04 13:44 - 00000000 ____D C:\Windows\ERDNT

2014-01-04 13:43 - 2014-01-04 13:43 - 00000928 _____ C:\Users\Andrew\Desktop\NTREGOPT.lnk

2014-01-04 13:43 - 2014-01-04 13:43 - 00000909 _____ C:\Users\Andrew\Desktop\ERUNT.lnk

2014-01-04 12:16 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-12-31 02:19 - 2010-10-19 12:19 - 00010108 _____ C:\Windows\SysWOW64\ezdigsgn.dat

2013-12-31 02:17 - 2011-08-01 22:07 - 00035242 _____ C:\Windows\PFRO.log

2013-12-30 14:13 - 2013-12-30 14:13 - 00000000 ____D C:\ProgramData\Wild Tangent

2013-12-27 19:58 - 2011-08-31 18:43 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANDREW-HP$

2013-12-27 19:58 - 2011-08-31 18:43 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job

 

Some content of TEMP:

====================

C:\Users\Andrew\AppData\Local\Temp\avguidx.dll

C:\Users\Andrew\AppData\Local\Temp\BackupSetup.exe

C:\Users\Andrew\AppData\Local\Temp\bitool.dll

C:\Users\Andrew\AppData\Local\Temp\Extract.exe

C:\Users\Andrew\AppData\Local\Temp\FreemakeVideoDownloader_3.5.2.6.exe

C:\Users\Andrew\AppData\Local\Temp\HPHelpUpdater.exe

C:\Users\Andrew\AppData\Local\Temp\MachineIdCreator.exe

C:\Users\Andrew\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Andrew\AppData\Local\Temp\oi_{5836C8CC-7868-4D23-90F1-82C29FAC0C12}.exe

C:\Users\Andrew\AppData\Local\Temp\Quarantine.exe

C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Andrew\AppData\Local\Temp\sp58915.exe

C:\Users\Andrew\AppData\Local\Temp\swt-gdip-win32-3448.dll

C:\Users\Andrew\AppData\Local\Temp\swt-win32-3448.dll

C:\Users\Andrew\AppData\Local\Temp\{464C257B-0728-4521-92E8-1D4A5596783C}-32.0.1700.76_31.0.1650.63_chrome_updater.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-13 10:35

 

==================== End Of Log ============================

Link to post
Share on other sites

Addition.txt:

 

==================== Security Center ========================

 

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

==================== Installed Programs ======================

 

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)

4x4 Hummer (x32 Version: 1.00.0000 - 1C Company)

ADInstruments LabChart 7.3.4 Reader (x32 Version: 7.3.4400 - ADInstruments)

Adobe Flash Player 10 ActiveX (x32 Version: 10.3.183.10 - Adobe Systems Incorporated)

Adobe Flash Player 11 Plugin (x32 Version: 11.6.602.171 - Adobe Systems Incorporated)

Adobe Reader X (10.1.8) (x32 Version: 10.1.8 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612 - Adobe Systems, Inc)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

Apple Application Support (x32 Version: 2.0.1 - Apple Inc.)

Apple Mobile Device Support (Version: 3.4.1.2 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Atheros Driver Installation Program (x32 Version: 9.0 - Atheros)

ATI Catalyst Install Manager (Version: 3.0.790.0 - ATI Technologies, Inc.)

avast! Free Antivirus (x32 Version: 6.0.1367.0 - AVAST Software)

AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3658 - AVG Technologies) Hidden

AVG 2013 (Version: 2013.0.3462 - AVG Technologies)

Battlefield 1942: Secret Weapons of WWII (x32 Version:  - )

Battlefield 1942: The Road To Rome (x32 Version:  - )

Battlefield 2 (x32 Version:  - )

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Bar (x32 Version: 7.2.241.0 - Microsoft Corporation)

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (Version: 3.0.0.2 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games)

Bully Scholarship Edition (x32 Version: 1.00.0154 - Rockstar Games) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0929.2212.37971 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0929.2212.37971 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2010.0929.2212.37971 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0929.2212.37971 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help English (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help French (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help German (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0929.2211.37971 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0929.2212.37971 - ATI) Hidden

ccc-utility64 (Version: 2010.0929.2212.37971 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)

Citrix online plug-in - web (x32 Version: 12.1.44.1 - Citrix Systems, Inc.)

Citrix online plug-in (DV) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (HDX) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (USB) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (Web) (x32 Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden

ColdFear (x32 Version: 1.00.0000 - Ubisoft)

Compaq Setup Manager (x32 Version: 1.0.12844.3519 - Hewlett-Packard Company)

Crysis® (x32 Version: 1.00.0000 - Electronic Arts)

CyberLink DVD Suite (x32 Version: 7.0.3320 - CyberLink Corp.)

CyberLink DVD Suite (x32 Version: 7.0.3320 - CyberLink Corp.) Hidden

CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.)

CyberLink PowerDVD 9 (x32 Version: 9.0.1.4604 - CyberLink Corp.) Hidden

CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 3.2.3321 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Doom 3 (x32 Version: 1.00.0000 - Activision)

Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)

ERUNT 1.1j (x32 Version:  - Lars Hederer)

ESET Online Scanner v3 (x32 Version:  - )

ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)

Far Cry (x32 Version: 1.00.0000 - Ubisoft)

Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Freewire Television (x32 Version: 2.15.0.0 - Freewire)

Full Spectrum Warrior Ten Hammers (x32 Version: 1.0.0 - Pandemic Studios LLC)

GameSpy Comrade (x32 Version: 1.5.0.156 - GameSpy)

Ghost Recon (x32 Version:  - )

Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

GTA San Andreas (x32 Version: 1.00.00001 - Rockstar Games)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden

HP CloudDrive (x32 Version:  - Zecter Inc.)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Documentation (x32 Version: 1.1.2.1 - Hewlett-Packard)

HP Game Console (x32 Version:  - WildTangent) Hidden

HP Games (x32 Version: 1.0.1.5 - WildTangent)

HP Photo Creations (x32 Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)

HP Power Manager (x32 Version: 1.1.2 - Hewlett-Packard Company)

HP Quick Launch (x32 Version: 2.3.6 - Hewlett-Packard Company)

HP Setup (x32 Version: 8.4.4400.3525 - Hewlett-Packard Company)

HP Software Framework (x32 Version: 4.0.108.1 - Hewlett-Packard Company)

HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)

HP Wireless Assistant (Version: 4.0.10.0 - Hewlett-Packard Company)

iTunes (Version: 10.4.1.10 - Apple Inc.)

Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden

Java 6 Update 21 (64-bit) (Version: 6.0.210 - Oracle)

Java 6 Update 31 (x32 Version: 6.0.310 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden

LightScribe System Software (x32 Version: 1.18.18.1 - LightScribe)

Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)

Magic Desktop (x32 Version: 3.0 - EasyBits Software AS)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Metro 2033 (x32 Version:  - THQ)

Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Motocross Madness (x32 Version:  - )

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Windows Media Video 9 VCM (x32 Version:  - )

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden

Norton Internet Security (x32 Version: 18.7.0.13 - Symantec Corporation)

Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)

NVIDIA PhysX (x32 Version: 9.10.0222 - NVIDIA Corporation)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.)

PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden

PictureMover (x32 Version: 3.5.0.33 - Hewlett-Packard Company)

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden

PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.)

PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden

PunkBuster for Battlefield 1942 (x32 Version:  - )

PunkBuster Services (x32 Version: 0.986 - Even Balance, Inc.)

Quake 4 (x32 Version: 1.0 - Activision)

Quake 4 (x32 Version: 1.0 - Activision) Hidden

QuickTime (x32 Version: 7.70.80.34 - Apple Inc.)

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealPlayer (x32 Version:  - RealNetworks)

Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.18.322.2010 - Realtek)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6206 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden

RtVOsd (Version: 1.0.6 - Realtek Semiconductor Corp.)

S.T.A.L.K.E.R. - Clear Sky (x32 Version: 1.0001 - Deep Silver)

S.T.A.L.K.E.R. - Shadow of Chernobyl (x32 Version: 1.0000 - THQ)

Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)

Steam (x32 Version: 1.0.0.0 - Valve Corporation)

Synaptics Pointing Device Driver (Version: 15.1.6.64 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)

World Cup Cricket 20-20 (x32 Version: 2.2.0.95 - WildTangent) Hidden

YTD Toolbar v8.5 (x32 Version: 8.5 - Spigot, Inc.)

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

19-11-2013 20:40:43 Windows Update

30-11-2013 12:14:39 Scheduled Checkpoint

13-12-2013 18:11:32 Windows Update

15-12-2013 13:30:44 Windows Update

02-01-2014 19:30:48 Removed YTD Toolbar v8.5.

02-01-2014 19:36:11 Removed YTD Toolbar v8.5.

04-01-2014 12:49:45 Removed YTD Toolbar v8.5.

04-01-2014 12:52:25 Removed YTD Toolbar v8.5.

04-01-2014 12:54:11 Removed YTD Toolbar v8.5.

04-01-2014 12:55:13 Removed YTD Toolbar v8.5.

04-01-2014 13:07:01 Removed YTD Toolbar v8.5.

 

==================== Hosts content: ==========================

 

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {05F13195-9D20-4CB2-B1F2-B7C24D1C5A37} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNCF267864 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: {09B59B6E-14A5-492C-8033-275EEBC35401} - \Scheduled Update for Ask Toolbar No Task File

Task: {0B853B96-C68A-476D-A11D-E3B0070EDAEF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\Detection_NetworkCheck.exe [2013-12-12] (Hewlett-Packard)

Task: {14042329-E69E-4A0D-B779-2B779E7511E7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3657174505-1360388305-3814514265-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-11-08] (RealNetworks, Inc.)

Task: {238EEDCD-4257-479B-A641-80282B8D738F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-09-29] (CyberLink)

Task: {3118564B-376B-4630-8BEC-CF75E85F9F27} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN34U148QM => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: {44482FCC-702B-4F1C-BA48-F4266E95BE5F} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2011-12-02] (RealNetworks, Inc.)

Task: {51C56E57-01E4-4EE8-A04C-A3920C4C08E1} - System32\Tasks\Symantec\Norton Error Analyzer 18.7.0.13 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\symerr.exe [2012-01-27] (Symantec Corporation)

Task: {53E6F6EB-9FFD-4A04-80CD-56B6C171F173} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)

Task: {5B3B3FDF-6828-479D-B0D9-61FCC0B174BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)

Task: {63419603-CFAE-44FF-8C6A-7836F409BA20} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {703FF9AD-EEEA-403E-9549-833E7C75B3DB} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{28B96B25-4954-4229-A995-7D2ACFD6D2F6}.exe

Task: {71C02D59-01F8-47FE-8710-36DA4FD68647} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)

Task: {ACB1D1BF-0AEF-400A-9E58-55EF0EC0EB85} - System32\Tasks\{FEF75F2E-312E-4BA8-A91D-DA6F11E77752} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.116.259/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=12007&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered

Task: {B032395E-DAD5-475F-9506-87617DC54EF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {BC78BFC3-B089-4C09-BB5B-5CBC8C3C5F89} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)

Task: {BEC4D5CA-72DE-44AC-A488-4424B13EA200} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-09-27] ()

Task: {BF031AF2-CB5B-4432-A61D-61AC7742B390} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH3761219X => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: {C3588230-F4FD-4E0A-A544-62C2553DAA5A} - System32\Tasks\Google Updater and Installer => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)

Task: {C3E362A3-184E-41B5-8FEF-429E86DD3767} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)

Task: {CD8B5AE6-196B-49FA-8268-BB003C18031A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {D08DBF33-6096-4F3E-A485-8EF1C243CECF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: {D70A9DE9-5741-44C3-9AA8-4DFC7F913474} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)

Task: {DAA47A98-000E-4ABD-AF8F-A3B0C2556701} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EAE2483E-6F22-4420-822E-CE1CD3BA8926} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3657174505-1360388305-3814514265-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2011-11-08] (RealNetworks, Inc.)

Task: {EE56BBBE-D119-4F4D-8B20-F0A6212F452E} - System32\Tasks\Symantec\Norton Error Processor 18.7.0.13 => C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\symerr.exe [2012-01-27] (Symantec Corporation)

Task: {EE6AA5FD-1023-4B6A-8B0C-EF01FA716CE8} - System32\Tasks\HPCeeScheduleForAndrew => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: {F106B398-82B9-468E-8F07-479AAA0EB4CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNCF267853 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)

Task: {FB90D050-039B-47FF-B7A2-F831775C78CC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01] (Google Inc.)

Task: {FC0D8E91-CF36-4E3B-B751-E656D7999979} - System32\Tasks\HPCeeScheduleForANDREW-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{28B96B25-4954-4229-A995-7D2ACFD6D2F6}.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job => C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForANDREW-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForAndrew.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2010-08-27 00:51 - 2010-08-27 00:51 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2010-09-30 06:11 - 2010-09-30 06:11 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2010-07-21 21:33 - 2010-07-21 21:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll

2010-07-21 21:33 - 2010-07-21 21:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll

2010-07-21 21:33 - 2010-07-21 21:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

2010-08-16 21:21 - 2010-08-16 21:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll

2010-08-16 21:21 - 2010-08-16 21:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll

2010-08-16 21:21 - 2010-08-16 21:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2011-08-01 13:18 - 2010-09-28 19:59 - 12286008 _____ () C:\Users\Andrew\AppData\Roaming\PictureMover\Bin\Core.dll

2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2011-08-01 13:18 - 2010-09-28 20:09 - 01698872 _____ () C:\Users\Andrew\AppData\Roaming\PictureMover\EN-GB\Presentation.dll

2014-01-04 15:35 - 2014-01-04 15:35 - 00199168 ____N () C:\Users\Andrew\AppData\Local\Temp\WindowsAPI.dll8523927446406700632.lib

2014-01-04 15:35 - 2014-01-04 15:35 - 00379904 _____ () C:\Users\Andrew\AppData\Local\Temp\libsqlitejdbc-5720975279225898019.lib

2013-12-05 10:49 - 2013-12-04 02:47 - 00702416 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

2013-12-05 10:49 - 2013-12-04 02:47 - 00099792 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll

2013-12-05 10:49 - 2013-12-04 02:48 - 04055504 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll

2013-12-05 10:49 - 2013-12-04 02:48 - 00399312 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

2013-12-05 10:49 - 2013-12-04 02:47 - 01619408 _____ () C:\Users\Andrew\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/04/2014 03:38:27 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (01/04/2014 03:38:22 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

 

System errors:

=============

Error: (01/04/2014 03:34:38 PM) (Source: Service Control Manager) (User: )

Description: The vToolbarUpdater17.2.0 service failed to start due to the following error: 

%%2

 

Error: (01/04/2014 03:34:38 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error: 

%%5

 

Error: (01/04/2014 03:33:06 PM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error: 

%%5

 

 

Microsoft Office Sessions:

=========================

Error: (10/21/2012 04:00:05 PM) (Source: Microsoft Office 12 Sessions)(User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 577 seconds with 180 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 56%

Total physical RAM: 3834.9 MB

Available physical RAM: 1655.68 MB

Total Pagefile: 7667.98 MB

Available Pagefile: 5143.33 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:448.12 GB) (Free:311.34 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:17.34 GB) (Free:2.51 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (FSW2) (CDROM) (Total:2.86 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: C6D5F87E)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi, 

 

Here is the results of the first scan. As for the running of the PC, it seems ok, however the unwanted file is present when I go onto [control panel> un-install a programme]. However the random surveys and websites that popped up have not been appearing for a few weeks now.

Sorry for putting the information up in several posts, I had to do this as it said the post was too big if all the information was in one post. 

 

Many thanks

Andrew

Link to post
Share on other sites

  • Staff

Hello Andrew12345

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Hi

I followed the steps above, and the following comes up (I was connected to the internet when carrying it out): 

 

C:\Qoobox\ refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or your network, and try again. If still cannot be located, the information might have been moved to a different location. 

 

Also could today my anti-virus popped up with FRST.exe as a trojan horse. MSIL2.ITN is the name of the trojan horse in the virus vault on my anti-virus system. The anti-virus has dealt with the trojan and removed it. Is there anything else I should do on this matter?

 

Many thanks

Andrew

Link to post
Share on other sites

  • Staff

Hello Andrew12345

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Hi

 

Here are the two reports as requested. The computer is running good at the moment, no pop ups and I'm happy with its performance. The YTD toolbar is still present under programmes and features, however it seems to have no effect on the PC.  

 

many thanks

Andrew 

 

# AdwCleaner v3.017 - Report created 19/01/2014 at 18:17:22

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Andrew - ANDREW-HP

# Running from : C:\Users\Andrew\Documents\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v

 

[ File : C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [12269 octets] - [04/01/2014 15:28:24]

AdwCleaner[R1].txt - [890 octets] - [19/01/2014 18:15:56]

AdwCleaner[s0].txt - [12350 octets] - [04/01/2014 15:30:56]

AdwCleaner[s1].txt - [812 octets] - [19/01/2014 18:17:22]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [871 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Home Premium x64

Ran by Andrew on 20/01/2014 at  0:03:12.62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20/01/2014 at  0:20:05.24

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Hello Andrew12345

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi

Please find below the log for combofix. There was no problems during the scan. The computer is running good, there is no pop ups which was the original problem. The YTD toolbar file is still present when viewing the uninstall a programme from the control panel. But the overall performance of the computer is great. 

 

many thanks 

Andrew

Link to post
Share on other sites

omboFix 14-01-22.01 - Andrew 22/01/2014  20:08:32.1.1 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3835.2417 [GMT 0:00]

Running from: c:\users\Andrew\Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\prefs.js

c:\users\Andrew\AppData\Local\Temp\libsqlitejdbc-336002140722856400.lib

c:\users\Andrew\AppData\Local\Temp\swt-gdip-win32-3448.dll

c:\users\Andrew\AppData\Local\Temp\swt-win32-3448.dll

c:\users\Andrew\AppData\Local\Temp\WindowsAPI.dll574784018187710279.lib

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))

.

.

2014-01-22 20:20 . 2014-01-22 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-15 13:30 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-15 13:30 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-15 13:30 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-15 13:30 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-15 13:30 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-15 13:30 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-15 13:30 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-15 13:30 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-01-15 13:30 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys

2014-01-04 17:21 . 2014-01-04 17:21 -------- d-----w- C:\FRST

2014-01-04 15:38 . 2014-01-04 15:38 -------- d-----w- c:\program files (x86)\ESET

2014-01-04 15:26 . 2014-01-19 18:17 -------- d-----w- C:\AdwCleaner

2014-01-04 15:05 . 2014-01-04 15:05 -------- d-----w- c:\windows\ERUNT

2014-01-04 13:53 . 2014-01-04 15:02 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-01-04 13:53 . 2014-01-04 13:53 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-01-04 13:51 . 2014-01-04 13:53 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-01-04 13:49 . 2014-01-04 13:49 103808 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak

2014-01-04 13:43 . 2014-01-04 23:17 -------- d-----w- c:\program files (x86)\ERUNT

2013-12-31 02:19 . 2014-01-04 23:17 -------- d-----w- c:\programdata\Easybits Magic Desktop for HP

2013-12-30 14:13 . 2013-12-30 14:13 -------- d-----w- c:\programdata\Wild Tangent

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-17 11:56 . 2012-04-22 23:50 86054176 ----a-w- c:\windows\system32\MRT.exe

2013-11-26 11:54 . 2013-12-13 18:13 23183360 ----a-w- c:\windows\system32\mshtml.dll

2013-11-26 10:19 . 2013-12-13 18:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 10:18 . 2013-12-13 18:13 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 09:48 . 2013-12-13 18:13 66048 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 09:46 . 2013-12-13 18:13 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 09:41 . 2013-12-13 18:13 2764288 ----a-w- c:\windows\system32\iertutil.dll

2013-11-26 09:29 . 2013-12-13 18:13 53760 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-26 09:27 . 2013-12-13 18:13 33792 ----a-w- c:\windows\system32\iernonce.dll

2013-11-26 09:23 . 2013-12-13 18:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-11-26 09:21 . 2013-12-13 18:13 574976 ----a-w- c:\windows\system32\ieui.dll

2013-11-26 09:18 . 2013-12-13 18:13 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 09:18 . 2013-12-13 18:13 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 09:16 . 2013-12-13 18:13 708608 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:57 . 2013-12-13 18:13 218624 ----a-w- c:\windows\system32\ie4uinit.exe

2013-11-26 08:35 . 2013-12-13 18:13 5769216 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 08:28 . 2013-12-13 18:13 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2013-11-26 08:16 . 2013-12-13 18:13 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-11-26 08:02 . 2013-12-13 18:13 1995264 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 07:48 . 2013-12-13 18:13 12996608 ----a-w- c:\windows\system32\ieframe.dll

2013-11-26 07:32 . 2013-12-13 18:13 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-11-26 07:07 . 2013-12-13 18:13 2334208 ----a-w- c:\windows\system32\wininet.dll

2013-11-26 06:40 . 2013-12-13 18:13 1395200 ----a-w- c:\windows\system32\urlmon.dll

2013-11-26 06:34 . 2013-12-13 18:13 817664 ----a-w- c:\windows\system32\ieapfltr.dll

2013-11-26 06:33 . 2013-12-13 18:13 1820160 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-25 01:48 . 2013-11-25 01:48 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-11-23 18:26 . 2013-12-12 13:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-12 13:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-19 20:44 . 2013-11-19 20:44 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-11-19 20:44 . 2013-11-19 20:44 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-11-19 20:44 . 2013-11-19 20:44 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2013-11-19 20:44 . 2013-11-19 20:44 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2013-11-19 20:44 . 2013-11-19 20:44 235008 ----a-w- c:\windows\system32\elshyph.dll

2013-11-19 20:44 . 2013-11-19 20:44 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2013-11-19 20:44 . 2013-11-19 20:44 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-11-19 20:44 . 2013-11-19 20:44 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2013-11-19 20:44 . 2013-11-19 20:44 337408 ----a-w- c:\windows\SysWow64\html.iec

2013-11-19 20:44 . 2013-11-19 20:44 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2013-11-19 20:44 . 2013-11-19 20:44 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-19 20:44 . 2013-11-19 20:44 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-11-19 20:44 . 2013-11-19 20:44 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-11-19 20:44 . 2013-11-19 20:44 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2013-11-19 20:44 . 2013-11-19 20:44 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-11-19 20:44 . 2013-11-19 20:44 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2013-11-19 20:44 . 2013-11-19 20:44 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-11-19 20:44 . 2013-11-19 20:44 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2013-11-19 20:44 . 2013-11-19 20:44 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2013-11-19 20:44 . 2013-11-19 20:44 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-11-19 20:44 . 2013-11-19 20:44 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-11-19 20:44 . 2013-11-19 20:44 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2013-11-19 20:44 . 2013-11-19 20:44 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-19 20:44 . 2013-11-19 20:44 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-11-19 20:44 . 2013-11-19 20:44 942592 ----a-w- c:\windows\system32\jsIntl.dll

2013-11-19 20:44 . 2013-11-19 20:44 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-11-19 20:44 . 2013-11-19 20:44 247808 ----a-w- c:\windows\system32\msls31.dll

2013-11-19 20:44 . 2013-11-19 20:44 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-11-19 20:44 . 2013-11-19 20:44 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-11-19 20:44 . 2013-11-19 20:44 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-11-19 20:44 . 2013-11-19 20:44 195584 ----a-w- c:\windows\system32\msrating.dll

2013-11-19 20:44 . 2013-11-19 20:44 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2013-11-19 20:44 . 2013-11-19 20:44 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-11-19 20:44 . 2013-11-19 20:44 105984 ----a-w- c:\windows\system32\iesysprep.dll

2013-11-19 20:44 . 2013-11-19 20:44 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-11-19 20:44 . 2013-11-19 20:44 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2013-11-19 20:44 . 2013-11-19 20:44 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2013-11-19 20:44 . 2013-11-19 20:44 413696 ----a-w- c:\windows\system32\html.iec

2013-11-19 20:44 . 2013-11-19 20:44 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-11-19 20:44 . 2013-11-19 20:44 296960 ----a-w- c:\windows\system32\dxtrans.dll

2013-11-19 20:44 . 2013-11-19 20:44 81408 ----a-w- c:\windows\system32\icardie.dll

2013-11-19 20:44 . 2013-11-19 20:44 30208 ----a-w- c:\windows\system32\licmgr10.dll

2013-11-19 20:44 . 2013-11-19 20:44 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2013-11-19 20:44 . 2013-11-19 20:44 243200 ----a-w- c:\windows\system32\webcheck.dll

2013-11-19 20:44 . 2013-11-19 20:44 235520 ----a-w- c:\windows\system32\url.dll

2013-11-19 20:44 . 2013-11-19 20:44 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-11-19 20:44 . 2013-11-19 20:44 84992 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-19 20:44 . 2013-11-19 20:44 626176 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-19 20:44 . 2013-11-19 20:44 548352 ----a-w- c:\windows\system32\vbscript.dll

2013-11-19 20:44 . 2013-11-19 20:44 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-11-19 20:44 . 2013-11-19 20:44 143872 ----a-w- c:\windows\system32\wextract.exe

2013-11-19 20:44 . 2013-11-19 20:44 101376 ----a-w- c:\windows\system32\inseng.dll

2013-11-19 20:44 . 2013-11-19 20:44 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-11-19 20:44 . 2013-11-19 20:44 774144 ----a-w- c:\windows\system32\jscript.dll

2013-11-19 20:44 . 2013-11-19 20:44 62464 ----a-w- c:\windows\system32\pngfilt.dll

2013-11-19 20:44 . 2013-11-19 20:44 48128 ----a-w- c:\windows\system32\imgutil.dll

2013-11-19 20:44 . 2013-11-19 20:44 147968 ----a-w- c:\windows\system32\occache.dll

2013-11-19 20:44 . 2013-11-19 20:44 13824 ----a-w- c:\windows\system32\mshta.exe

2013-11-19 20:44 . 2013-11-19 20:44 135680 ----a-w- c:\windows\system32\iepeers.dll

2013-11-12 02:23 . 2013-12-12 13:27 2048 ----a-w- c:\windows\system32\tzres.dll

2013-11-12 02:07 . 2013-12-12 13:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-11-11 19:16 . 2012-09-23 22:24 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-10-30 02:32 . 2013-12-12 13:27 335360 ----a-w- c:\windows\system32\msieftp.dll

2013-10-30 02:19 . 2013-12-12 13:27 301568 ----a-w- c:\windows\SysWow64\msieftp.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-9-28 1040952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 13:47]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-01 13:47]

.

2014-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000Core.job

- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 13:47]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3657174505-1360388305-3814514265-1000UA.job

- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-31 13:47]

.

2013-12-27 c:\windows\Tasks\HPCeeScheduleForANDREW-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

2014-01-21 c:\windows\Tasks\HPCeeScheduleForAndrew.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.
Link to post
Share on other sites

------- Supplementary Scan -------

.


uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 77.244.128.44 77.244.128.45

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

URLSearchHooks-{90eee664-34b1-422a-a782-779af65cdf6d} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]

"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]

"ImagePath"="system32\drivers\ACPI.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]

"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeARMservice]

"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]

"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]

"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]

"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AERTFilters]

"ImagePath"="c:\program files\Realtek\Audio\HDA\AERTSr64.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility]

"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]

"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag]

"ImagePath"="system32\DRIVERS\atikmdag.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap]

"ImagePath"="system32\DRIVERS\atikmpag.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]

"ImagePath"="system32\DRIVERS\amdppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]

"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]

"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]

"ImagePath"="system32\drivers\amdxata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amd_sata]

"ImagePath"="system32\DRIVERS\amd_sata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amd_xata]

"ImagePath"="system32\DRIVERS\amd_xata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\androidusb]

"ImagePath"="System32\Drivers\androidusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]

"ImagePath"="\SystemRoot\system32\drivers\appid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]

"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Apple Mobile Device]

"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]

"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]

"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET_1.1.4322]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswFsBlk]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswMonFlt]

"ImagePath"="\??\c:\windows\system32\drivers\aswMonFlt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswRdr]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswSnx]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswSP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aswTdi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\athr]

"ImagePath"="system32\DRIVERS\athrx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiPcie]

"ImagePath"="system32\DRIVERS\AtiPcie64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avast! Antivirus]

"ImagePath"="\"c:\program files\AVAST Software\Avast\AvastSvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]

"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]

"ImagePath"="system32\DRIVERS\avgidsha.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]

"ImagePath"="system32\DRIVERS\avgldx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]

"ImagePath"="system32\DRIVERS\avgloga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]

"ImagePath"="system32\DRIVERS\avgmfx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]

"ImagePath"="system32\DRIVERS\avgrkx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]

"ImagePath"="system32\DRIVERS\avgtdia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgtp]

"ImagePath"="\??\c:\windows\system32\drivers\avgtpx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]

"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]

"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]

"ImagePath"="system32\DRIVERS\b57nd60a.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BBSvc]

"ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BBUpdate]

"ImagePath"="\"c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]

"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BHDrvx64]

"ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110920.001\BHDrvx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]

"ImagePath"="\SystemRoot\system32\DRIVERS\blbdrive.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Bonjour Service]

"ImagePath"="\"c:\program files (x86)\Bonjour\mDNSResponder.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]

"ImagePath"="system32\DRIVERS\bridge.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]

"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]

"ServiceDll"="%SystemRoot%\system32\bthserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]

"ImagePath"="\??\c:\combofix\catchme.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]

"ImagePath"="\SystemRoot\system32\drivers\cdrom.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]

"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]

"ImagePath"="System32\CLFS.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]

"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clwvd]

"ImagePath"="system32\DRIVERS\clwvd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]

"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]

"ImagePath"="System32\Drivers\cng.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]

"ImagePath"="system32\DRIVERS\compbatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]

"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctxusbm]

"ImagePath"="system32\DRIVERS\ctxusbm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]

"ServiceDll"="%Systemroot%\System32\defragsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]

"ImagePath"="System32\drivers\discache.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]

"ImagePath"="\SystemRoot\system32\drivers\drmkaud.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]

"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eeCtrl]

"ImagePath"="\??\c:\program files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]

"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ezSharedSvc]

"ImagePath"="c:\windows\System32\ezSharedSvcHost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]

"ImagePath"="%systemroot%\system32\fxssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]

"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]

"ImagePath"="System32\drivers\FsDepends.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]

"ImagePath"="System32\DRIVERS\fvevol.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]

"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GameConsoleService]

"ImagePath"="\"c:\program files (x86)\HP Games\HP Game Console\GameConsoleService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdate]

"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdatem]

"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]

"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]

"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]

"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]

"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]

"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]

"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]

"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]

"ServiceDll"="%SystemRoot%\system32\provsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Support Assistant Service]

"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HP Wireless Assistant Service]

"ImagePath"="\"c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPClientSvc]

"ImagePath"="\"c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hpqwmiex]

"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]

"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HPWMISVC]

"ImagePath"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]

"ImagePath"="System32\drivers\hwpolicy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]

"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDSVia64]

"ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110929.031\IDSvia64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IEEtwCollectorService]

"ImagePath"="%SystemRoot%\system32\IEEtwCollector.exe /V"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\igfx]

"ImagePath"="system32\DRIVERS\igdkmd64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]

"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHD64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]

"ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]

"ImagePath"="System32\drivers\ipnat.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]

"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]

"ImagePath"="\SystemRoot\system32\drivers\kbdclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]

"ImagePath"="\SystemRoot\system32\drivers\kbdhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]

"ImagePath"="System32\Drivers\ksecpkg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]

"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LightScribeService]

"ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMProtector]

"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMScheduler]

"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService]

"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]

"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]

"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]

"ImagePath"="system32\drivers\modem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]

"ImagePath"="\SystemRoot\system32\drivers\mouclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]

"ImagePath"="System32\drivers\mountmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]

"ImagePath"="system32\drivers\msahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]

"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]

"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]

"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAVENG]

"ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\ENG64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAVEX15]

"ImagePath"="\??\c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110929.019\EX64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]

"ImagePath"="system32\DRIVERS\ndiscap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netw5v64]

"ImagePath"="system32\DRIVERS\netw5v64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]

"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NOBU]

"ImagePath"="\"c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe\" SERVICE"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\odserv]

"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]

"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose]

"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]

"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]

"ImagePath"="system32\drivers\pci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]

"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]

"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]

"ImagePath"="System32\drivers\pcw.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]

"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PnkBstrA]

"ImagePath"="c:\windows\system32\PnkBstrA.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]

"ServiceDll"="%SystemRoot%\system32\umpo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]

"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]

"ImagePath"="system32\DRIVERS\pacer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]

"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]

"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]

"ImagePath"="system32\DRIVERS\AgileVpn.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]

"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]

"ImagePath"="system32\drivers\rdprefmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPUDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RdpVideoMiniport]

"ImagePath"="System32\drivers\rdpvideominiport.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]

"ImagePath"="System32\drivers\rdyboost.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]

"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167]

"ImagePath"="system32\DRIVERS\Rt64win7.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RtVOsdService]

"ImagePath"="\"c:\program files\Realtek\RtVOsd\RtVOsdService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]

"ImagePath"="System32\DRIVERS\scfilter.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sdbus]

"ImagePath"="\SystemRoot\system32\drivers\sdbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]

"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]

"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]

"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]

"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]

"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Skype C2C Service]

"ImagePath"="\"c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate]

"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]

"ImagePath"="%SystemRoot%\system32\sppsvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]

"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SRTSP]

"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SRTSPX]

"ImagePath"="\SystemRoot\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfHDA]

"ImagePath"="system32\DRIVERS\VSTAZL6.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfV92]

"ImagePath"="system32\DRIVERS\VSTDPV6.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SrvHsfWinac]

"ImagePath"="system32\DRIVERS\VSTCNXT6.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Steam Client Service]

"ImagePath"="\"c:\program files (x86)\Common Files\Steam\SteamService.exe\" /RunAsService"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]

"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]

"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymDS]

"ImagePath"="system32\drivers\NISx64\1207000.00D\SYMDS64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEFA]

"ImagePath"="system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymEvent]

"ImagePath"="\??\c:\windows\system32\Drivers\SYMEVENT64x86.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymIRON]

"ImagePath"="\SystemRoot\system32\drivers\NISx64\1207000.00D\Ironx64.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SymNetS]

"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]

"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]

"ServiceDll"="%SystemRoot%\system32\themeservice.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt]

"ImagePath"="system32\drivers\tsusbflt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]

"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]

"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]

"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBAAPL64]

"ImagePath"="System32\Drivers\usbaapl64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbfilter]

"ImagePath"="system32\DRIVERS\usbfilter.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]

"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbvideo]

"ImagePath"="\SystemRoot\System32\Drivers\usbvideo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]

"ImagePath"="system32\drivers\vdrvroot.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]

"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]

"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vToolbarUpdater17.2.0]

"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]

"ImagePath"="system32\DRIVERS\vwifibus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwififlt]

"ImagePath"="system32\DRIVERS\vwififlt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]

"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]

"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]

"ImagePath"="\"%systemroot%\system32\wbengine.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]

"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]

"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]

"ImagePath"="system32\DRIVERS\wfplwf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]

"ImagePath"="system32\drivers\wimmount.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb]

"ImagePath"="system32\DRIVERS\WinUsb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmBEnum]

"ImagePath"="system32\drivers\WmBEnum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmFilter]

"ImagePath"="system32\drivers\WmFilter.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]

"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmVirHid]

"ImagePath"="system32\drivers\WmVirHid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmXlCore]

"ImagePath"="system32\drivers\WmXlCore.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]

"ImagePath"="system32\drivers\WudfPf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]

"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\yukonw7]

"ImagePath"="system32\DRIVERS\yk62x64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\zghsmdm]

"ImagePath"="system32\DRIVERS\zghsmdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1036A8EF-95C9-478D-A098-7D8AFE1ABC88}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{DE4F408B-CD19-4F79-9CAC-145B200A757F}]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

.

**************************************************************************

.

Completion time: 2014-01-22  20:30:26 - machine was rebooted

ComboFix-quarantined-files.txt  2014-01-22 20:30

.

Pre-Run: 332,893,515,776 bytes free

Post-Run: 333,701,931,008 bytes free

.

- - End Of File - - 5F11CBEF5BE10376981FE58E502C3636

42E2EE4DA8F8747AD1CDB6C8E3D55401
Link to post
Share on other sites

  • Staff

Hello Andrew12345

:multiple Anti Virus programs:

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    AV: avast! Antivirus

    AV: AVG AntiVirus Free Edition 2013

    AV: Norton Internet Security

    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove all but one of them.

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Hi, 

Apologies for the late reply, i have had trouble with uninstalling avast anti-virus. I followed their directions online, downloading avastclear.exe and operated it in safe mode. Now ever since I uninstalled avast, my computer wont connect to the internet, it just states limited access where as other computers can connect fine, which is one I am messaging back on now. I will be trying it on another internet source later this evening, so will see how it operates there, if it fails, should I run a system restore?

 

Apologies for the delay again

Many thanks

Andrew

Link to post
Share on other sites

  • Staff

Hello

Lets see if this will fix what is wronge with the internet

Complete Internet Repair

Please download http://www.rizonesoft.com/?ddownload=504 Complete Internet Repair and save it to your desktop

Double click the icon and select Run

Click Extract

Double click the Complete Internet Repair folder on your desktop

Double click the CIntRep.exe icon

Place a checkmark next to the following entries:

Reset Internet Protocol (TCP/IP)

Repair Winsock (Reset Catalog)

Renew Internet Connections

Flush DNS Resolver Cache

Repair Internet Explorer 6.0.2900

Clear Windows Update History

Repair Windows / Automatic Updates

Repair SSL / HTTPS / Cryptography

Reset Windows Firewall Configuration

Restore the default hosts file

Repair Workgroup Computers view

Click Go!

Ignore any error messages for now

Click OK to reboot your computer

Check your internet access

Please let me know if this worked

Link to post
Share on other sites

Hi

 

I preformed a system restore so that I could get online to download the internet repair tool above. I downloaded it and uninstalled avast once again. Once i ran the internet repair tool, AVG popped up claiming it was a trojan horse. So i followed the procedure of stopping it and have returned here for further instructions. Should I continue to run the programme and ignore AVG or have i done the correct thing following AVG's instructions?

Apologies for all the hassle this is causing.

 

Many thanks 

Andrew

Link to post
Share on other sites

Hi

 

The above instruction (via uninstalling in safe mode) was what i completed last time and led to the internet connection failure. 

 

I have now preformed a system restore to a time before I removed either Norton or Avast.

The PC now connects to the internet again.

I have also managed to uninstall avast through the control panel system, so I think it is fully uninstalled and I can connect to the internet!

 

It may be the uninstalling of norton causing the problems? (norton was pre-installed on the PC when it was purchased)

 

Should I continue with the prior instructions now of running combofix after uninstalling norton?

 

Many thanks

Andrew

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.