HD constantly polled

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 21, 2012 12:25 pm

ComboFix 12-12-17.02 - Jason 12/21/2012 12:06:11.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4712 [GMT 0:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --> c:\windows\System32\drivers\AFD.SYS
.
((((((((((((((((((((((((( Files Created from 2012-11-21 to 2012-12-21 )))))))))))))))))))))))))))))))
.
.
2012-12-21 12:08 . 2012-12-21 12:08 -------- d-----w- c:\users\Mcx1-JASON-PC\AppData\Local\temp
2012-12-21 12:08 . 2012-12-21 12:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\SanityCheck
2012-12-19 20:27 . 2012-10-29 08:20 31328 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-12-18 19:34 . 2012-12-18 19:34 -------- d-----w- c:\program files\CCleaner
2012-12-18 15:19 . 2010-12-01 01:27 83784 ----a-w- c:\windows\system32\rdboot64.exe
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Local\Garmin
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Roaming\Garmin
2012-12-15 15:25 . 2012-12-15 15:25 -------- d-----w- c:\programdata\Ant
2012-12-15 15:22 . 2012-12-15 15:22 -------- d-----w- c:\program files (x86)\Garmin
2012-12-12 04:03 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 19:31 . 2012-12-11 19:31 -------- d-----w- c:\users\Jason\AppData\Roaming\AVG2013
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\programdata\AVG2013
2012-12-11 19:15 . 2012-12-11 21:20 -------- d-----w- c:\users\Jason\AppData\Local\Avg2013
2012-12-11 19:15 . 2012-12-11 19:15 -------- d-----w- c:\users\Jason\AppData\Local\MFAData
2012-12-05 06:21 . 2012-12-05 06:21 -------- d-----w- c:\users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-05 06:13 . 2012-12-05 06:13 53248 ----a-r- c:\users\Jason\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\programdata\Logitech
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-12-05 06:12 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Logitech
2012-12-01 16:27 . 2012-12-01 16:27 -------- d-----w- c:\users\Jason\AppData\Local\NBGI
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\windows\SysWow64\xlive
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 16:15 . 2008-10-15 06:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-12-01 01:02 . 2012-12-01 01:02 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-01 01:02 . 2012-12-01 01:02 -------- d-----w- c:\program files\iTunes
2012-12-01 01:02 . 2012-12-01 01:02 -------- d-----w- c:\program files\iPod
2012-11-26 03:00 . 2012-11-26 03:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-25 13:19 . 2009-04-16 12:47 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-11-25 13:18 . 2009-04-16 12:47 136704 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-11-25 13:18 . 2012-11-27 16:01 -------- d-----w- c:\program files (x86)\HP
2012-11-25 13:18 . 2012-11-25 13:18 -------- d-----w- c:\program files\HP
2012-11-25 13:17 . 2012-11-25 13:17 -------- d-----w- c:\programdata\HP
2012-11-25 13:17 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-11-25 13:17 . 2009-04-01 06:21 881664 ----a-w- c:\windows\system32\hposwia_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 749056 ----a-w- c:\windows\system32\hpost_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 516096 ----a-w- c:\windows\system32\hposc_d02a.dll
2012-11-25 13:17 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\users\Jason\AppData\Local\Radium Technologies
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\programdata\Radium Technologies
2012-11-24 11:07 . 2012-11-24 11:07 -------- d-----w- c:\users\Jason\AppData\Local\PackageAware
2012-11-24 08:26 . 2012-11-24 08:26 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-24 00:11 . 2012-11-24 00:11 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-11-23 11:29 . 2012-12-18 13:52 -------- d-----w- c:\users\Jason\AppData\Roaming\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----r- c:\program files (x86)\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\programdata\Skype
2012-11-23 11:26 . 2012-11-23 11:26 -------- d-----w- c:\users\Jason\AppData\Roaming\Leadertech
2012-11-23 11:26 . 2009-04-30 22:57 266776 ----a-w- c:\windows\system32\lvco1201278.dll
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-11-23 11:25 . 2012-11-25 08:14 -------- d-----w- c:\programdata\LogiShrd
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-23 11:25 . 2012-11-23 11:25 -------- d-----w- c:\program files\Logitech
2012-11-23 11:14 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-23 11:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-23 11:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-23 11:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-23 11:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-23 11:08 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-23 11:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-23 11:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-23 11:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-23 11:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-23 11:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-23 11:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-23 11:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-23 11:03 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-23 10:58 . 2012-11-23 10:58 -------- d-----w- c:\programdata\ATI
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-18 18:30 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 15:37 . 2011-03-04 21:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-01 16:03 . 2011-12-11 21:54 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 09:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 03:32 . 2012-10-05 03:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 04:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 03:30 . 2012-10-02 03:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 19:54 . 2011-03-29 23:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 23:37 . 2012-09-28 23:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 23:36 . 2012-09-28 23:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 23:36 . 2012-09-28 23:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 23:36 . 2012-09-28 23:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 23:36 . 2012-09-28 23:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 23:36 . 2012-09-28 23:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 23:32 . 2012-09-28 23:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 10:32 . 2012-09-28 10:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 10:32 . 2012-09-28 10:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-01-27 06:59 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-01-27 06:40 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-06-11 16:27 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-01-27 06:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rdboot64.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AFD
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AtiHDAudioService]
"ImagePath"="system32\drivers\AtihdW76.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HPSLPSVC]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IAANTMON]
"ImagePath"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.


madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 21, 2012 12:27 pm

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\libusb0]
"ImagePath"="system32\DRIVERS\libusb0.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVPr2M64]
"ImagePath"="system32\DRIVERS\LVPr2M64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVRS64]
"ImagePath"="system32\DRIVERS\lvrs64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVUVC64]
"ImagePath"="system32\DRIVERS\lvuvc64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mv91xx]
"ImagePath"="system32\DRIVERS\mv91xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3hub]
"ImagePath"="system32\DRIVERS\nusb3hub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3xhc]
"ImagePath"="system32\DRIVERS\nusb3xhc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspSanity]
"ImagePath"="system32\DRIVERS\rspSanity64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RzSynapse]
"ImagePath"="system32\DRIVERS\RzSynapse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\S3XXx64]
"ImagePath"="system32\DRIVERS\S3XXx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sxuptp]
"ImagePath"="system32\DRIVERS\sxuptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UMVPFSrv]
"ImagePath"="c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{71D5C660-B8B5-4E69-9638-4B2DE4C75F1D}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\0b\15/\0cc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Completion time: 2012-12-21 12:14:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-21 12:14
ComboFix2.txt 2012-12-18 18:17
.
Pre-Run: 74,112,200,704 bytes free
Post-Run: 73,779,748,864 bytes free
.
- - End Of File - - 33C5E374F49A8FE75072E2DC43875A63

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 21, 2012 12:30 pm

I guess the good news is that I can get online on this machine again. The bad news is that the HD is constantly being polled again and it's running slow like when we first started. Sad tearing

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 21, 2012 3:55 pm

Well I guess I spoke too soon. I left it alone for a couple of hours, came back and it was in "sleep" mode, which I never have turned on, and when I woke it up with a press of the space bar, it was shutting down and rebooted itself. It restarted, he isn't being polled constantly, but the networking will not connect again, so no internet.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Fri Dec 21, 2012 3:56 pm

Next log from Farbar Service Scanner, please...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 21, 2012 4:11 pm

Farbar Service Scanner Version: 10-12-2012
Ran by Jason (administrator) on 21-12-2012 at 16:07:28
Running from "C:\Users\Jason\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-17 20:42] - [2012-12-21 12:21] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Fri Dec 21, 2012 10:16 pm

ComboFix Script


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    FCopy::
    C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys | C:\Windows\System32\drivers\AFD.SYS
  • Save this as CFScript.txt, in the same location as ComboFix.exe

  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat Dec 22, 2012 10:08 am

Seems I can get on the internet again, but the hard drive is being polled constantly again.

ComboFix 12-12-17.02 - Jason 12/22/2012 9:36.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.5051 [GMT 0:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
Command switches used :: c:\users\Jason\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --> c:\windows\System32\drivers\AFD.SYS
.
((((((((((((((((((((((((( Files Created from 2012-11-22 to 2012-12-22 )))))))))))))))))))))))))))))))
.
.
2012-12-22 09:38 . 2012-12-22 09:38 -------- d-----w- c:\users\Mcx1-JASON-PC\AppData\Local\temp
2012-12-22 09:38 . 2012-12-22 09:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-21 14:46 . 2012-12-21 15:13 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 14:46 . 2012-12-21 14:46 -------- d-----w- c:\program files\iPod
2012-12-21 14:45 . 2012-12-21 15:13 -------- d-----w- c:\program files\iTunes
2012-12-21 12:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 12:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 12:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 12:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 20:27 . 2012-12-19 20:27 -------- d-----w- c:\program files\SanityCheck
2012-12-19 20:27 . 2012-10-29 08:20 31328 ----a-w- c:\windows\system32\drivers\rspSanity64.sys
2012-12-18 19:34 . 2012-12-18 19:34 -------- d-----w- c:\program files\CCleaner
2012-12-18 15:19 . 2010-12-01 01:27 83784 ----a-w- c:\windows\system32\rdboot64.exe
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Local\Garmin
2012-12-15 15:27 . 2012-12-15 15:27 -------- d-----w- c:\users\Jason\AppData\Roaming\Garmin
2012-12-15 15:25 . 2012-12-15 15:25 -------- d-----w- c:\programdata\Ant
2012-12-15 15:22 . 2012-12-15 15:22 -------- d-----w- c:\program files (x86)\Garmin
2012-12-12 04:03 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-11 19:31 . 2012-12-11 19:31 -------- d-----w- c:\users\Jason\AppData\Roaming\AVG2013
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 19:17 . 2012-12-11 19:17 -------- d-----w- c:\programdata\AVG2013
2012-12-11 19:15 . 2012-12-11 21:20 -------- d-----w- c:\users\Jason\AppData\Local\Avg2013
2012-12-11 19:15 . 2012-12-11 19:15 -------- d-----w- c:\users\Jason\AppData\Local\MFAData
2012-12-05 06:21 . 2012-12-05 06:21 -------- d-----w- c:\users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-05 06:13 . 2012-12-05 06:13 53248 ----a-r- c:\users\Jason\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\programdata\Logitech
2012-12-05 06:12 . 2012-12-05 06:12 -------- d-----w- c:\program files (x86)\Common Files\LWS
2012-12-05 06:12 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Logitech
2012-12-01 16:27 . 2012-12-01 16:27 -------- d-----w- c:\users\Jason\AppData\Local\NBGI
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\windows\SysWow64\xlive
2012-12-01 16:15 . 2012-12-01 16:15 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 16:15 . 2008-10-15 06:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-01 16:15 . 2008-10-15 06:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-01 16:14 . 2008-10-15 06:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-11-26 03:00 . 2012-11-26 03:00 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-25 13:19 . 2009-04-16 12:47 249856 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp70w.dll
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-11-25 13:19 . 2012-11-25 13:19 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-11-25 13:18 . 2009-04-16 12:47 136704 ----a-w- c:\windows\system32\hpf3l70w.dll
2012-11-25 13:18 . 2012-11-27 16:01 -------- d-----w- c:\program files (x86)\HP
2012-11-25 13:18 . 2012-11-25 13:18 -------- d-----w- c:\program files\HP
2012-11-25 13:17 . 2012-11-25 13:17 -------- d-----w- c:\programdata\HP
2012-11-25 13:17 . 2009-04-16 11:53 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-11-25 13:17 . 2009-04-01 06:21 881664 ----a-w- c:\windows\system32\hposwia_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 749056 ----a-w- c:\windows\system32\hpost_d02d.dll
2012-11-25 13:17 . 2009-04-01 06:21 516096 ----a-w- c:\windows\system32\hposc_d02a.dll
2012-11-25 13:17 . 2008-10-29 00:27 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\users\Jason\AppData\Local\Radium Technologies
2012-11-24 11:08 . 2012-11-24 11:08 -------- d-----w- c:\programdata\Radium Technologies
2012-11-24 11:07 . 2012-11-24 11:07 -------- d-----w- c:\users\Jason\AppData\Local\PackageAware
2012-11-24 08:26 . 2012-11-24 08:26 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-11-24 00:11 . 2012-11-24 00:11 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-11-23 11:29 . 2012-12-18 13:52 -------- d-----w- c:\users\Jason\AppData\Roaming\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----r- c:\program files (x86)\Skype
2012-11-23 11:29 . 2012-11-23 11:29 -------- d-----w- c:\programdata\Skype
2012-11-23 11:26 . 2012-11-23 11:26 -------- d-----w- c:\users\Jason\AppData\Roaming\Leadertech
2012-11-23 11:26 . 2009-04-30 22:57 266776 ----a-w- c:\windows\system32\lvco1201278.dll
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-11-23 11:25 . 2012-11-25 08:14 -------- d-----w- c:\programdata\LogiShrd
2012-11-23 11:25 . 2012-12-05 06:13 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-23 11:25 . 2012-11-23 11:25 -------- d-----w- c:\program files\Logitech
2012-11-23 11:14 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-23 11:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-23 11:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-23 11:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-23 11:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-23 11:08 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-23 11:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-23 11:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-23 11:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-23 11:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-23 11:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-23 11:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-23 11:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-23 11:03 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-23 10:58 . 2012-11-23 10:58 -------- d-----w- c:\programdata\ATI
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-23 10:57 . 2012-11-23 10:57 -------- d-----w- c:\program files (x86)\AMD APP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-21 12:21 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 15:37 . 2011-03-04 21:02 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-01 16:03 . 2011-12-11 21:54 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-10-22 13:02 . 2012-10-22 13:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 08:38 . 2012-11-28 09:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 09:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 09:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 03:48 . 2012-10-15 03:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 03:32 . 2012-10-05 03:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-04 16:40 . 2012-12-12 04:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-02 03:30 . 2012-10-02 03:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-09-29 19:54 . 2011-03-29 23:00 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 23:37 . 2012-09-28 23:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 23:36 . 2012-09-28 23:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 23:36 . 2012-09-28 23:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 23:36 . 2012-09-28 23:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 23:36 . 2012-09-28 23:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 23:36 . 2012-09-28 23:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 23:32 . 2012-09-28 23:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 10:32 . 2012-09-28 10:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 10:32 . 2012-09-28 10:32 53760 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2011-01-27 06:59 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-06-11 16:51 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-06-11 16:36 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2011-01-27 06:40 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-06-11 16:27 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2011-01-27 06:12 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-06-11 16:25 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rdboot64.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AFD
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
2012-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
- c:\users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-04 19:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AtiHDAudioService]
"ImagePath"="system32\drivers\AtihdW76.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4]
"ImagePath"="system32\DRIVERS\Dot4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dot4Print]
"ImagePath"="system32\DRIVERS\Dot4Prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot4usb]
"ImagePath"="system32\DRIVERS\dot4usb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="\SystemRoot\system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HPSLPSVC]
"ServiceDll"="c:\program files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IAANTMON]
"ImagePath"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\libusb0]
"ImagePath"="system32\DRIVERS\libusb0.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVPr2M64]
"ImagePath"="system32\DRIVERS\LVPr2M64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVRS64]
"ImagePath"="system32\DRIVERS\lvrs64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LVUVC64]
"ImagePath"="system32\DRIVERS\lvuvc64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat Dec 22, 2012 10:10 am

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mv91xx]
"ImagePath"="system32\DRIVERS\mv91xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Net Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZinw12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3hub]
"ImagePath"="system32\DRIVERS\nusb3hub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3xhc]
"ImagePath"="system32\DRIVERS\nusb3xhc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Pml Driver HPZ12]
"ServiceDll"="c:\windows\system32\HPZipm12.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspSanity]
"ImagePath"="system32\DRIVERS\rspSanity64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RzSynapse]
"ImagePath"="system32\DRIVERS\RzSynapse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\S3XXx64]
"ImagePath"="system32\DRIVERS\S3XXx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sxuptp]
"ImagePath"="system32\DRIVERS\sxuptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="\SystemRoot\system32\drivers\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UMVPFSrv]
"ImagePath"="c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{71D5C660-B8B5-4E69-9638-4B2DE4C75F1D}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0c\00\0b\15/\0cc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
.
**************************************************************************
.
Completion time: 2012-12-22 09:44:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-22 09:44
ComboFix2.txt 2012-12-21 12:14
ComboFix3.txt 2012-12-18 18:17
.
Pre-Run: 75,016,224,768 bytes free
Post-Run: 74,650,095,616 bytes free
.
- - End Of File - - D706298F2ACB6AB3033CC3689F0FC31F

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Sat Dec 22, 2012 9:22 pm

Next FSS log please. Smile


Junkware Removal Tool

Please download [You must be registered and logged in to see this link.] to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.

  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.



Adware Cleaning

Please download [You must be registered and logged in to see this link.] by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sun Dec 23, 2012 6:07 am

I ran JRT, then AdwCleaner and then FSS. The computer we have been working on was online, but AdwCleaner caused it to reboot and when it booted back up, it wouldn't connect to the network again...same error as before. I then ran FSS.

Here are the logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.4 (12.21.2012:3)
OS: Windows 7 Home Premium x64
Ran by Jason on Sun 12/23/2012 at 5:36:29.30
Blog: [You must be registered and logged in to see this link.]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/23/2012 at 5:40:05.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v2.101 - Logfile created 12/23/2012 at 05:43:28
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jason - JASON-PC
# Boot Mode : Normal
# Running from : C:\Users\Jason\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3954 octets] - [18/12/2012 14:39:47]
AdwCleaner[S2].txt - [716 octets] - [23/12/2012 05:43:28]

########## EOF - C:\AdwCleaner[S2].txt - [775 octets] ##########
Farbar Service Scanner Version: 10-12-2012
Ran by Jason (administrator) on 23-12-2012 at 05:47:39
Running from "C:\Users\Jason\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-17 20:42] - [2012-12-22 10:03] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Mon Dec 24, 2012 9:45 am

How's it working now?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon Dec 24, 2012 9:54 am

The networking isn't working again after AdwCleaner caused it to reboot and when it booted back up, it wouldn't connect to the network again...same error as before.


So to me it seems that:

1) Networking works and the E drive is constantly being polled or
2) Networking doesn't work, but the E drive isn't constantly being polled.

FSS says that AFD.sys is infected.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Mon Dec 24, 2012 10:23 am

Let's look at it a lot closer, because it is looking more and more like a rootkit problem...

Please download the [You must be registered and logged in to see this link.] and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button

  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)

    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you

  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon Dec 24, 2012 11:17 am

Downloaded, but I think perhaps the program has changeable because your instructions don't follow the process. I installed program then ran it. There was one thing to be cleaned and I did this, but there was no prompt for reboot.

I rebooted but networking services still are not working.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon Dec 24, 2012 11:28 am

I don't think we have used hijack this yet, but I downloaded it and ran a scan, this is the log it came up with as best I can tell.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:09 AM, on 12/24/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
E:\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\Jason\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [iTunesHelper] "E:\iTunesHelper.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7428 bytes

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Tue Dec 25, 2012 9:16 am

HijackThis is way out of our league now. We have ten times better tools.

Farbar Recovery Scan Tool x64

Download [You must be registered and logged in to see this link.] and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Tue Dec 25, 2012 11:13 am

Thanks and Merry Christmas!

Just as a note, I had to type in "e:\frst64.exe" in order to get the program to run. No big deal, but may be hard for someone to figure out in the future. Also, the only reason I downloaded hijack this was because your last set of instructions called for a log from it...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 25-12-2012 11:02:13
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10038304 2010-01-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-18] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953744 2011-02-17] (Razer USA Ltd)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642728 2012-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] "E:\iTunesHelper.exe" [x]
HKU\Jason\...\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14749544 2012-03-23] (GARMIN Corp.)
HKU\Mcx1-JASON-PC\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Startup: C:\Users\Jason\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
3 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-12-01] (DT Soft Ltd)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-04-30] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
3 RzSynapse; C:\Windows\System32\Drivers\RzSynapse.sys [126464 2010-12-16] (Razer USA Ltd)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-25 02:25 - 2012-12-25 02:25 - 00000000 ____D C:\FRST
2012-12-24 03:24 - 2012-12-24 03:24 - 00007429 ____A C:\Users\Jason\Desktop\hijackthis.log
2012-12-24 03:23 - 2012-12-24 03:23 - 00388608 ____N (Trend Micro Inc.) C:\Users\Jason\Desktop\HijackThis.exe
2012-12-24 02:56 - 2012-12-24 02:56 - 00003205 ____A C:\Users\Jason\Desktop\Sophos Virus Removal Tool.lnk
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-24 02:54 - 2012-12-24 02:53 - 82075768 ____N (Sophos Limited) C:\Users\Jason\Desktop\Sophos Virus Removal Tool.exe
2012-12-22 21:51 - 2012-12-22 21:51 - 00000843 ____A C:\Users\Jason\Desktop\AdwCleaner[S2].txt
2012-12-22 21:43 - 2012-12-22 21:43 - 00000843 ____A C:\AdwCleaner[S2].txt
2012-12-22 21:40 - 2012-12-22 21:40 - 00000671 ____A C:\Users\Jason\Desktop\JRT.txt
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Windows\ERUNT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\JRT
2012-12-22 20:59 - 2012-12-22 20:59 - 00496081 ____A (Oleg N. Scherbakov) C:\Users\Jason\Desktop\JRT.exe
2012-12-22 01:44 - 2012-12-22 01:44 - 00070741 ____A C:\ComboFix.txt
2012-12-22 01:29 - 2012-12-22 01:32 - 00000185 ____A C:\Users\Jason\Desktop\combo3.txt
2012-12-21 07:13 - 2012-12-21 07:13 - 00001363 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-21 06:46 - 2012-12-21 07:13 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 06:46 - 2012-12-21 06:46 - 00000000 ____D C:\Program Files\iPod
2012-12-21 06:45 - 2012-12-21 07:13 - 00000000 ____D C:\Program Files\iTunes
2012-12-21 04:17 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-21 04:17 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-21 04:17 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-21 04:17 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-21 04:10 - 2012-12-22 01:40 - 00001110 ____A C:\Windows\PFRO.log
2012-12-20 16:22 - 2012-12-20 16:22 - 00004840 ____A C:\Users\Jason\Desktop\SystemLook.txt
2012-12-20 16:20 - 2012-12-20 16:20 - 00165376 ____N C:\Users\Jason\Desktop\SystemLook_x64.exe
2012-12-19 23:43 - 2012-12-22 21:47 - 00003753 ____A C:\Users\Jason\Desktop\FSS.txt
2012-12-19 23:43 - 2012-12-19 23:42 - 00697869 ____N (Farbar) C:\Users\Jason\Desktop\FSS.exe
2012-12-19 12:35 - 2012-12-19 12:35 - 00001209 ____A C:\Users\Jason\Documents\Sanity check.txt
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:27 - 2012-12-19 12:30 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-19 12:27 - 2012-12-19 12:27 - 00000821 ____A C:\Users\Jason\Desktop\SanityCheck.lnk
2012-12-19 12:27 - 2012-12-19 12:27 - 00000000 ____D C:\Program Files\SanityCheck
2012-12-19 12:27 - 2012-10-29 00:20 - 00031328 ____A (Resplendence Software Projects Sp.) C:\Windows\System32\Drivers\rspSanity64.sys
2012-12-18 22:09 - 2012-12-18 22:08 - 00708960 ____N (Kaspersky Lab) C:\Users\Jason\Desktop\GetSystemInfo.exe
2012-12-18 12:39 - 2012-12-25 02:50 - 00002390 ____A C:\Windows\setupact.log
2012-12-18 12:39 - 2012-12-18 12:39 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 11:38 - 2012-12-18 11:38 - 02322184 ____A (ESET) C:\Users\Jason\Downloads\esetsmartinstaller_enu.exe
2012-12-18 11:34 - 2012-12-18 11:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-18 11:34 - 2012-12-18 11:34 - 00000000 ____D C:\Program Files\CCleaner
2012-12-18 11:05 - 2012-12-18 11:06 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe
2012-12-18 10:11 - 2012-12-22 01:44 - 00000000 ___AD C:\Qoobox
2012-12-18 10:11 - 2012-12-18 10:16 - 00000000 ____D C:\Windows\erdnt
2012-12-18 10:11 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-12-18 10:11 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-12-18 10:11 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-12-18 10:11 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-12-18 10:09 - 2012-12-18 10:09 - 05012571 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe
2012-12-18 07:19 - 2010-11-30 17:27 - 00083784 ____A (AVG Technologies) C:\Windows\System32\rdboot64.exe
2012-12-18 06:39 - 2012-12-18 06:39 - 00003954 ____A C:\AdwCleaner[S1].txt
2012-12-18 06:34 - 2012-12-18 06:38 - 00065404 ____A C:\Users\Jason\Downloads\Extras.Txt
2012-12-18 06:34 - 2012-12-18 06:34 - 00218146 ____A C:\Users\Jason\Downloads\OTL.Txt
2012-12-18 06:24 - 2012-12-18 06:24 - 00602112 ____A (OldTimer Tools) C:\Users\Jason\Downloads\OTL.com
2012-12-18 05:42 - 2012-12-18 05:42 - 00000628 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-18 05:40 - 2012-12-18 06:50 - 00007604 ____A C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2012-12-18 05:32 - 2012-12-18 05:35 - 00006779 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Garmin
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Local\Garmin
2012-12-15 07:25 - 2012-12-15 07:25 - 00000000 ____D C:\Users\All Users\Ant
2012-12-15 07:22 - 2012-12-15 07:22 - 09542584 ____A (Igor Pavlov) C:\Users\Jason\Downloads\ANTAgent_233.exe
2012-12-15 07:22 - 2012-12-15 07:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-12 07:36 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-12 07:36 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-12 07:36 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-12 07:36 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-12 07:36 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-12 07:36 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-12 07:36 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-12 07:36 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-12 07:36 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-12 07:36 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-12 07:36 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-12 07:36 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-12 07:36 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-12 07:36 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-12 07:36 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-12 07:36 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-12 07:36 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-12 07:36 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-12 07:36 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-12 07:36 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-12 07:36 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-12 07:36 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-12 07:36 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-12 07:36 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-12 07:36 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-12 07:36 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-12 07:36 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-12 07:36 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-12 07:36 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-12 07:36 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-12 07:36 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-12 07:36 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-11 20:03 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-11 20:03 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-11 20:03 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-11 20:03 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-11 20:03 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-11 20:03 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-11 20:03 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-11 20:03 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-11 20:03 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-11 20:03 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-11 20:03 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-11 20:03 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-11 20:03 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-11 20:03 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-11 20:03 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-11 11:31 - 2012-12-11 11:31 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2013
2012-12-11 11:17 - 2012-12-11 11:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-11 11:15 - 2012-12-11 13:20 - 00000000 ____D C:\Users\Jason\AppData\Local\Avg2013
2012-12-11 11:15 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\MFAData
2012-12-04 22:21 - 2012-12-04 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-04 22:12 - 2012-12-04 22:13 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-04 22:12 - 2012-12-04 22:12 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-12-04 22:12 - 2012-12-04 22:12 - 00000000 ____D C:\Users\All Users\Logitech
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\web.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\LC.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2p2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 08:27 - 2012-12-01 08:27 - 00000000 ____D C:\Users\Jason\AppData\Local\NBGI
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 08:15 - 2008-10-14 22:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-12-01 08:15 - 2008-10-14 22:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-12-01 08:14 - 2008-10-14 22:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-12-01 08:14 - 2008-10-14 22:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-12-01 08:03 - 2012-12-01 08:03 - 00000655 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
2012-11-27 07:59 - 2012-11-27 08:06 - 00173324 ____A C:\Windows\hpoins46.dat
2012-11-27 07:59 - 2010-01-30 05:17 - 00000532 ____N C:\Windows\hpomdl46.dat
2012-11-25 19:00 - 2012-11-25 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-25 05:18 - 2012-11-27 08:01 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-25 05:18 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files\HP
2012-11-25 05:18 - 2009-04-16 04:47 - 00136704 ____A (Hewlett-Packard Company) C:\Windows\System32\hpf3l70w.dll
2012-11-25 05:17 - 2012-11-27 08:06 - 00003200 ____A C:\Users\All Users\hpzinstall.log
2012-11-25 05:17 - 2012-11-25 05:17 - 00000000 ____D C:\Users\All Users\HP
2012-11-25 05:17 - 2009-04-16 03:53 - 00642360 ____A (Hewlett-Packard) C:\Windows\System32\hpzids40.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00881664 ____A (Hewlett-Packard) C:\Windows\System32\hposwia_d02d.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00749056 ____A (Hewlett-Packard Co.) C:\Windows\System32\hpost_d02d.dll
2012-11-25 05:17 - 2009-03-31 22:21 - 00516096 ____A (Hewlett-Packard Co.) C:\Windows\System32\hposc_d02a.dll
2012-11-25 05:17 - 2008-10-28 16:27 - 00551424 ____A (Hewlett-Packard) C:\Windows\System32\hppldcoi.dll

==================== One Month Modified Files and Folders =======

2012-12-25 02:55 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-25 02:55 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-25 02:54 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-25 02:52 - 2011-03-04 13:58 - 01213354 ____A C:\Windows\WindowsUpdate.log
2012-12-25 02:50 - 2012-12-18 12:39 - 00002390 ____A C:\Windows\setupact.log
2012-12-25 02:50 - 2012-11-23 03:25 - 00000000 ____A C:\Windows\System32\Drivers\lvuvc.hs
2012-12-25 02:50 - 2009-07-13 21:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-25 02:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-25 02:25 - 2012-12-25 02:25 - 00000000 ____D C:\FRST
2012-12-25 02:18 - 2011-03-08 04:59 - 00000000 ____D C:\Users\All Users\MFAData
2012-12-24 03:24 - 2012-12-24 03:24 - 00007429 ____A C:\Users\Jason\Desktop\hijackthis.log
2012-12-24 03:23 - 2012-12-24 03:23 - 00388608 ____N (Trend Micro Inc.) C:\Users\Jason\Desktop\HijackThis.exe
2012-12-24 02:56 - 2012-12-24 02:56 - 00003205 ____A C:\Users\Jason\Desktop\Sophos Virus Removal Tool.lnk
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Users\All Users\Sophos
2012-12-24 02:56 - 2012-12-24 02:56 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-12-24 02:53 - 2012-12-24 02:54 - 82075768 ____N (Sophos Limited) C:\Users\Jason\Desktop\Sophos Virus Removal Tool.exe
2012-12-22 21:51 - 2012-12-22 21:51 - 00000843 ____A C:\Users\Jason\Desktop\AdwCleaner[S2].txt
2012-12-22 21:47 - 2012-12-19 23:43 - 00003753 ____A C:\Users\Jason\Desktop\FSS.txt
2012-12-22 21:43 - 2012-12-22 21:43 - 00000843 ____A C:\AdwCleaner[S2].txt
2012-12-22 21:40 - 2012-12-22 21:40 - 00000671 ____A C:\Users\Jason\Desktop\JRT.txt
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\Windows\ERUNT
2012-12-22 21:36 - 2012-12-22 21:36 - 00000000 ____D C:\JRT
2012-12-22 20:59 - 2012-12-22 20:59 - 00496081 ____A (Oleg N. Scherbakov) C:\Users\Jason\Desktop\JRT.exe
2012-12-22 20:53 - 2011-03-04 11:18 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001UA.job
2012-12-22 18:53 - 2011-03-04 11:18 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3976937805-115465362-3826958485-1001Core.job
2012-12-22 02:03 - 2012-02-17 12:42 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\AFD.SYS
2012-12-22 02:03 - 2009-07-13 16:10 - 00022368 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\WS2IFSL.SYS
2012-12-22 01:44 - 2012-12-22 01:44 - 00070741 ____A C:\ComboFix.txt
2012-12-22 01:44 - 2012-12-18 10:11 - 00000000 ___AD C:\Qoobox
2012-12-22 01:44 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2012-12-22 01:43 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-12-22 01:40 - 2012-12-21 04:10 - 00001110 ____A C:\Windows\PFRO.log
2012-12-22 01:32 - 2012-12-22 01:29 - 00000185 ____A C:\Users\Jason\Desktop\combo3.txt
2012-12-22 01:31 - 2011-03-04 11:18 - 00000000 ____D C:\Users\Jason\AppData\Local\Apps\2.0
2012-12-21 07:13 - 2012-12-21 07:13 - 00001363 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-12-21 07:13 - 2012-12-21 06:46 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-21 07:13 - 2012-12-21 06:45 - 00000000 ____D C:\Program Files\iTunes
2012-12-21 06:46 - 2012-12-21 06:46 - 00000000 ____D C:\Program Files\iPod
2012-12-21 04:22 - 2009-07-13 20:45 - 00277152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-20 16:22 - 2012-12-20 16:22 - 00004840 ____A C:\Users\Jason\Desktop\SystemLook.txt
2012-12-20 16:20 - 2012-12-20 16:20 - 00165376 ____N C:\Users\Jason\Desktop\SystemLook_x64.exe
2012-12-19 23:42 - 2012-12-19 23:43 - 00697869 ____N (Farbar) C:\Users\Jason\Desktop\FSS.exe
2012-12-19 12:35 - 2012-12-19 12:35 - 00001209 ____A C:\Users\Jason\Documents\Sanity check.txt
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:30 - 2012-12-19 12:27 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-19 12:27 - 2012-12-19 12:27 - 00000821 ____A C:\Users\Jason\Desktop\SanityCheck.lnk
2012-12-19 12:27 - 2012-12-19 12:27 - 00000000 ____D C:\Program Files\SanityCheck
2012-12-18 22:08 - 2012-12-18 22:09 - 00708960 ____N (Kaspersky Lab) C:\Users\Jason\Desktop\GetSystemInfo.exe
2012-12-18 13:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-12-18 12:39 - 2012-12-18 12:39 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 11:38 - 2012-12-18 11:38 - 02322184 ____A (ESET) C:\Users\Jason\Downloads\esetsmartinstaller_enu.exe
2012-12-18 11:36 - 2011-12-11 13:52 - 00000000 ____D C:\Users\Jason\AppData\Roaming\DAEMON Tools Lite
2012-12-18 11:36 - 2011-03-20 17:36 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Azureus
2012-12-18 11:36 - 2011-03-04 13:49 - 00000000 ____D C:\Windows\Panther
2012-12-18 11:34 - 2012-12-18 11:34 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-12-18 11:34 - 2012-12-18 11:34 - 00000000 ____D C:\Program Files\CCleaner
2012-12-18 11:06 - 2012-12-18 11:05 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Jason\Desktop\tdsskiller.exe
2012-12-18 10:17 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default
2012-12-18 10:16 - 2012-12-18 10:11 - 00000000 ____D C:\Windows\erdnt
2012-12-18 10:09 - 2012-12-18 10:09 - 05012571 ____R (Swearware) C:\Users\Jason\Desktop\ComboFix.exe
2012-12-18 07:19 - 2011-03-03 22:00 - 00000000 ____D C:\users\Jason
2012-12-18 06:50 - 2012-12-18 05:40 - 00007604 ____A C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
2012-12-18 06:39 - 2012-12-18 06:39 - 00003954 ____A C:\AdwCleaner[S1].txt
2012-12-18 06:38 - 2012-12-18 06:34 - 00065404 ____A C:\Users\Jason\Downloads\Extras.Txt
2012-12-18 06:34 - 2012-12-18 06:34 - 00218146 ____A C:\Users\Jason\Downloads\OTL.Txt
2012-12-18 06:24 - 2012-12-18 06:24 - 00602112 ____A (OldTimer Tools) C:\Users\Jason\Downloads\OTL.com
2012-12-18 06:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2012-12-18 05:52 - 2012-11-23 03:29 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Skype
2012-12-18 05:42 - 2012-12-18 05:42 - 00000628 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-12-18 05:35 - 2012-12-18 05:32 - 00006779 ____A C:\Users\Jason\Documents\Uninstall STAR WARS The Old Republic.log
2012-12-18 05:27 - 2011-03-27 05:40 - 00000000 ____D C:\Windows\Minidump
2012-12-16 09:11 - 2012-12-21 04:17 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-16 06:45 - 2012-12-21 04:17 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-16 06:13 - 2012-12-21 04:17 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-16 06:13 - 2012-12-21 04:17 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Garmin
2012-12-15 07:27 - 2012-12-15 07:27 - 00000000 ____D C:\Users\Jason\AppData\Local\Garmin
2012-12-15 07:25 - 2012-12-15 07:25 - 00000000 ____D C:\Users\All Users\Ant
2012-12-15 07:22 - 2012-12-15 07:22 - 09542584 ____A (Igor Pavlov) C:\Users\Jason\Downloads\ANTAgent_233.exe
2012-12-15 07:22 - 2012-12-15 07:22 - 00000000 ____D C:\Program Files (x86)\Garmin
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-12 10:14 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-12-12 07:37 - 2011-03-04 13:02 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-11 13:20 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\Avg2013
2012-12-11 11:31 - 2012-12-11 11:31 - 00000000 ____D C:\Users\Jason\AppData\Roaming\AVG2013
2012-12-11 11:31 - 2011-03-08 05:01 - 00000000 ____D C:\Program Files (x86)\AVG
2012-12-11 11:17 - 2012-12-11 11:17 - 00000965 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\Jason\AppData\Roaming\TuneUp Software
2012-12-11 11:17 - 2012-12-11 11:17 - 00000000 ____D C:\Users\All Users\AVG2013
2012-12-11 11:17 - 2012-05-17 17:17 - 00000000 ____D C:\$AVG
2012-12-11 11:15 - 2012-12-11 11:15 - 00000000 ____D C:\Users\Jason\AppData\Local\MFAData
2012-12-04 22:21 - 2012-12-04 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Logitech® Webcam Software
2012-12-04 22:13 - 2012-12-04 22:12 - 00000000 ____D C:\Program Files (x86)\Logitech
2012-12-04 22:13 - 2012-11-23 03:25 - 00019411 ____A C:\Windows\System32\lvcoinst.log
2012-12-04 22:13 - 2012-11-23 03:25 - 00000000 ____D C:\Program Files\Common Files\logishrd
2012-12-04 22:12 - 2012-12-04 22:12 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2012-12-04 22:12 - 2012-12-04 22:12 - 00000000 ____D C:\Users\All Users\Logitech
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\wc.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\lc.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2P2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 08:27 - 2012-12-01 08:27 - 00000000 ____D C:\Users\Jason\AppData\Local\NBGI
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Windows\SysWOW64\xlive
2012-12-01 08:15 - 2012-12-01 08:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-12-01 08:15 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-12-01 08:05 - 2011-12-11 13:52 - 00000000 ____D C:\Users\All Users\DAEMON Tools Lite
2012-12-01 08:03 - 2012-12-01 08:03 - 00000655 ____A C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2012-12-01 08:03 - 2011-12-11 13:54 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
2012-11-29 06:01 - 2011-09-15 15:07 - 00000000 ____D C:\Users\Jason\AppData\Roaming\vlc
2012-11-27 08:06 - 2012-11-27 07:59 - 00173324 ____A C:\Windows\hpoins46.dat
2012-11-27 08:06 - 2012-11-25 05:17 - 00003200 ____A C:\Users\All Users\hpzinstall.log
2012-11-27 08:01 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files (x86)\HP
2012-11-25 19:00 - 2012-11-25 19:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-11-25 05:18 - 2012-11-25 05:18 - 00000000 ____D C:\Program Files\HP
2012-11-25 05:17 - 2012-11-25 05:17 - 00000000 ____D C:\Users\All Users\HP
2012-11-25 00:14 - 2012-11-23 03:25 - 00000000 ____D C:\Users\All Users\LogiShrd

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-12 07:36:33
Restore point made on: 2012-12-18 06:27:11
Restore point made on: 2012-12-18 07:18:54
Restore point made on: 2012-12-21 04:05:31
Restore point made on: 2012-12-21 04:17:14
Restore point made on: 2012-12-24 02:56:11

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 6135.12 MB
Available physical RAM: 5409.14 MB
Total Pagefile: 6133.27 MB
Available Pagefile: 5396.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:111.79 GB) (Free:68.35 GB) NTFS
2 Drive e: (New Volume) (Fixed) (Total:931.41 GB) (Free:350.42 GB) NTFS
3 Drive f: (GRMCHPXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.04 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 1024 KB
Disk 1 Online 111 GB 0 B
Disk 2 Online 244 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 931 GB 101 MB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E New Volume NTFS Partition 931 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 111 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 111 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 244 MB 49 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 244 MB Healthy

=========================================================

Last Boot: 2012-12-14 16:06

==================== End Of Log =============================

Farbar Recovery Scan Tool (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-25 11:08:29
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-12-18 10:16] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Wed Dec 26, 2012 7:47 pm

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
2012-12-19 12:33 - 2012-12-19 12:33 - 00004801 ____A C:\Users\Jason\AppData\Local\Temp28.html
2012-12-19 12:27 - 2012-12-19 12:30 - 00001293 ____A C:\Users\Jason\AppData\Local\Temp1.html
2012-12-12 11:46 - 2012-12-12 11:46 - 00069060 ____A C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx
2012-12-03 09:55 - 2012-12-03 09:55 - 00071037 ____A C:\Users\Jason\Downloads\lica.mp4_.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00019155 ____A C:\Users\Jason\Downloads\web.torrent
2012-12-03 09:54 - 2012-12-03 09:54 - 00013543 ____A C:\Users\Jason\Downloads\HD 720p.torrent
2012-12-03 09:51 - 2012-12-03 09:51 - 00002306 ____A C:\Users\Jason\Downloads\LC.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00027509 ____A C:\Users\Jason\Downloads\2p2.mp4_.torrent
2012-12-03 09:50 - 2012-12-03 09:50 - 00017866 ____A C:\Users\Jason\Downloads\la.mp4.torrent
2012-12-03 09:32 - 2012-12-03 09:32 - 00011681 ____A C:\Users\Jason\Downloads\DVDRip.XviD.torrent
2012-12-02 08:23 - 2012-12-02 08:23 - 00015364 ____A C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent
2012-12-01 05:45 - 2012-12-01 05:45 - 00001169 ____A C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent
2012-12-01 05:42 - 2012-12-01 05:42 - 00020195 ____A C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Wed Dec 26, 2012 9:02 pm

Ran the fix, rebooted computer normally, but it still won't connect to the internet. Networking is still stuck on "identifying network" and still gives the error "windows could not automatically detect this network's proxy settings"

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-26 20:45:45 Run:1
Running from G:\

==============================================

C:\Users\Jason\AppData\Local\Temp28.html moved successfully.
C:\Users\Jason\AppData\Local\Temp1.html moved successfully.
C:\Users\Jason\Downloads\bmnlcjabgnpnenekpadlanbbkooimhnj_9856.crx moved successfully.
C:\Users\Jason\Downloads\lica.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\web.torrent moved successfully.
C:\Users\Jason\Downloads\HD 720p.torrent moved successfully.
C:\Users\Jason\Downloads\LC.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\2p2.mp4_.torrent moved successfully.
C:\Users\Jason\Downloads\la.mp4.torrent moved successfully.
C:\Users\Jason\Downloads\DVDRip.XviD.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]the.bourne.legacy.2012.dvdrip.xvid.neutrino.silvertorrent.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]jim.butcher.dresden.files.14.cold.days.epub.mobi.torrent moved successfully.
C:\Users\Jason\Downloads\[kat.ph]dark.souls.prepare.to.die.edition.flt.torrent moved successfully.

==== End of Fixlog ====

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Wed Dec 26, 2012 9:11 pm

Just as a note, the last time that networking worked was after each time we did the combofix thing, but it didn't seem to last after I rebooted.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Thu Dec 27, 2012 6:26 pm

Okay, let's do the following...

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Restore point made on: 2012-12-12 07:36:33
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Thu Dec 27, 2012 8:04 pm

Still no networking... Here is log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2012 01
Ran by SYSTEM at 2012-12-27 20:00:36 Run:2
Running from G:\

==============================================


==== End of Fixlog ====

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Fri Dec 28, 2012 5:26 pm

Please go to Start > Accessories > System Tools > System Restore.

Please use the earliest Restore Point you have and restore the system.

It should be this one: Restore point made on: 2012-12-12 07:36:33


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 28, 2012 7:30 pm

That restore point was not there. The earliest one I had was 12/12/2012 3:36:21 PM.

It seems like everything is working fine now. I can get on the internet and the hard drive isn't constantly running! It seems to be accessed quite a bit, but at least I can open things that are saved on it.

You win?!

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Fri Dec 28, 2012 9:09 pm

Well I guess I spoke too soon. iTunes updated and the hard drive is back to constantly running.

Trying to uninstall iTunes now... That hard drive is so bogged down that the uninstall program has been running for about 15 minutes now.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Sat Dec 29, 2012 9:04 pm

Did we ever try out a hard drive test?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sat Dec 29, 2012 9:28 pm

I'm not sure, but I don't think so. I'm thinking of formating that drive to see if that will do it. It's a storage drive for the most part anyway. The OS runs off if the main SSD drive.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Sat Dec 29, 2012 9:46 pm

This hard drive that is giving trouble is a SSD drive, or your main drive is a SSD drive?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Sun Dec 30, 2012 5:14 am

Main drive is SSD and seems fine. It's the secondary drive that has the issue.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Sun Dec 30, 2012 10:30 pm

I'm curious about something...

Make sure the Indexing service is disabled...

[You must be registered and logged in to see this link.]

Let me know if this helps resolve it or not...


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Mon Dec 31, 2012 10:36 am

Made the change, but still same problem. It seems to be the worst right after reboot. The hard drive light stays on constantly for about 20 minutes, and then it will just flicker constantly. Accessing or transferring files on that drive is very slow and commands are delayed.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Tue Jan 01, 2013 12:06 am

  • Open up Task Manager by right clicking on the Task Bar
  • Select the Processes tab
  • Select the View menu item, then select the Select columns menu item
  • Select I/O Reads and I/O Other, then click OK to accept those changes
  • Select the "Show processes for all users" button in the lower left of the window
  • Resize the Task Manager window so you can see all the columns
  • Double click on the I/O Reads column header (to sort by that column)
  • Look for values that are excessively high in the I/O Reads or I/O Other.
  • Let us know the Image name for the processes that are causing this.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Tue Jan 01, 2013 9:00 am

The highest I/O Reads is "avgrsa.exe" with 2,910,104

The two with the highest I/O Other are "avgidsagent.exe *32 with 38,593,481
and "wmpnetwk.exe" with 14,587,182

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Tue Jan 01, 2013 9:19 am

As I figured. :\ AVG Antivirus is not being nice to your computer. I got to thinking this morning, while working on my non-online job that it could be AVG or some other crazy antivirus like Trend Micro...

Ready to get a new antivirus? Probably one of the only ways to dwindle down hard drive usage.

It usually has to do with a virus infecting the computer, or an antivirus that always works overtime. AVG is one of the antivirus programs that work overtime. Goofy

wmpnetwk.exe is normal for it to have a lot of reads, as that is Windows Media Player networking service. If you have other music players like iTunes (which I saw you use in your process log) or Spotify, they will also read a lot too.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Tue Jan 01, 2013 10:59 am

It's just weird that it started messing with that drive all of a sudden. I have used AVG for years with no apparent issues.

I did delete about 99% of the files that I was storing on that drive and it seems to be working a lot better now. I don't know why that would make a difference because it was only about 60% full.

I also uninstalled iTunes. I guess I'll look for another free antivirus and uninstall AVG.

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Tue Jan 01, 2013 1:10 pm

If AVG is constantly scanning that drive (especially if it's fragmented), it will take a long time depending on the settings in AVG and also how much is on the drive.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Re: HD constantly polled

Post by madmac283 on Tue Jan 01, 2013 1:12 pm

Yeah. I uninstalled AVG and installed avast. Seems to be working pretty good now.

Thanks again for all of your help. I guess we'll see how it goes now Smile

madmac283
Intermediate
Intermediate

Posts Posts : 68
Joined Joined : 2010-05-05
Gender Gender : Male
Points Points : 24965
# Likes # Likes : 0

View user profile

Back to top Go down

Re: HD constantly polled

Post by Dr Jay on Tue Jan 01, 2013 3:41 pm

Okie dokie. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302059
# Likes # Likes : 10

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum