HD constantly polled

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Go down

HD constantly polled

Post by madmac283 on Wed 19 Dec 2012, 2:32 am

First topic message reminder :

Hello,

My hard drive light is constantly on and seems to be continuously polled by something. C drive seems fine, but seems that my E drive is what is constantly polled. Not sure where to start with this one. Here are my logs.

Thanks in advance!

OTL logfile created on: 12/18/2012 2:25:56 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.22 Gb Available Physical Memory | 70.49% Memory free
11.98 Gb Paging File | 9.95 Gb Available in Paging File | 83.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.79 Gb Total Space | 68.07 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
Drive E: | 931.41 Gb Total Space | 350.42 Gb Free Space | 37.62% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/18 14:24:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.com
PRC - [2012/11/29 00:49:26 | 000,151,952 | ---- | M] (Apple Inc.) -- E:\iTunesHelper.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/02/17 18:59:38 | 000,953,744 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
PRC - [2010/12/01 01:26:12 | 000,749,384 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/04/27 18:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/05 01:15:15 | 012,456,040 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/05 01:15:15 | 000,460,904 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/05 01:15:14 | 004,008,040 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/05 01:14:29 | 000,587,880 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/05 01:14:28 | 000,124,520 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/05 01:14:21 | 000,157,304 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/05 01:14:20 | 000,275,576 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/05 01:14:19 | 002,168,952 | ---- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2011/11/02 07:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 07:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/12/01 01:26:54 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/12/01 01:26:52 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/12/01 01:26:52 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/28 01:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/01 16:03:26 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/28 02:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/28 01:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/14 06:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/07 17:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/06/10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/17 16:44:46 | 000,044,480 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 17:23:14 | 000,126,464 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/31 05:44:51 | 000,116,848 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/04/27 17:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 17:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/12/25 07:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009/07/16 03:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/04/30 15:59:48 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 C2 83 A6 85 4A CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {20BD5D7C-CCCD-4faf-8B1D-35EC980DD33E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = E:\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [iTunesHelper] E:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - Startup: C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} [You must be registered and logged in to see this link.] (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71D5C660-B8B5-4E69-9638-4B2DE4C75F1D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67e01a45-46a9-11e0-a669-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67e01a45-46a9-11e0-a669-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe
O33 - MountPoints2\{d630126e-51b4-11e0-a5b1-bcaec543a292}\Shell - "" = AutoRun
O33 - MountPoints2\{d630126e-51b4-11e0-a5b1-bcaec543a292}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig:64bit - StartUpReg: ANT Agent - hkey= - key= - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - E:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 15:27:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Garmin
[2012/12/15 15:27:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Garmin
[2012/12/15 15:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ant
[2012/12/15 15:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin


madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down


Re: HD constantly polled

Post by madmac283 on Fri 21 Dec 2012, 11:25 pm

ComboFix 12-12-17.02 - Jason 12/21/2012 12:06:11.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4712 [GMT 0:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --> c:\windows\System32\drivers\AFD.SYS
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 12:08 . 2012-12-21 12:08 -------- d-----w- c:\users\Mcx1-JASON-PC\AppData\Local\temp
2012-12-21 12:08 . 2012-12-21 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\SanityCheck
2012-12-19 20:27 . 2012-10-29 08:20 31328 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-12-18 19:34 . 2012-12-18 19:34 -------- d-----w- c:\program files\CCleaner
2012-12-18 15:19 . 2010-12-01 01:27 83784 ----a-w- c:\windows\system32\rdboot64.exe
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Local\Garmin
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Roaming\Garmin
2012-12-15 15:25 . 2012-12-15 15:25 -------- d-----w- c:\programdata\Ant
2012-12-15 15:22 . 2012-12-15 15:22 -------- d-----w- c:\program files (x86)\Garmin
2012-12-12 04:03 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 19:31 . 2012-12-11 19:31 -------- d-----w- c:\users\Jason\AppData\Roaming\AVG2013
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\programdata\AVG2013
2012-12-11 19:15 . 2012-12-11 21:20 -------- d-----w- c:\users\Jason\AppData\Local\Avg2013
2012-12-11 19:15 . 2012-12-11 19:15 -------- d-----w- c:\users\Jason\AppData\Local\MFAData
2012-12-05 06:21 . 2012-12-05 06:21 -------- d-----w- c:\users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-05 06:13 . 2012-12-05 06:13 53248 ----a-r- c:\users\Jason\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\programdata\Logitech
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-12-05 06:12 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Logitech
2012-12-01 16:27 . 2012-12-01 16:27 -------- d-----w- c:\users\Jason\AppData\Local\NBGI
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\windows\SysWow64\xlive
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 16:15 . 2008-10-15 06:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-12-01 01:02 . 2012-12-01 01:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-01 01:02 . 2012-12-01 01:02 -------- d-----w- c:\program files\iTunes
2012-12-01 01:02 . 2012-12-01 01:02 -------- d-----w- c:\program files\iPod
2012-11-26 03:00 . 2012-11-26 03:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-25 13:19 . 2009-04-16 12:47 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-11-25 13:18 . 2009-04-16 12:47 136704 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-11-25 13:18 . 2012-11-27 16:01 -------- d-----w- c:\program files (x86)\HP
2012-11-25 13:18 . 2012-11-25 13:18 -------- d-----w- c:\program files\HP
2012-11-25 13:17 . 2012-11-25 13:17 -------- d-----w- c:\programdata\HP
2012-11-25 13:17 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-11-25 13:17 . 2009-04-01 06:21 881664 ----a-w- c:\windows\system32\hposwia_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 749056 ----a-w- c:\windows\system32\hpost_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 516096 ----a-w- c:\windows\system32\hposc_d02a.dll
2012-11-25 13:17 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\users\Jason\AppData\Local\Radium Technologies
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\programdata\Radium Technologies
2012-11-24 11:07 . 2012-11-24 11:07 -------- d-----w- c:\users\Jason\AppData\Local\PackageAware
2012-11-24 08:26 . 2012-11-24 08:26 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-24 00:11 . 2012-11-24 00:11 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-11-23 11:29 . 2012-12-18 13:52 -------- d-----w- c:\users\Jason\AppData\Roaming\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----r- c:\program files (x86)\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\programdata\Skype
2012-11-23 11:26 . 2012-11-23 11:26 -------- d-----w- c:\users\Jason\AppData\Roaming\Leadertech
2012-11-23 11:26 . 2009-04-30 22:57 266776 ----a-w- c:\windows\system32\lvco1201278.dll
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-11-23 11:25 . 2012-11-25 08:14 -------- d-----w- c:\programdata\LogiShrd
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-23 11:25 . 2012-11-23 11:25 -------- d-----w- c:\program files\Logitech
2012-11-23 11:14 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-23 11:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-23 11:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-23 11:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-23 11:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-23 11:08 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-23 11:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-23 11:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-23 11:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-23 11:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-23 11:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-23 11:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-23 11:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-23 11:03 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-23 10:58 . 2012-11-23 10:58 -------- d-----w- c:\programdata\ATI
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 18:30 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 15:37 . 2011-03-04 21:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-01 16:03 . 2011-12-11 21:54 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 09:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 03:32 . 2012-10-05 03:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 04:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 03:30 . 2012-10-02 03:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 19:54 . 2011-03-29 23:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 23:37 . 2012-09-28 23:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 23:36 . 2012-09-28 23:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 23:36 . 2012-09-28 23:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 23:36 . 2012-09-28 23:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 23:36 . 2012-09-28 23:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 23:36 . 2012-09-28 23:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 23:32 . 2012-09-28 23:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 10:32 . 2012-09-28 10:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 10:32 . 2012-09-28 10:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-01-27 06:59 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-01-27 06:40 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-06-11 16:27 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-01-27 06:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rdboot64.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AFD
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AtiHDAudioService]
"ImagePath"="system32\drivers\AtihdW76.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HPSLPSVC]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IAANTMON]
"ImagePath"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.


madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri 21 Dec 2012, 11:27 pm

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\libusb0]
"ImagePath"="system32\DRIVERS\libusb0.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVPr2M64]
"ImagePath"="system32\DRIVERS\LVPr2M64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVRS64]
"ImagePath"="system32\DRIVERS\lvrs64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVUVC64]
"ImagePath"="system32\DRIVERS\lvuvc64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mv91xx]
"ImagePath"="system32\DRIVERS\mv91xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3hub]
"ImagePath"="system32\DRIVERS\nusb3hub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3xhc]
"ImagePath"="system32\DRIVERS\nusb3xhc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspSanity]
"ImagePath"="system32\DRIVERS\rspSanity64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RzSynapse]
"ImagePath"="system32\DRIVERS\RzSynapse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\S3XXx64]
"ImagePath"="system32\DRIVERS\S3XXx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sxuptp]
"ImagePath"="system32\DRIVERS\sxuptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UMVPFSrv]
"ImagePath"="c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{71D5C660-B8B5-4E69-9638-4B2DE4C75F1D}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\0b\15/\0cc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Completion time: 2012-12-21 12:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-21 12:14
ComboFix2.txt 2012-12-18 18:17
.
Pre-Run: 74,112,200,704 bytes free
Post-Run: 73,779,748,864 bytes free
.
- - End Of File - - 33C5E374F49A8FE75072E2DC43875A63

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri 21 Dec 2012, 11:30 pm

I guess the good news is that I can get online on this machine again. The bad news is that the HD is constantly being polled again and it's running slow like when we first started.

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat 22 Dec 2012, 2:55 am

Well I guess I spoke too soon. I left it alone for a couple of hours, came back and it was in "sleep" mode, which I never have turned on, and when I woke it up with a press of the space bar, it was shutting down and rebooted itself. It restarted, he isn't being polled constantly, but the networking will not connect again, so no internet.

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Sat 22 Dec 2012, 2:56 am

Next log from Farbar Service Scanner, please...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat 22 Dec 2012, 3:11 am

Farbar Service Scanner Version: 10-12-2012
Ran by Jason (administrator) on 21-12-2012 at 16:07:28
Running from "C:\Users\Jason\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-17 20:42] - [2012-12-21 12:21] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Sat 22 Dec 2012, 9:16 am

ComboFix Script


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    FCopy::
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys | C:\Windows\System32\drivers\AFD.SYS
  • Save this as CFScript.txt, in the same location as ComboFix.exe

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat 22 Dec 2012, 9:08 pm

Seems I can get on the internet again, but the hard drive is being polled constantly again.

ComboFix 12-12-17.02 - Jason 12/22/2012 9:36.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.5051 [GMT 0:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --> c:\windows\System32\drivers\AFD.SYS
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 09:38 . 2012-12-22 09:38 -------- d-----w- c:\users\Mcx1-JASON-PC\AppData\Local\temp
2012-12-22 09:38 . 2012-12-22 09:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 14:46 . 2012-12-21 15:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 14:46 . 2012-12-21 14:46 -------- d-----w- c:\program files\iPod
2012-12-21 14:45 . 2012-12-21 15:13 -------- d-----w- c:\program files\iTunes
2012-12-21 12:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 12:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 12:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 12:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\SanityCheck
2012-12-19 20:27 . 2012-10-29 08:20 31328 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-12-18 19:34 . 2012-12-18 19:34 -------- d-----w- c:\program files\CCleaner
2012-12-18 15:19 . 2010-12-01 01:27 83784 ----a-w- c:\windows\system32\rdboot64.exe
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Local\Garmin
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Roaming\Garmin
2012-12-15 15:25 . 2012-12-15 15:25 -------- d-----w- c:\programdata\Ant
2012-12-15 15:22 . 2012-12-15 15:22 -------- d-----w- c:\program files (x86)\Garmin
2012-12-12 04:03 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 19:31 . 2012-12-11 19:31 -------- d-----w- c:\users\Jason\AppData\Roaming\AVG2013
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\programdata\AVG2013
2012-12-11 19:15 . 2012-12-11 21:20 -------- d-----w- c:\users\Jason\AppData\Local\Avg2013
2012-12-11 19:15 . 2012-12-11 19:15 -------- d-----w- c:\users\Jason\AppData\Local\MFAData
2012-12-05 06:21 . 2012-12-05 06:21 -------- d-----w- c:\users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-05 06:13 . 2012-12-05 06:13 53248 ----a-r- c:\users\Jason\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\programdata\Logitech
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-12-05 06:12 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Logitech
2012-12-01 16:27 . 2012-12-01 16:27 -------- d-----w- c:\users\Jason\AppData\Local\NBGI
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\windows\SysWow64\xlive
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 16:15 . 2008-10-15 06:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-26 03:00 . 2012-11-26 03:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-25 13:19 . 2009-04-16 12:47 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-11-25 13:18 . 2009-04-16 12:47 136704 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-11-25 13:18 . 2012-11-27 16:01 -------- d-----w- c:\program files (x86)\HP
2012-11-25 13:18 . 2012-11-25 13:18 -------- d-----w- c:\program files\HP
2012-11-25 13:17 . 2012-11-25 13:17 -------- d-----w- c:\programdata\HP
2012-11-25 13:17 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-11-25 13:17 . 2009-04-01 06:21 881664 ----a-w- c:\windows\system32\hposwia_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 749056 ----a-w- c:\windows\system32\hpost_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 516096 ----a-w- c:\windows\system32\hposc_d02a.dll
2012-11-25 13:17 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\users\Jason\AppData\Local\Radium Technologies
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\programdata\Radium Technologies
2012-11-24 11:07 . 2012-11-24 11:07 -------- d-----w- c:\users\Jason\AppData\Local\PackageAware
2012-11-24 08:26 . 2012-11-24 08:26 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-24 00:11 . 2012-11-24 00:11 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-11-23 11:29 . 2012-12-18 13:52 -------- d-----w- c:\users\Jason\AppData\Roaming\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----r- c:\program files (x86)\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\programdata\Skype
2012-11-23 11:26 . 2012-11-23 11:26 -------- d-----w- c:\users\Jason\AppData\Roaming\Leadertech
2012-11-23 11:26 . 2009-04-30 22:57 266776 ----a-w- c:\windows\system32\lvco1201278.dll
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-11-23 11:25 . 2012-11-25 08:14 -------- d-----w- c:\programdata\LogiShrd
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-23 11:25 . 2012-11-23 11:25 -------- d-----w- c:\program files\Logitech
2012-11-23 11:14 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-23 11:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-23 11:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-23 11:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-23 11:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-23 11:08 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-23 11:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-23 11:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-23 11:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-23 11:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-23 11:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-23 11:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-23 11:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-23 11:03 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-23 10:58 . 2012-11-23 10:58 -------- d-----w- c:\programdata\ATI
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-21 12:21 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 15:37 . 2011-03-04 21:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-01 16:03 . 2011-12-11 21:54 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 09:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 03:32 . 2012-10-05 03:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 04:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 03:30 . 2012-10-02 03:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 19:54 . 2011-03-29 23:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 23:37 . 2012-09-28 23:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 23:36 . 2012-09-28 23:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 23:36 . 2012-09-28 23:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 23:36 . 2012-09-28 23:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 23:36 . 2012-09-28 23:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 23:36 . 2012-09-28 23:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 23:32 . 2012-09-28 23:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 10:32 . 2012-09-28 10:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 10:32 . 2012-09-28 10:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-01-27 06:59 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-01-27 06:40 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-06-11 16:27 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-01-27 06:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rdboot64.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AFD
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AtiHDAudioService]
"ImagePath"="system32\drivers\AtihdW76.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HPSLPSVC]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IAANTMON]
"ImagePath"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\libusb0]
"ImagePath"="system32\DRIVERS\libusb0.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVPr2M64]
"ImagePath"="system32\DRIVERS\LVPr2M64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVRS64]
"ImagePath"="system32\DRIVERS\lvrs64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVUVC64]
"ImagePath"="system32\DRIVERS\lvuvc64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat 22 Dec 2012, 9:10 pm

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mv91xx]
"ImagePath"="system32\DRIVERS\mv91xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3hub]
"ImagePath"="system32\DRIVERS\nusb3hub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3xhc]
"ImagePath"="system32\DRIVERS\nusb3xhc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspSanity]
"ImagePath"="system32\DRIVERS\rspSanity64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RzSynapse]
"ImagePath"="system32\DRIVERS\RzSynapse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\S3XXx64]
"ImagePath"="system32\DRIVERS\S3XXx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sxuptp]
"ImagePath"="system32\DRIVERS\sxuptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UMVPFSrv]
"ImagePath"="c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{71D5C660-B8B5-4E69-9638-4B2DE4C75F1D}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\0b\15/\0cc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Completion time: 2012-12-22 09:44:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-22 09:44
ComboFix2.txt 2012-12-21 12:14
ComboFix3.txt 2012-12-18 18:17
.
Pre-Run: 75,016,224,768 bytes free
Post-Run: 74,650,095,616 bytes free
.
- - End Of File - - D706298F2ACB6AB3033CC3689F0FC31F

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Sun 23 Dec 2012, 8:22 am

Next FSS log please.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.

  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.



Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sun 23 Dec 2012, 5:07 pm

I ran JRT, then AdwCleaner and then FSS. The computer we have been working on was online, but AdwCleaner caused it to reboot and when it booted back up, it wouldn't connect to the network again...same error as before. I then ran FSS.

Here are the logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.4 (12.21.2012:3)
OS: Windows 7 Home Premium x64
Ran by Jason on Sun 12/23/2012 at 5:36:29.30
Blog: [You must be registered and logged in to see this link.]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/23/2012 at 5:40:05.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v2.101 - Logfile created 12/23/2012 at 05:43:28
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jason - JASON-PC
# Boot Mode : Normal
# Running from : C:\Users\Jason\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3954 octets] - [18/12/2012 14:39:47]
AdwCleaner[S2].txt - [716 octets] - [23/12/2012 05:43:28]

########## EOF - C:\AdwCleaner[S2].txt - [775 octets] ##########
Farbar Service Scanner Version: 10-12-2012
Ran by Jason (administrator) on 23-12-2012 at 05:47:39
Running from "C:\Users\Jason\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-17 20:42] - [2012-12-22 10:03] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Mon 24 Dec 2012, 8:45 pm

How's it working now?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon 24 Dec 2012, 8:54 pm

The networking isn't working again after AdwCleaner caused it to reboot and when it booted back up, it wouldn't connect to the network again...same error as before.


So to me it seems that:

1) Networking works and the E drive is constantly being polled or
2) Networking doesn't work, but the E drive isn't constantly being polled.

FSS says that AFD.sys is infected.

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Mon 24 Dec 2012, 9:23 pm

Let's look at it a lot closer, because it is looking more and more like a rootkit problem...

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon 24 Dec 2012, 10:17 pm

Downloaded, but I think perhaps the program has changeable because your instructions don't follow the process. I installed program then ran it. There was one thing to be cleaned and I did this, but there was no prompt for reboot.

I rebooted but networking services still are not working.

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon 24 Dec 2012, 10:28 pm

I don't think we have used hijack this yet, but I downloaded it and ran a scan, this is the log it came up with as best I can tell.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:09 AM, on 12/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
E:\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Jason\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7428 bytes

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Tue 25 Dec 2012, 8:16 pm

HijackThis is way out of our league now. We have ten times better tools.

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Tue 25 Dec 2012, 10:13 pm

Thanks and Merry Christmas!

Just as a note, I had to type in "e:\frst64.exe" in order to get the program to run. No big deal, but may be hard for someone to figure out in the future. Also, the only reason I downloaded hijack this was because your last set of instructions called for a log from it...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 25-12-2012 11:02:13
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953744 2011-02-17] (Razer USA Ltd)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] "E:\iTunesHelper.exe" [x]
HKU\Jason\...\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
HKU\Mcx1-JASON-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\Jason\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-12-01] (DT Soft Ltd)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-04-30] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-25 02:25 - 2012-12-25 02:25 - 00000000 ____D C:\FRST
2012-12-24 03:24 - 2012-12-24 03:24 - 00007429 ____A C:\Users\Jason\Desktop\hijackthis.log
2012-12-24 03:23 - 2012-12-24 03:23 - 00388608 ____N (Trend Micro Inc.) C:\Users\Jason\Desktop\HijackThis.exe
2012-12-24 02:56 - 2012-12-24 02:56 - 00003205 ____A C:\Users\Jason\Desktop\Sophos Virus Removal Tool.lnk
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-24 02:54 - 2012-12-24 02:53 - 82075768 ____N (Sophos Limited) C:\Users\Jason\Desktop\Sophos Virus Removal Tool.exe
2012-12-22 21:51 - 2012-12-22 21:51 - 00000843 ____A C:\Users\Jason\Desktop\AdwCleaner[S2].txt
2012-12-22 21:43 - 2012-12-22 21:43 - 00000843 ____A C:\AdwCleaner[S2].txt
2012-12-22 21:40 - 2012-12-22 21:40 - 00000671 ____A C:\Users\Jason\Desktop\JRT.txt
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Windows\ERUNT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\JRT
2012-12-22 20:59 - 2012-12-22 20:59 - 00496081 ____A (Oleg N. Scherbakov) C:\Users\Jason\Desktop\JRT.exe
2012-12-22 01:44 - 2012-12-22 01:44 - 00070741 ____A C:\ComboFix.txt
2012-12-22 01:29 - 2012-12-22 01:32 - 00000185 ____A C:\Users\Jason\Desktop\combo3.txt
2012-12-21 07:13 - 2012-12-21 07:13 - 00001363 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-21 06:46 - 2012-12-21 07:13 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 06:46 - 2012-12-21 06:46 - 00000000 ____D C:\Program Files\iPod
2012-12-21 06:45 - 2012-12-21 07:13 - 00000000 ____D C:\Program Files\iTunes
2012-12-21 04:17 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 04:17 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 04:17 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 04:17 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-21 04:10 - 2012-12-22 01:40 - 00001110 ____A C:\Windows\PFRO.log
2012-12-20 16:22 - 2012-12-20 16:22 - 00004840 ____A C:\Users\Jason\Desktop\SystemLook.txt
2012-12-20 16:20 - 2012-12-20 16:20 - 00165376 ____N C:\Users\Jason\Desktop\SystemLook_x64.exe
2012-12-19 23:43 - 2012-12-22 21:47 - 00003753 ____A C:\Users\Jason\Desktop\FSS.txt
2012-12-19 23:43 - 2012-12-19 23:42 - 00697869 ____N (Farbar) C:\Users\Jason\Desktop\FSS.exe
2012-12-19 12:35 - 2012-12-19 12:35 - 00001209 ____A C:\Users\Jason\Documents\Sanity check.txt
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:27 - 2012-12-19 12:30 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-19 12:27 - 2012-12-19 12:27 - 00000821 ____A C:\Users\Jason\Desktop\SanityCheck.lnk
2012-12-19 12:27 - 2012-12-19 12:27 - 00000000 ____D C:\Program Files\SanityCheck
2012-12-19 12:27 - 2012-10-29 00:20 - 00031328 ____A (Resplendence Software Projects Sp.) C:\Windows\System32\Drivers\rspSanity64.sys
2012-12-18 22:09 - 2012-12-18 22:08 - 00708960 ____N (Kaspersky Lab) C:\Users\Jason\Desktop\GetSystemInfo.exe
2012-12-18 12:39 - 2012-12-25 02:50 - 00002390 ____A C:\Windows\setupact.log
2012-12-18 12:39 - 2012-12-18 12:39 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 11:38 - 2012-12-18 11:38 - 02322184 ____A (ESET) C:\Users\Jason\Downloads\esetsmartinstaller_enu.exe
2012-12-18 11:34 - 2012-12-18 11:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-18 11:34 - 2012-12-18 11:34 - 00000000 ____D C:\Program Files\CCleaner
2012-12-18 11:05 - 2012-12-18 11:06 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe
2012-12-18 10:11 - 2012-12-22 01:44 - 00000000 ___AD C:\Qoobox
2012-12-18 10:11 - 2012-12-18 10:16 - 00000000 ____D C:\Windows\erdnt
2012-12-18 10:11 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-18 10:11 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-18 10:11 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-18 10:09 - 2012-12-18 10:09 - 05012571 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe
2012-12-18 07:19 - 2010-11-30 17:27 - 00083784 ____A (AVG Technologies) C:\Windows\System32\rdboot64.exe
2012-12-18 06:39 - 2012-12-18 06:39 - 00003954 ____A C:\AdwCleaner[S1].txt
2012-12-18 06:34 - 2012-12-18 06:38 - 00065404 ____A C:\Users\Jason\Downloads\Extras.Txt
2012-12-18 06:34 - 2012-12-18 06:34 - 00218146 ____A C:\Users\Jason\Downloads\OTL.Txt
2012-12-18 06:24 - 2012-12-18 06:24 - 00602112 ____A (OldTimer Tools) C:\Users\Jason\Downloads\OTL.com
2012-12-18 05:42 - 2012-12-18 05:42 - 00000628 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-18 05:40 - 2012-12-18 06:50 - 00007604 ____A C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2012-12-18 05:32 - 2012-12-18 05:35 - 00006779 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Garmin
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Local\Garmin
2012-12-15 07:25 - 2012-12-15 07:25 - 00000000 ____D C:\Users\All Users\Ant
2012-12-15 07:22 - 2012-12-15 07:22 - 09542584 ____A (Igor Pavlov) C:\Users\Jason\Downloads\ANTAgent_233.exe
2012-12-15 07:22 - 2012-12-15 07:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-12 07:36 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 07:36 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 07:36 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 07:36 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 07:36 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 07:36 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 07:36 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 07:36 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 07:36 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 07:36 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 07:36 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 07:36 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 07:36 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 07:36 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 07:36 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 07:36 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 07:36 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 07:36 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 07:36 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 07:36 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 07:36 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 07:36 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 07:36 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 07:36 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 07:36 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 07:36 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 07:36 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 07:36 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 07:36 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 07:36 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 07:36 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 07:36 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-11 20:03 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 20:03 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 20:03 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 20:03 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 20:03 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 20:03 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 20:03 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 20:03 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 20:03 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 20:03 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 20:03 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 11:31 - 2012-12-11 11:31 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2013
2012-12-11 11:17 - 2012-12-11 11:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-11 11:15 - 2012-12-11 13:20 - 00000000 ____D C:\Users\Jason\AppData\Local\Avg2013
2012-12-11 11:15 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\MFAData
2012-12-04 22:21 - 2012-12-04 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-04 22:12 - 2012-12-04 22:13 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-04 22:12 - 2012-12-04 22:12 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-12-04 22:12 - 2012-12-04 22:12 - 00000000 ____D C:\Users\All Users\Logitech
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\web.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\LC.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2p2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 08:27 - 2012-12-01 08:27 - 00000000 ____D C:\Users\Jason\AppData\Local\NBGI
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 08:15 - 2008-10-14 22:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-12-01 08:14 - 2008-10-14 22:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-12-01 08:14 - 2008-10-14 22:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-12-01 08:03 - 2012-12-01 08:03 - 00000655 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
2012-11-27 07:59 - 2012-11-27 08:06 - 00173324 ____A C:\Windows\hpoins46.dat
2012-11-27 07:59 - 2010-01-30 05:17 - 00000532 ____N C:\Windows\hpomdl46.dat
2012-11-25 19:00 - 2012-11-25 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-25 05:18 - 2012-11-27 08:01 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-25 05:18 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files\HP
2012-11-25 05:18 - 2009-04-16 04:47 - 00136704 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll
2012-11-25 05:17 - 2012-11-27 08:06 - 00003200 ____A C:\Users\All Users\hpzinstall.log
2012-11-25 05:17 - 2012-11-25 05:17 - 00000000 ____D C:\Users\All Users\HP
2012-11-25 05:17 - 2009-04-16 03:53 - 00642360 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00881664 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_d02d.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00749056 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_d02d.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00516096 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_d02a.dll
2012-11-25 05:17 - 2008-10-28 16:27 - 00551424 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll

==================== One Month Modified Files and Folders =======

2012-12-25 02:55 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-25 02:55 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-25 02:54 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-25 02:52 - 2011-03-04 13:58 - 01213354 ____A C:\Windows\WindowsUpdate.log
2012-12-25 02:50 - 2012-12-18 12:39 - 00002390 ____A C:\Windows\setupact.log
2012-12-25 02:50 - 2012-11-23 03:25 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-12-25 02:50 - 2009-07-13 21:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-25 02:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-25 02:25 - 2012-12-25 02:25 - 00000000 ____D C:\FRST
2012-12-25 02:18 - 2011-03-08 04:59 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-24 03:24 - 2012-12-24 03:24 - 00007429 ____A C:\Users\Jason\Desktop\hijackthis.log
2012-12-24 03:23 - 2012-12-24 03:23 - 00388608 ____N (Trend Micro Inc.) C:\Users\Jason\Desktop\HijackThis.exe
2012-12-24 02:56 - 2012-12-24 02:56 - 00003205 ____A C:\Users\Jason\Desktop\Sophos Virus Removal Tool.lnk
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-24 02:53 - 2012-12-24 02:54 - 82075768 ____N (Sophos Limited) C:\Users\Jason\Desktop\Sophos Virus Removal Tool.exe
2012-12-22 21:51 - 2012-12-22 21:51 - 00000843 ____A C:\Users\Jason\Desktop\AdwCleaner[S2].txt
2012-12-22 21:47 - 2012-12-19 23:43 - 00003753 ____A C:\Users\Jason\Desktop\FSS.txt
2012-12-22 21:43 - 2012-12-22 21:43 - 00000843 ____A C:\AdwCleaner[S2].txt
2012-12-22 21:40 - 2012-12-22 21:40 - 00000671 ____A C:\Users\Jason\Desktop\JRT.txt
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Windows\ERUNT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\JRT
2012-12-22 20:59 - 2012-12-22 20:59 - 00496081 ____A (Oleg N. Scherbakov) C:\Users\Jason\Desktop\JRT.exe
2012-12-22 20:53 - 2011-03-04 11:18 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
2012-12-22 18:53 - 2011-03-04 11:18 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
2012-12-22 02:03 - 2012-02-17 12:42 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AFD.SYS
2012-12-22 02:03 - 2009-07-13 16:10 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\WS2IFSL.SYS
2012-12-22 01:44 - 2012-12-22 01:44 - 00070741 ____A C:\ComboFix.txt
2012-12-22 01:44 - 2012-12-18 10:11 - 00000000 ___AD C:\Qoobox
2012-12-22 01:44 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-12-22 01:43 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-22 01:40 - 2012-12-21 04:10 - 00001110 ____A C:\Windows\PFRO.log
2012-12-22 01:32 - 2012-12-22 01:29 - 00000185 ____A C:\Users\Jason\Desktop\combo3.txt
2012-12-22 01:31 - 2011-03-04 11:18 - 00000000 ____D C:\Users\Jason\AppData\Local\Apps\2.0
2012-12-21 07:13 - 2012-12-21 07:13 - 00001363 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-21 07:13 - 2012-12-21 06:46 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 07:13 - 2012-12-21 06:45 - 00000000 ____D C:\Program Files\iTunes
2012-12-21 06:46 - 2012-12-21 06:46 - 00000000 ____D C:\Program Files\iPod
2012-12-21 04:22 - 2009-07-13 20:45 - 00277152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 16:22 - 2012-12-20 16:22 - 00004840 ____A C:\Users\Jason\Desktop\SystemLook.txt
2012-12-20 16:20 - 2012-12-20 16:20 - 00165376 ____N C:\Users\Jason\Desktop\SystemLook_x64.exe
2012-12-19 23:42 - 2012-12-19 23:43 - 00697869 ____N (Farbar) C:\Users\Jason\Desktop\FSS.exe
2012-12-19 12:35 - 2012-12-19 12:35 - 00001209 ____A C:\Users\Jason\Documents\Sanity check.txt
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:30 - 2012-12-19 12:27 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-19 12:27 - 2012-12-19 12:27 - 00000821 ____A C:\Users\Jason\Desktop\SanityCheck.lnk
2012-12-19 12:27 - 2012-12-19 12:27 - 00000000 ____D C:\Program Files\SanityCheck
2012-12-18 22:08 - 2012-12-18 22:09 - 00708960 ____N (Kaspersky Lab) C:\Users\Jason\Desktop\GetSystemInfo.exe
2012-12-18 13:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-18 12:39 - 2012-12-18 12:39 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 11:38 - 2012-12-18 11:38 - 02322184 ____A (ESET) C:\Users\Jason\Downloads\esetsmartinstaller_enu.exe
2012-12-18 11:36 - 2011-12-11 13:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\DAEMON Tools Lite
2012-12-18 11:36 - 2011-03-20 17:36 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Azureus
2012-12-18 11:36 - 2011-03-04 13:49 - 00000000 ____D C:\Windows\Panther
2012-12-18 11:34 - 2012-12-18 11:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-18 11:34 - 2012-12-18 11:34 - 00000000 ____D C:\Program Files\CCleaner
2012-12-18 11:06 - 2012-12-18 11:05 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe
2012-12-18 10:17 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-12-18 10:16 - 2012-12-18 10:11 - 00000000 ____D C:\Windows\erdnt
2012-12-18 10:09 - 2012-12-18 10:09 - 05012571 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe
2012-12-18 07:19 - 2011-03-03 22:00 - 00000000 ____D C:\users\Jason
2012-12-18 06:50 - 2012-12-18 05:40 - 00007604 ____A C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2012-12-18 06:39 - 2012-12-18 06:39 - 00003954 ____A C:\AdwCleaner[S1].txt
2012-12-18 06:38 - 2012-12-18 06:34 - 00065404 ____A C:\Users\Jason\Downloads\Extras.Txt
2012-12-18 06:34 - 2012-12-18 06:34 - 00218146 ____A C:\Users\Jason\Downloads\OTL.Txt
2012-12-18 06:24 - 2012-12-18 06:24 - 00602112 ____A (OldTimer Tools) C:\Users\Jason\Downloads\OTL.com
2012-12-18 06:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2012-12-18 05:52 - 2012-11-23 03:29 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Skype
2012-12-18 05:42 - 2012-12-18 05:42 - 00000628 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-18 05:35 - 2012-12-18 05:32 - 00006779 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-12-18 05:27 - 2011-03-27 05:40 - 00000000 ____D C:\Windows\Minidump
2012-12-16 09:11 - 2012-12-21 04:17 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 04:17 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 04:17 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 04:17 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Garmin
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Local\Garmin
2012-12-15 07:25 - 2012-12-15 07:25 - 00000000 ____D C:\Users\All Users\Ant
2012-12-15 07:22 - 2012-12-15 07:22 - 09542584 ____A (Igor Pavlov) C:\Users\Jason\Downloads\ANTAgent_233.exe
2012-12-15 07:22 - 2012-12-15 07:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-12 10:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-12 07:37 - 2011-03-04 13:02 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-11 13:20 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\Avg2013
2012-12-11 11:31 - 2012-12-11 11:31 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2013
2012-12-11 11:31 - 2011-03-08 05:01 - 00000000 ____D C:\Program Files (x86)\AVG
2012-12-11 11:17 - 2012-12-11 11:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-11 11:17 - 2012-05-17 17:17 - 00000000 ____D C:\$AVG
2012-12-11 11:15 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\MFAData
2012-12-04 22:21 - 2012-12-04 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-04 22:13 - 2012-12-04 22:12 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-04 22:13 - 2012-11-23 03:25 - 00019411 ____A C:\Windows\System32\lvcoinst.log
2012-12-04 22:13 - 2012-11-23 03:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2012-12-04 22:12 - 2012-12-04 22:12 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-12-04 22:12 - 2012-12-04 22:12 - 00000000 ____D C:\Users\All Users\Logitech
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\wc.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\lc.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2P2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 08:27 - 2012-12-01 08:27 - 00000000 ____D C:\Users\Jason\AppData\Local\NBGI
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 08:15 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-01 08:05 - 2011-12-11 13:52 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-12-01 08:03 - 2012-12-01 08:03 - 00000655 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-12-01 08:03 - 2011-12-11 13:54 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
2012-11-29 06:01 - 2011-09-15 15:07 - 00000000 ____D C:\Users\Jason\AppData\Roaming\vlc
2012-11-27 08:06 - 2012-11-27 07:59 - 00173324 ____A C:\Windows\hpoins46.dat
2012-11-27 08:06 - 2012-11-25 05:17 - 00003200 ____A C:\Users\All Users\hpzinstall.log
2012-11-27 08:01 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-25 19:00 - 2012-11-25 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-25 05:18 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files\HP
2012-11-25 05:17 - 2012-11-25 05:17 - 00000000 ____D C:\Users\All Users\HP
2012-11-25 00:14 - 2012-11-23 03:25 - 00000000 ____D C:\Users\All Users\LogiShrd

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-12 07:36:33
Restore point made on: 2012-12-18 06:27:11
Restore point made on: 2012-12-18 07:18:54
Restore point made on: 2012-12-21 04:05:31
Restore point made on: 2012-12-21 04:17:14
Restore point made on: 2012-12-24 02:56:11

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6135.12 MB
Available physical RAM: 5409.14 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5396.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:68.35 GB) NTFS
2 Drive e: (New Volume) (Fixed) (Total:931.41 GB) (Free:350.42 GB) NTFS
3 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.04 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 111 GB 0 B
Disk 2 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 244 MB Healthy

=========================================================

Last Boot: 2012-12-14 16:06

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-25 11:08:29
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-12-18 10:16] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Thu 27 Dec 2012, 6:47 am

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:27 - 2012-12-19 12:30 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\web.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\LC.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2p2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Thu 27 Dec 2012, 8:02 am

Ran the fix, rebooted computer normally, but it still won't connect to the internet. Networking is still stuck on "identifying network" and still gives the error "windows could not automatically detect this network's proxy settings"

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-26 20:45:45 Run:1
Running from G:\

==============================================

C:\Users\Jason\AppData\Local\Temp28.html moved successfully.
C:\Users\Jason\AppData\Local\Temp1.html moved successfully.
C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx moved successfully.
C:\Users\Jason\Downloads\lica.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\web.torrent moved successfully.
C:\Users\Jason\Downloads\HD 720p.torrent moved successfully.
C:\Users\Jason\Downloads\LC.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\2p2.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\la.mp4.torrent moved successfully.
C:\Users\Jason\Downloads\DVDRip.XviD.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent moved successfully.

==== End of Fixlog ====

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Thu 27 Dec 2012, 8:11 am

Just as a note, the last time that networking worked was after each time we did the combofix thing, but it didn't seem to last after I rebooted.

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Fri 28 Dec 2012, 5:26 am

Okay, let's do the following...

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Restore point made on: 2012-12-12 07:36:33
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri 28 Dec 2012, 7:04 am

Still no networking... Here is log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-27 20:00:36 Run:2
Running from G:\

==============================================


==== End of Fixlog ====

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by DragonMaster Jay on Sat 29 Dec 2012, 4:26 am

Please go to Start > Accessories > System Tools > System Restore.

Please use the earliest Restore Point you have and restore the system.

It should be this one: Restore point made on: 2012-12-12 07:36:33


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat 29 Dec 2012, 6:30 am

That restore point was not there. The earliest one I had was 12/12/2012 3:36:21 PM.

It seems like everything is working fine now. I can get on the internet and the hard drive isn't constantly running! It seems to be accessed quite a bit, but at least I can open things that are saved on it.

You win?!

madmac283

Rookie Surfer
Rookie Surfer

Posts : 68
Joined : 2010-05-06

View user profile

Back to top Go down

Re: HD constantly polled

Post by Sponsored content Today at 2:27 pm


Sponsored content


Back to top Go down

Page 2 of 3 Previous  1, 2, 3  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum