Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory monitor motherboard network operating system printer problem ram registry router slow software sound svchost.exe toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
NeEd HeLp PlEaSe!!! (In Progress)

Page 1 of 3 1 23
Reply  
Thread Tools
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 04:06 AM #1
Post NeEd HeLp PlEaSe!!!
I have something wrong with my laptop.I recently put a post in this forum but didn't read the first message. So now I have read it and couldn't delete my previous post, and had to attach a file to this post. Windows are popping up and my cursor is moving mo different parts of the screen when I type. Also Spybot had picked up some Malware that I didn't know I had until I downloaded Spybot. Also When I run a scan On AVG 9.0 Free edition. It always finds a virus but it keeps coming back. If anyone has any info or feedback, would be greatly appreciated.

Thanks From Johnnie. Walker
------------------------------------------------------------------------------------------------------
Here are the requested Files From

#1 - Copy and Paste the HijackThis log.
#2 - Copy and Paste the contents of the dds.txt file.
#3 - Upload as an attachment the attach.txt file.
#4 - Copy and Paste the contents of the ark.txt file.

-----------------------------------------------------------------------------------------------------
#1 The Hijack This Log.


MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3BF7CEB6-B299-4F7F-A950-A561A273CA30} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: CCAB - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll,C:\Windows\system32\cmstplua32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4826 bytes

------------------------------------------------------------------------------------------------------
#2 The Contents of the DDS.txt File


DDS (Ver_10-03-17.01) - NTFSx86
Run by Ayrian at 2:00:36.20 on Sun 09/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2003.1382 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Ayrian\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
{3bf7ceb6-b299-4f7f-a950-a561a273ca30}
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: CCAB: {c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a} - CAB Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
AppInit_DLLs: avgrsstx.dll,c:\windows\system32\cmstplua32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\ayrian\appdata\roaming\mozilla\firefox\profiles\i4ecvkvj.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_availa ble_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-30 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-30 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-30 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-2 1153368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2009-4-30 369920]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 jumi;%Jumi%;c:\windows\system32\drivers\jumi.sys [2010-6-3 13112]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-3-16 17408]

=============== Created Last 30 ================

2010-09-05 05:43:30 0 d-----w- c:\program files\Trend Micro
2010-09-03 22:01:34 65536 --sha-w- c:\users\ayrian\ntuser.dat{4b36d56c-b73e-11df-9309-0023ae3ab6b8}.TM.blf
2010-09-03 22:01:34 524288 --sha-w- c:\users\ayrian\ntuser.dat{4b36d56c-b73e-11df-9309-0023ae3ab6b8}.TMContainer00000000000000000002.regtrans-ms
2010-09-03 22:01:34 524288 --sha-w- c:\users\ayrian\ntuser.dat{4b36d56c-b73e-11df-9309-0023ae3ab6b8}.TMContainer00000000000000000001.regtrans-ms
2010-09-03 20:07:54 0 d-----w- c:\users\ayrian\appdata\roaming\GlarySoft
2010-09-03 20:02:45 0 d-----w- c:\program files\Glary Utilities
2010-09-03 03:35:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 03:35:05 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 03:28:37 0 d-----w- c:\programdata\TEMP
2010-09-03 03:19:56 0 d-----w- c:\programdata\PC Tools
2010-09-03 02:48:45 28672 --sha-w- c:\users\ayrian\Thumbs.db
2010-09-03 00:45:49 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-03 00:45:43 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-03 00:45:43 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-03 00:45:15 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-01 21:01:27 53248 ----a-w- c:\windows\system32\FastUv32.dll
2010-08-07 04:23:02 0 d-----w- c:\program files\SystemRequirementsLab

==================== Find3M ====================

2010-08-06 02:54:58 710720 ----a-w- c:\windows\system32\drivers\NDIS.sys
2010-07-15 13:46:17 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:46:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:45:46 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-08 07:06:02 0 ----a-w- c:\users\ayrian\appdata\roaming\wklnhst.dat
2010-06-17 16:55:42 112 ----a-w- c:\programdata\s4tu6mSK.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-04-22 03:48:11 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows \ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 2:01:33.19 ===============


------------------------------------------------------------------------------------------------------

#3 The Attachment is Enclosed

------------------------------------------------------------------------------------------------------

#4 The Contents of the ark.txt File


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 02:15:55
Windows 6.1.7600
Running: di67g3zt.exe; Driver: C:\Users\Ayrian\AppData\Local\Temp\ufldapow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83024634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83024898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8303D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C555C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7A052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 96548C9D 28 Bytes [9E, 72, B2, 6D, D1, B7, CB, ...]
.text peauth.sys 96548CC1 28 Bytes [9E, 72, B2, 6D, D1, B7, CB, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[348] ntdll.dll!NtProtectVirtualMemory 77855360 5 Bytes JMP 001D000A
.text C:\Windows\Explorer.EXE[348] ntdll.dll!NtWriteVirtualMemory 77855EE0 5 Bytes JMP 001E000A
.text C:\Windows\Explorer.EXE[348] ntdll.dll!KiUserExceptionDispatcher 77856448 5 Bytes JMP 001C000A
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtProtectVirtualMemory 77855360 5 Bytes JMP 0016000A
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtWriteVirtualMemory 77855EE0 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!KiUserExceptionDispatcher 77856448 5 Bytes JMP 0015000A
.text C:\Windows\system32\svchost.exe[1244] ole32.dll!CoCreateInstance 761A57FC 5 Bytes JMP 0062000A
.text C:\Windows\system32\svchost.exe[1244] USER32.dll!GetCursorPos 7765C198 5 Bytes JMP 00E1000A

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85DC5AC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000276091ea6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000276091ea6 @64b9e80a7380 0x81 0xB2 0x48 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000276091ea6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000276091ea6@64b 9e80a7380 0x81 0xB2 0x48 0x72 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

------------------------------------------------------------------------------------------------------

If this is all that you have requested and all is here thank you for your time, and keep up the good work.
I have went through quite a few posts and a lot of people have problems, still you guys do it for a good cause and have a lot of happy people from this site. Thanks Again.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Register for free to hide this ad!
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
05-Sep-2010, 08:42 AM #2
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.




  • If an infected file is detected, the default action will be Cure, click on Continue.




  • If a suspicious file is detected, the default action will be Skip, click on Continue.




  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
__________________
I gotta hold on to my angst. I preserve it because I need it. It keeps me sharp, on the edge, where I gotta be.
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 04:29 PM #3
Again, Thank You for the quick reply. I have downloaded TDSSKiller and ran it from the desktop. It found 1 rootkit and when I tried to click continue on the cure page an error came up on the "System Scan Complete" Page This is what it was "C:\Windows\system32\drivers\ndis.sys - processing error".

Also here is the report from TDSSKiller that you requested as follows.

---------------------------------------------------------------------------------------------------

2010/09/05 15:24:36.0875 TDSS rootkit removing tool 2.4.2.0 Sep 3 2010 10:26:06
2010/09/05 15:24:36.0875 =========================================================================== =====
2010/09/05 15:24:36.0875 SystemInfo:
2010/09/05 15:24:36.0875
2010/09/05 15:24:36.0875 OS Version: 6.1.7600 ServicePack: 0.0
2010/09/05 15:24:36.0875 Product type: Workstation
2010/09/05 15:24:36.0875 ComputerName: ED-HARDY
2010/09/05 15:24:36.0878 UserName: Ayrian
2010/09/05 15:24:36.0878 Windows directory: C:\Windows
2010/09/05 15:24:36.0878 System windows directory: C:\Windows
2010/09/05 15:24:36.0878 Processor architecture: Intel x86
2010/09/05 15:24:36.0878 Number of processors: 2
2010/09/05 15:24:36.0878 Page size: 0x1000
2010/09/05 15:24:36.0878 Boot type: Normal boot
2010/09/05 15:24:36.0878 =========================================================================== =====
2010/09/05 15:24:37.0116 Initialize success
2010/09/05 15:24:41.0464 =========================================================================== =====
2010/09/05 15:24:41.0464 Scan started
2010/09/05 15:24:41.0464 Mode: Manual;
2010/09/05 15:24:41.0464 =========================================================================== =====
2010/09/05 15:24:42.0827 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/09/05 15:24:42.0849 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2010/09/05 15:24:42.0879 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/09/05 15:24:42.0912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/09/05 15:24:42.0948 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2010/09/05 15:24:42.0966 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2010/09/05 15:24:43.0000 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2010/09/05 15:24:43.0031 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2010/09/05 15:24:43.0081 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2010/09/05 15:24:43.0123 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2010/09/05 15:24:43.0148 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2010/09/05 15:24:43.0172 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2010/09/05 15:24:43.0188 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2010/09/05 15:24:43.0216 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2010/09/05 15:24:43.0241 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2010/09/05 15:24:43.0273 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/09/05 15:24:43.0317 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2010/09/05 15:24:43.0345 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2010/09/05 15:24:43.0383 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2010/09/05 15:24:43.0416 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2010/09/05 15:24:43.0446 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/09/05 15:24:43.0491 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2010/09/05 15:24:43.0577 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2010/09/05 15:24:43.0633 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2010/09/05 15:24:43.0680 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
2010/09/05 15:24:43.0727 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2010/09/05 15:24:43.0768 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2010/09/05 15:24:43.0812 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2010/09/05 15:24:43.0843 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/09/05 15:24:43.0882 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2010/09/05 15:24:43.0911 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/09/05 15:24:43.0933 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/09/05 15:24:43.0975 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2010/09/05 15:24:44.0009 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/09/05 15:24:44.0038 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/09/05 15:24:44.0061 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/09/05 15:24:44.0096 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/09/05 15:24:44.0129 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/09/05 15:24:44.0167 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2010/09/05 15:24:44.0218 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
2010/09/05 15:24:44.0256 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
2010/09/05 15:24:44.0337 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2010/09/05 15:24:44.0405 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2010/09/05 15:24:44.0484 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2010/09/05 15:24:44.0537 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2010/09/05 15:24:44.0568 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/09/05 15:24:44.0613 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2010/09/05 15:24:44.0648 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2010/09/05 15:24:44.0684 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2010/09/05 15:24:44.0713 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/09/05 15:24:44.0776 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/09/05 15:24:44.0888 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/09/05 15:24:44.0933 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2010/09/05 15:24:44.0983 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2010/09/05 15:24:45.0015 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2010/09/05 15:24:45.0047 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2010/09/05 15:24:45.0107 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2010/09/05 15:24:45.0149 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2010/09/05 15:24:45.0178 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/09/05 15:24:45.0283 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2010/09/05 15:24:45.0347 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2010/09/05 15:24:45.0378 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2010/09/05 15:24:45.0424 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2010/09/05 15:24:45.0442 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2010/09/05 15:24:45.0483 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2010/09/05 15:24:45.0526 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2010/09/05 15:24:45.0556 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2010/09/05 15:24:45.0581 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/09/05 15:24:45.0631 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2010/09/05 15:24:45.0665 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2010/09/05 15:24:45.0712 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2010/09/05 15:24:45.0732 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2010/09/05 15:24:45.0764 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/09/05 15:24:45.0823 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/09/05 15:24:45.0855 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2010/09/05 15:24:45.0907 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2010/09/05 15:24:45.0940 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/09/05 15:24:45.0971 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/09/05 15:24:45.0998 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2010/09/05 15:24:46.0042 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2010/09/05 15:24:46.0112 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2010/09/05 15:24:46.0158 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/09/05 15:24:46.0202 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2010/09/05 15:24:46.0228 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2010/09/05 15:24:46.0259 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/09/05 15:24:46.0428 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/09/05 15:24:46.0582 igfx (ad626f6964f4d364d226c39e06872dd3) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/09/05 15:24:46.0672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2010/09/05 15:24:46.0743 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2010/09/05 15:24:46.0772 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2010/09/05 15:24:46.0811 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/09/05 15:24:46.0847 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/09/05 15:24:46.0889 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2010/09/05 15:24:46.0918 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2010/09/05 15:24:46.0947 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2010/09/05 15:24:46.0995 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/09/05 15:24:47.0036 jumi (ee894427ac0b2b2c2c8b32cb78357dae) C:\Windows\system32\DRIVERS\jumi.sys
2010/09/05 15:24:47.0066 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/09/05 15:24:47.0098 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/09/05 15:24:47.0132 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2010/09/05 15:24:47.0158 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2010/09/05 15:24:47.0203 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/09/05 15:24:47.0257 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/09/05 15:24:47.0292 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/09/05 15:24:47.0323 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/09/05 15:24:47.0356 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/09/05 15:24:47.0382 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2010/09/05 15:24:47.0420 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2010/09/05 15:24:47.0451 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/09/05 15:24:47.0484 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2010/09/05 15:24:47.0515 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2010/09/05 15:24:47.0575 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2010/09/05 15:24:47.0607 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2010/09/05 15:24:47.0649 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2010/09/05 15:24:47.0685 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2010/09/05 15:24:47.0710 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2010/09/05 15:24:47.0741 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2010/09/05 15:24:47.0778 mrxsmb (9e5dd4ef01aed723abf5342ef23ff012) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/09/05 15:24:47.0810 mrxsmb10 (6532acbf612a8d340ef9e25e4fef21ee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/09/05 15:24:47.0838 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/09/05 15:24:47.0868 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2010/09/05 15:24:47.0893 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2010/09/05 15:24:47.0936 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2010/09/05 15:24:47.0962 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2010/09/05 15:24:48.0004 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/09/05 15:24:48.0037 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2010/09/05 15:24:48.0072 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/09/05 15:24:48.0103 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2010/09/05 15:24:48.0130 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2010/09/05 15:24:48.0166 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/09/05 15:24:48.0194 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2010/09/05 15:24:48.0220 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/09/05 15:24:48.0258 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2010/09/05 15:24:48.0611 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2010/09/05 15:24:48.0764 NDIS (126101ce9f0faa1c5bc9ed827b0fdf75) C:\Windows\system32\drivers\ndis.sys
2010/09/05 15:24:48.0768 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.sys. Real md5: 126101ce9f0faa1c5bc9ed827b0fdf75, Fake md5: 23759d175a0a9baaf04d05047bc135a8
2010/09/05 15:24:48.0775 NDIS - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/05 15:24:48.0832 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/09/05 15:24:48.0854 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/09/05 15:24:48.0878 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/09/05 15:24:48.0910 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/09/05 15:24:48.0943 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2010/09/05 15:24:48.0977 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\Windows\system32\DRIVERS\netaapl.sys
2010/09/05 15:24:49.0006 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2010/09/05 15:24:49.0049 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2010/09/05 15:24:49.0212 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2010/09/05 15:24:49.0339 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/09/05 15:24:49.0378 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2010/09/05 15:24:49.0408 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2010/09/05 15:24:49.0463 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2010/09/05 15:24:49.0495 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2010/09/05 15:24:49.0529 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/09/05 15:24:49.0548 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2010/09/05 15:24:49.0576 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/09/05 15:24:49.0601 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/09/05 15:24:49.0652 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2010/09/05 15:24:49.0675 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2010/09/05 15:24:49.0708 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2010/09/05 15:24:49.0737 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2010/09/05 15:24:49.0764 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2010/09/05 15:24:49.0800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/09/05 15:24:49.0856 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/09/05 15:24:49.0882 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2010/09/05 15:24:49.0921 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2010/09/05 15:24:50.0033 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2010/09/05 15:24:50.0059 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2010/09/05 15:24:50.0103 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2010/09/05 15:24:50.0163 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2010/09/05 15:24:50.0202 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/09/05 15:24:50.0231 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2010/09/05 15:24:50.0261 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2010/09/05 15:24:50.0285 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/09/05 15:24:50.0324 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/09/05 15:24:50.0383 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/09/05 15:24:50.0436 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2010/09/05 15:24:50.0464 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2010/09/05 15:24:50.0493 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/09/05 15:24:50.0521 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/09/05 15:24:50.0553 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2010/09/05 15:24:50.0569 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2010/09/05 15:24:50.0595 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2010/09/05 15:24:50.0632 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2010/09/05 15:24:50.0665 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2010/09/05 15:24:50.0818 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/09/05 15:24:50.0864 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/09/05 15:24:50.0944 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2010/09/05 15:24:51.0006 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2010/09/05 15:24:51.0042 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/09/05 15:24:51.0094 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2010/09/05 15:24:51.0146 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
2010/09/05 15:24:51.0192 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/09/05 15:24:51.0224 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2010/09/05 15:24:51.0254 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2010/09/05 15:24:51.0286 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2010/09/05 15:24:51.0335 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/09/05 15:24:51.0359 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/09/05 15:24:51.0386 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/09/05 15:24:51.0408 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/09/05 15:24:51.0506 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2010/09/05 15:24:51.0543 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/09/05 15:24:51.0590 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/09/05 15:24:51.0614 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2010/09/05 15:24:51.0655 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2010/09/05 15:24:51.0722 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
2010/09/05 15:24:51.0759 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
2010/09/05 15:24:51.0778 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
2010/09/05 15:24:51.0808 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2010/09/05 15:24:51.0843 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2010/09/05 15:24:51.0872 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2010/09/05 15:24:51.0902 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2010/09/05 15:24:51.0988 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
2010/09/05 15:24:52.0055 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
2010/09/05 15:24:52.0095 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2010/09/05 15:24:52.0139 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2010/09/05 15:24:52.0167 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2010/09/05 15:24:52.0199 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2010/09/05 15:24:52.0217 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2010/09/05 15:24:52.0279 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/09/05 15:24:52.0320 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2010/09/05 15:24:52.0375 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2010/09/05 15:24:52.0406 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2010/09/05 15:24:52.0440 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/09/05 15:24:52.0468 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2010/09/05 15:24:52.0491 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2010/09/05 15:24:52.0562 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys
2010/09/05 15:24:52.0595 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/09/05 15:24:52.0613 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2010/09/05 15:24:52.0642 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
2010/09/05 15:24:52.0681 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
2010/09/05 15:24:52.0705 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2010/09/05 15:24:52.0734 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2010/09/05 15:24:52.0765 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/09/05 15:24:52.0797 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/09/05 15:24:52.0833 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/09/05 15:24:52.0863 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/09/05 15:24:52.0890 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2010/09/05 15:24:52.0931 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/09/05 15:24:52.0949 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2010/09/05 15:24:52.0969 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2010/09/05 15:24:53.0001 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2010/09/05 15:24:53.0022 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2010/09/05 15:24:53.0051 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2010/09/05 15:24:53.0093 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/09/05 15:24:53.0114 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2010/09/05 15:24:53.0152 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2010/09/05 15:24:53.0188 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/09/05 15:24:53.0217 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2010/09/05 15:24:53.0256 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2010/09/05 15:24:53.0290 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/05 15:24:53.0303 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2010/09/05 15:24:53.0364 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2010/09/05 15:24:53.0406 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2010/09/05 15:24:53.0467 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/09/05 15:24:53.0497 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2010/09/05 15:24:53.0597 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2010/09/05 15:24:53.0640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/09/05 15:24:53.0696 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/09/05 15:24:53.0749 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2010/09/05 15:24:53.0768 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/09/05 15:24:53.0842 =========================================================================== =====
2010/09/05 15:24:53.0842 Scan finished
2010/09/05 15:24:53.0842 =========================================================================== =====
2010/09/05 15:24:53.0855 Detected object count: 1
2010/09/05 15:25:06.0601 C:\Windows\system32\drivers\ndis.sys - processing error
2010/09/05 15:25:06.0601 Rootkit.Win32.TDSS.tdl3(NDIS) - User select action: Cure

Thank you for your time and I hope we can figure this out soon. I will be on the net all day today. FOr a quick response. Thank You

Johnnie. Walker
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 04:29 PM #4
Also No reboot was required.
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
05-Sep-2010, 05:18 PM #5
hows it running now
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 05:31 PM #6
It isn't popping up windows still but when I run AVG 9.0. It still seems to find virus'.
Also When I run Spybot It picks up Other virus' that I can't seem to get rid of.

When I try to remove the virus' in spybot
A window comes up that says I need administrator priveliges
I will post what Spybot pulls up when the scan is complete.

Thank You
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 05:31 PM #7
Meanwhile I am signed in as an administrator
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 05:35 PM #8
Also the task manager on windows 7 has no close box on it, I have to close it in the toolbar at the bottom. That just started yesterday.
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
05-Sep-2010, 06:13 PM #9
When Spybot was finished it came up with 2 Malwares that I can't remove
As well as 2 Trojans in the registry key that I can't remove as well
Then
It is saying that "The action may not be preformed completely since you are not an administrator.
If you want this preformed for all users please run this application elevated as an administrator.

So I Click O.K.

Then a box came up saying
"Some problems couldn't be fixed;the reason could be that the associated files are still in use (in memory) this could be fixed after a restart.
Could Spybot run on your next system start up.

It also says in another box that comes up after the last
2 Problems fixed
2 Problems could not be fixed. You should have an Administrator scan, and fix again.

When I click yes. It does run on the next system start up. But the same thing comes up again.
I have done this about 3 times now and the same problems keep coming back again.

Here are the log files from spybot anyways, I don't think you can use them, but maybe you can. Or if anyone else that reads this may know something or two about what is going on with my computer.
It is also on my desktop as well, but this is more important because my girlfriend is going back to school on Tuesday, and I was going to give this to her to use for the time being.

Any feedback would be greatly appreciated. Thank You

Johnnie. Walker.
The Log for Spybot S&D is as follows
-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-p-

--- Search result list ---
Win32.Agent.ieu: [SBI $81012CAF] Data (File, nothing done)
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
Properties.size=248
Properties.md5=A5CB7A7258F98FE3C6F23238C4CB6FBA
Properties.filedate=1283717222
Properties.filedatetext=2010-09-05 16:07:02

Win32.Agent.ieu: [SBI $39018BD3] Data (File, nothing done)
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
Properties.size=290
Properties.md5=55BA953E11263866A4435B3D0A162188
Properties.filedate=1283718302
Properties.filedatetext=2010-09-05 16:25:02

Win32.BHO.ttam: [SBI $481B7F6A] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a}

Win32.BHO.ttam: [SBI $232BDBBE] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6a91056-83e0-4c6e-8dcc-43fc0dfe7a0a}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-09-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-08-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-07-27 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-06-29 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-31 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-06-01 Includes\Malware.sbi (*)
2010-08-31 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-07-20 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-07-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-07-28 Includes\TrojansC-04.sbi (*)
2010-08-31 Includes\TrojansC-05.sbi (*)
2010-08-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 976832
MD5: 0B232C77D822983397674AEEC9AB59DC

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: A32B25970003B6ABA027EFF8EEDA12A3

Located: HK_CU:Run, RESTART_STICKY_NOTES
where: S-1-5-21-3414327761-151168445-450945681-1000...
command: C:\Windows\System32\StikyNot.exe
file: C:\Windows\System32\StikyNot.exe
size: 354304
MD5: 2F0EAAF91FC7A5C70D1F4BE9B18A1CF5

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3414327761-151168445-450945681-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 6/19/2010 3:29:34 PM
Date (last access): 7/10/2010 2:30:04 AM
Date (last write): 6/19/2010 3:29:34 PM
Filesize: 75200
Attributes: archive
MD5: 6D9042F1443A601DA8DC24D991EDDD0A
CRC32: 10990AC8
Version: 9.3.3.177

{3BF7CEB6-B299-4F7F-A950-A561A273CA30} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name:
CLSID name:

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Program Files\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 7/15/2010 9:46:18 AM
Date (last access): 7/22/2010 1:07:58 PM
Date (last write): 7/22/2010 1:07:58 PM
Filesize: 1619296
Attributes: archive
MD5: 9709500432501607C7DD32B9F2B07E1F
CRC32: DD3F49C2
Version: 9.0.0.845

{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name:
CLSID name:

{A3BC75A2-1F87-4686-AA43-5347D756017C} (AVG Security Toolbar BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name:
CLSID name: AVG Security Toolbar BHO
Path: C:\Program Files\AVG\AVG9\Toolbar\
Long name: IEToolbar.dll
Short name: IETOOL~1.DLL
Date (created): 4/30/2009 3:25:30 PM
Date (last access): 4/30/2009 3:25:30 PM
Date (last write): 2/23/2010 2:04:10 PM
Filesize: 1664256
Attributes: archive
MD5: 2AB7A9848237ECBE10B88AFB2D54273C
CRC32: AA5E3C12
Version: 4.2.23.4

{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} (CCAB)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name: CCAB
CLSID name: CAB Class

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 4/21/2010 11:55:28 PM
Date (last access): 4/21/2010 11:55:28 PM
Date (last write): 4/21/2010 11:55:28 PM
Filesize: 41760
Attributes: archive
MD5: 1E57B1A44C7DFFA1C38534279C14B3CE
CRC32: BA79295C
Version: 6.0.150.3



--- ActiveX list ---
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 4/21/2010 11:55:28 PM
Date (last access): 4/12/2010 5:30:16 PM
Date (last write): 4/12/2010 5:29:22 PM
Filesize: 108320
Attributes: archive
MD5: 3F7C69FF524EC11535342108A350A76F
CRC32: 28370E95
Version: 6.0.200.2

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_20
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_20.dll
Short name: NPJPI1~1.DLL
Date (created): 4/12/2010 3:19:06 PM
Date (last access): 4/12/2074 5:30:28 PM
Date (last write): 4/12/2010 5:29:22 PM
Filesize: 136992
Attributes: archive
MD5: E06930C34F16C8AD24AD79502F40026A
CRC32: 529E0B62
Version: 6.0.200.2



--- Process list ---
PID: 1908 ( 504) C:\Windows\system32\taskhost.exe
size: 49152
MD5: 8F4F5A5C1BAE72CE6EAEEA1CA3F98CA2
PID: 1964 (1180) C:\Windows\system32\Dwm.exe
size: 92672
MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
PID: 240 (1836) C:\Windows\Explorer.EXE
size: 2614272
MD5: 2626FC9755BE22F805D3CFA0CE3EE727
PID: 2092 ( 240) C:\Windows\System32\StikyNot.exe
size: 354304
MD5: 2F0EAAF91FC7A5C70D1F4BE9B18A1CF5
PID: 3388 ( 240) C:\Program Files\Mozilla Firefox\firefox.exe
size: 910296
MD5: BACCDA841C689D1CBA941F478E8ED24B
PID: 5052 (3388) C:\Program Files\Mozilla Firefox\plugin-container.exe
size: 14808
MD5: 642FA80C2C43EE609313746AA305DC86
PID: 5452 ( 240) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 268 ( 4) smss.exe
size: 69632
PID: 372 ( 360) csrss.exe
size: 6144
PID: 424 ( 360) wininit.exe
size: 96256
PID: 432 ( 416) csrss.exe
size: 6144
PID: 444 ( 424) avgchsvx.exe
PID: 460 ( 424) avgrsx.exe
PID: 504 ( 424) services.exe
size: 259072
PID: 520 ( 416) winlogon.exe
size: 285696
PID: 528 ( 424) lsass.exe
size: 22528
PID: 536 ( 424) lsm.exe
size: 261120
PID: 644 ( 460) avgcsrvx.exe
PID: 964 ( 504) svchost.exe
size: 20992
PID: 1044 ( 504) svchost.exe
size: 20992
PID: 1132 ( 504) svchost.exe
size: 20992
PID: 1180 ( 504) svchost.exe
size: 20992
PID: 1216 ( 504) svchost.exe
size: 20992
PID: 1412 ( 504) svchost.exe
size: 20992
PID: 1520 ( 504) svchost.exe
size: 20992
PID: 1676 ( 504) spoolsv.exe
size: 316416
PID: 1732 ( 504) svchost.exe
size: 20992
PID: 1952 ( 504) AppleMobileDeviceService.exe
PID: 2016 ( 504) avgwdsvc.exe
PID: 332 ( 504) mDNSResponder.exe
PID: 972 ( 504) svchost.exe
size: 20992
PID: 2196 ( 504) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2532 (2016) avgnsx.exe
PID: 2784 ( 504) avgemc.exe
PID: 2932 (2784) avgcsrvx.exe
PID: 3172 ( 504) svchost.exe
size: 20992
PID: 3372 ( 504) wmpnetwk.exe
PID: 3476 ( 504) svchost.exe
size: 20992
PID: 4544 (1216) taskeng.exe
size: 190464


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 9/5/2010 4:56:42 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.ca/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): 1394ohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller
Image path: system32\DRIVERS\1394ohci.sys
Image size: 163328
Image MD5: 6D2ACA41739BFE8CB86EE8E85F29697D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\DRIVERS\ACPI.sys
Image size: 274496
Image MD5: F0E07D144C8685B8774BC32FC8DA4DF0
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AcpiPmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ACPI Power Meter Driver
Image path: \SystemRoot\system32\DRIVERS\acpipmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\afd.sys,-1000
Description: @%systemroot%\system32\drivers\afd.sys,-1000
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: 18A54E132947CD98FEA9ACCC57F98F13
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\DRIVERS\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AmdPPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdsata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdsbs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdxata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\amdxata.sys
Image size: 23616
Image MD5: B81C2B5616F6420A9941EA093A92B150
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): AppID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-102
Description: @%systemroot%\system32\appidsvc.dll,-103
Image path: \SystemRoot\system32\drivers\appid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: FltMgr,DisCache

Service (registry key): AppIDSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-100
Description: @%systemroot%\system32\appidsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,AppID,CryptSvc

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Image size: 144672
Image MD5: D503DF3ABA595F551B98B9BAE017A271
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @appmgmts.dll,-3250
Description: @appmgmts.dll,-3251
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17920
Image MD5: ADD2ADE1C2B285AB8378D2DAAF991481
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: system32\DRIVERS\atapi.sys
Image size: 21584
Image MD5: 338C86357871C167A96AB976519BF59E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): AVG
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AVG Security Toolbar Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Security Toolbar Service
Object name: LocalSystem
Image path: C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
Image size: 369920
Image MD5: 2D4E94E19A6160D2CEA55FFF91E227F0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): avg9emc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free E-mail Scanner
Object name: LocalSystem
Image path: "C:\Program Files\AVG\AVG9\avgemc.exe"
Image size: 921952
Image MD5: AA054CD537357F03D5BA6ABA7562B35F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,avg9wd

Service (registry key): avg9wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free WatchDog
Object name: LocalSystem
Image path: "C:\Program Files\AVG\AVG9\avgwdsvc.exe"
Image size: 308136
Image MD5: C4D15594DB5BE042D3346EA58DF87D89
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AvgLdx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free AVI Loader Driver x86
Image path: System32\Drivers\avgldx86.sys
Image size: 216400
Image MD5: B8C187439D27ABA430DD69FDCF1FA657
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): AvgMfx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free On-access Scanner Minifilter Driver x86
Image path: System32\Drivers\avgmfx86.sys
Image size: 29584
Image MD5: 53B3F979930A786A614D29CAFE99F645
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): AvgTdiX
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AVG Free Network Redirector
Image path: System32\Drivers\avgtdix.sys
Image size: 243024
Image MD5: 22E3B793C3E61720F03D3A22351AF410
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): AxInstSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
Description: @%SystemRoot%\system32\AxInstSV.dll,-104
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): b06bdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II VBD
Image path: \SystemRoot\system32\DRIVERS\bxvbdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): b57nd60x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Image path: system32\DRIVERS\b57nd60x.sys
Image size: 229888
Image MD5: BD8869EB9CDE6BBE4508D869929869EE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BDESVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bdesvc.dll,-100
Description: @%SystemRoot%\system32\bdesvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\blbdrive.sys
Image size: 35328
Image MD5: 2287078ED48FCFC477B05B20CF38F36F
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bonjour Service
Description: Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 345376
Image MD5: EBAD0F51D8D4DADE7660B1851ADDBD07
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-102
Description: @%systemroot%\system32\browser.dll,-103
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: FCAFAEF6798D7B51FF029F99A9898961
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\System32\Drivers\Brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Enumerator Service
Image path: system32\DRIVERS\BthEnum.sys
Image size: 34816
Image MD5: 2865A5C8E98C70C605F417908CEBB3A4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Modem Communications Driver
Image path: system32\DRIVERS\bthmodem.sys
Image size: 56320
Image MD5: ED3DF7C56CE0084EB2034432FC56565A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BthPan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Image path: system32\DRIVERS\bthpan.sys
Image size: 93696
Image MD5: AD1872E5829E8A2C3B5B4B641C3EAB0E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Port Driver
Image path: System32\Drivers\BTHport.sys
Image size: 392704
Image MD5: 4A34888E13224678DD062466AFEC4240
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): bthserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Description: @%SystemRoot%\System32\bthserv.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BTHUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Radio USB Driver
Image path: System32\Drivers\BTHUSB.sys
Image size: 58880
Image MD5: FA04C63916FA221DBB91FCE153D07A55
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70656
Image MD5: 77EA11B065E0A8AB902D78145CA51E10
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 108544
Image MD5: BA6E70AA0E6091BC39DE29477D866A77
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\DRIVERS\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\clfs.sys,-100
Description: @%SystemRoot%\system32\clfs.sys,-101
Image path: System32\CLFS.sys
Image size: 249408
Image MD5: 635181E0E9BBF16871BF5380D71DB02D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66384
Image MD5: D88040F816FDA31C3B466F0FA0918F29
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: system32\DRIVERS\CmBatt.sys
Image size: 14080
Image MD5: DEA805815E587DAD1DD2C502220B5616
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): CNG
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\cng.sys
Image size: 369568
Image MD5: 1B675691ED940766149C93E8F4488D68
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 19024
Image MD5: A6023D3823C37043986713F118A89BEE
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): CompositeBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Composite Bus Enumerator Driver
Image path: system32\DRIVERS\CompositeBus.sys
Image size: 31232
Image MD5: F1724BA27E97D627F808FB0BA77A28A6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): cpudrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: cpudrv
Image path: \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): CSC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\cscsvc.dll,-202
Description: @%systemroot%\system32\cscsvc.dll,-203
Image path: system32\drivers\csc.sys
Image size: 387584
Image MD5: 27C9490BDD0AE48911AB8CF1932591ED
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: rdbss

Service (registry key): CscService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\cscsvc.dll,-200
Description: @%systemroot%\system32\cscsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): defragsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\defragsvc.dll,-101
Description: @%SystemRoot%\system32\defragsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 78336
Image MD5: 8E09E52EE2E3CEB199EF3DD99CF9E3FB
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
Description: @%SystemRoot%\system32\dhcpcore.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): discache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\discache.sys,-102
Description: @%systemroot%\system32\drivers\discache.sys,-101
Image path: System32\drivers\discache.sys
Image size: 32256
Image MD5: 1A050B0274BFB3890703D490F330C0DA
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 57424
Image MD5: 565003F326F99802E68CA78F2A68E9FF
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx,nsi

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Trusted Audio Drivers
Image path: system32\drivers\drmkaud.sys
Image size: 5120
Image MD5: B918E7C5F9BF77202F89E1A9539F2EB4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): E1G60
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver
Image path: system32\DRIVERS\E1G60I32.sys
Image size: 118784
Image MD5: 22EF8965101685ADD128F03A2B03CE16
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): ebdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II 10 GigE VBD
Image path: \SystemRoot\system32\DRIVERS\evbdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\efssvc.dll,-100
Description: @%SystemRoot%\system32\efssvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 22528
Image MD5: F42309C4191C506B71DB5D1126D26318
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 557056
Image MD5: 3A74A6E33685662B125A3269B1F2114F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 94720
Image MD5: D389BFF34F80CAEDE417BF9D1507996A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Hardware Error Device Driver
Image path: \SystemRoot\system32\DRIVERS\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): FastUserSwitchingCompatibility
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Network Security
Description: Windows Power Management Service
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 288
Error Control: 1

Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fxsresm.dll,-118
Description: @%systemroot%\system32\fxsresm.dll,-122
Object name: NT AUTHORITY\NetworkService
Image path: %systemroot%\system32\fxssvc.exe
Image size: 522752
Image MD5: F7EA23CC5E6BF2181F3F399D54F6EFC1
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: \SystemRoot\system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
Image path: system32\drivers\fileinfo.sys
Image size: 58448
Image MD5: 6CF00369C97F3CF563BE99BE983D13D8
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
Image path: system32\drivers\filetrace.sys
Image size: 28160
Image MD5: 42C51DC94C91DA21CB9196EB64C45DB9
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
Image path: system32\drivers\fltmgr.sys
Image size: 198208
Image MD5: 7520EC808E0C35E0EE6F841294316653
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 42856
Image MD5: E56F39F6B7FDA0AC77A79B0FD3DE1A2F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): FsDepends
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
Image path: System32\drivers\FsDepends.sys
Image size: 46160
Image MD5: 1A16B57943853E598CFF37FE2B8CBF1D
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 3
Depends On services: fltmgr

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 8
Error Control: 0

Service (registry key): fvevol
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Image path: System32\DRIVERS\fvevol.sys
Image size: 194488
Image MD5: 5592F5DBA26282D24D2B080EB438A4D7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: system32\DRIVERS\GEARAspiWDM.sys
Image size: 26600
Image MD5: 8182FF89C65E4D38B2DE4BB0FB18564E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): hcw85cir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Hauppauge Consumer Infrared Receiver
Image path: \SystemRoot\system32\drivers\hcw85cir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
Image path: system32\drivers\HdAudio.sys
Image size: 304128
Image MD5: 3530CAD25DEBA7DC7DE8BB51632CBC5F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 108544
Image MD5: 717A2207FD6F13AD3E664C7D5A43C7BF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID UPS Battery Driver
Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\DRIVERS\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 24064
Image MD5: 25072FB35AC90B25F9E4E3BACF774102
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HomeGroupListener
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\ListSvc.dll,-100
Description: @%SystemRoot%\System32\ListSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanServer

Service (registry key): HomeGroupProvider
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\provsvc.dll,-100
Description: @%SystemRoot%\System32\provsvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: netprofm,fdrespub,fdphost

Service (registry key): HpSAMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\HpSAMD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-2
Image path: system32\drivers\HTTP.sys
Image size: 513024
Image MD5: C531C7FD9E8B62021112787C4E2C5A5A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): hwpolicy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
Image path: System32\drivers\hwpolicy.sys
Image size: 13904
Image MD5: 8305F33CDE89AD6C7A0763ED0B5A8D42
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 80896
Image MD5: F151F0BDC47F4A28B1B20A0818EA36D6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iaStorV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 878416
Image MD5: 5AF815EB5BC9802E5A064E2BA62BFC0C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): igfx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\igdkmd32.sys
Image size: 4756480
Image MD5: AD626F6964F4D364D226C39E06872DD3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 53760
Image MD5: 3B514D27BFC4ACCB4037BC6685F766E0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 58880
Image MD5: 709D1761D3B19A932FF0238EA6D50200
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\IPMIDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Image path: System32\drivers\ipnat.sys
Image size: 101888
Image MD5: A5FA468D67ABCDAA36264E463A7BB0CD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod Service
Description: iPod hardware management services
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 545576
Image MD5: 85A9813C3A5D31F5FEA882C927BCB5D8
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
Image path: system32\drivers\irenum.sys
Image size: 13824
Image MD5: 42996CFF20A3084A56017B7902307E9F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort Driver
Image path: \SystemRoot\system32\DRIVERS\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): jumi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: %Jumi%
Image path: system32\DRIVERS\jumi.sys
Image size: 13112
Image MD5: EE894427AC0B2B2C2C8B32CB78357DAE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 42576
Image MD5: ADEF52CA1AEAE82B50DF86B56413107E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 28160
Image MD5: 3D9F0EBF350EDCFD6498057301455964
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: F42309C4191C506B71DB5D1126D26318
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 67664
Image MD5: E36A061EC11B373826905B21BE10948F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KSecPkg
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecpkg.sys
Image size: 133200
Image MD5: 26C046977E85B95036453D7B88BA1820
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 48128
Image MD5: F7611EC07349979DA9B0AE1F18CCC7A6
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LSI_SAS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\luafv.sys,-100
Description: @%systemroot%\system32\drivers\luafv.sys,-101
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MegaSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 31744
Image MD5: F001861E5700EE84E2D4E52C712F4964
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 23552
Image MD5: 79D10964DE86B292320E9DFE02282A23
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 41552
Image MD5: FB18CC1D4C2E716B6B903B0AC0CC0609
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 26112
Image MD5: 2C388D2CD01C9042596CF3C8F3C7B24D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): mountmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
Image path: System32\drivers\mountmgr.sys
Image size: 78416
Image MD5: 921C18727C5920D6C0300736646931C2
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 60416
Image MD5: AD2723A7B53DD1AACAE6AD8C0BFBF4D0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-104
Description: @%systemroot%\system32\webclnt.dll,-105
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1002
Description: @%systemroot%\system32\wkssvc.dll,-1003
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 123392
Image MD5: 9E5DD4EF01AED723ABF5342EF23FF012
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1004
Description: @%systemroot%\system32\wkssvc.dll,-1005
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 221184
Image MD5: 6532ACBF612A8D340EF9E25E4FEF21EE
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1006
Description: @%systemroot%\system32\wkssvc.dll,-1007
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 95744
Image MD5: 24D76ABE5DCAD22F19D105F76FDF0CE1
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\msahci.sys
Image size: 27712
Image MD5: 4326D168944123F38DD3B2D9C37A0B12
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 134144
Image MD5: E1BCE74A3BD9902B72599C0192A07E27
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): mshidkmdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\msisadrv.sys
Image size: 13888
Image MD5: 0A4E5757AE09FA9622E3158CC1AEF114
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 73216
Image MD5: A8492E3929E7B981DA541286709C8479
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 8320
Image MD5: 8C0860D6366AAFFB6C5BB9DF9448E631
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5888
Image MD5: 3EA8B949F963562CEDBB549EAC0C11CE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 5504
Image MD5: F456E973590D663B1073E9C463B40932
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: system32\DRIVERS\mssmbios.sys
Image size: 28240
Image MD5: FC6B9FF600CC585EA38B12589BD4E246
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 6144
Image MD5: B42C6B921F61A6E55159B8BE6CD54A36
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MTConfig
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Input Configuration Driver
Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\mup.sys,-101
Description: @%systemroot%\system32\drivers\mup.sys,-102
Image path: System32\Drivers\mup.sys
Image size: 49728
Image MD5: 159FAD02F64E6381758C990F753BCC80
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 267264
Image MD5: 26384429FCD85D83746F63E798AB1480
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NBService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NBService
Description: Nero BackItUp Service is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.
Object name: LocalSystem
Image path: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
Image size: 800040
Image MD5: B498A14133BD09AD0817590ACE4470AD
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
Image path: system32\drivers\ndis.sys
Image size: 710720
Image MD5: 23759D175A0A9BAAF04D05047BC135A8
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisCap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Capture LightWeight Filter
Description: NDIS Capture LightWeight Filter
Image path: system32\DRIVERS\ndiscap.sys
Image size: 27136
Image MD5: 0E1787AA6C9191D3D319E8BAFE86F80C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 20992
Image MD5: E4A8AEC125A2E43A9E32AFEEA7C9C888
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 45568
Image MD5: B30AE7F2B6D7E343B0DF32E6C08FCE75
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 118784
Image MD5: 267C415EADCBE53C9CA873DEE39CF3A4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Netaapl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device Ethernet Service
Image path: system32\DRIVERS\netaapl.sys
Image size: 17408
Image MD5: 29C45722E20572B6440B57E3359E73EE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 36352
Image MD5: 80B275B1CE3B0E79909DB7B39AF74D51
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
Image path: System32\DRIVERS\netbt.sys
Image size: 187904
Image MD5: DD52A733BF4CA5AF84562A5E2F963B91
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %systemroot%\system32\lsass.exe
Image size: 22528
Image MD5: F42309C4191C506B71DB5D1126D26318
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprofm.dll,-202
Description: @%SystemRoot%\system32\netprofm.dll,-203
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 128848
Image MD5: FE2AA5A684B0DD9B1FAE57B7817C198B
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): netw5v32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
Image path: system32\DRIVERS\netw5v32.sys
Image size: 4231168
Image MD5: 58218EC6B61B1169CF54AAB0D00F5FE2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): NMIndexingService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NMIndexingService
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
Image size: 279848
Image MD5: A328A46D87BB92CE4D8A4528E9D84787
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
Image path: system32\drivers\nsiproxy.sys
Image size: 16896
Image MD5: E9A0A4D07E53D8FEA2BB8387A3293C58
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller (Legacy)
Image path: \SystemRoot\system32\DRIVERS\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ose
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office Source Engine
Description: Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 89136
Image MD5: 7A56CF3E3F12E8AF599963B16F50FB6A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
Image path: System32\drivers\partmgr.sys
Image size: 56912
Image MD5: FF4218952B51DE44FE910953A3E686B9
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Parvdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\parvdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\DRIVERS\pci.sys
Image size: 153680
Image MD5: C858CB77C577780ECC456A892E7E7D0F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\pcmcia.sys
Image size: 180288
Image MD5: F396431B31693E71E8A80687EF523506
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): pcouffin
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VSO Software pcouffin
Image path: System32\Drivers\pcouffin.sys
Image size: 47360
Image MD5: 5B6C11DE7E839C05248CED8825470FEF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): pcw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counters for Windows Driver
Image path: System32\drivers\pcw.sys
Image size: 43088
Image MD5: 250F6B43D2B613172035C6747AEEB19F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 586752
Image MD5: 9E0104BA49F4E6973749A02BF41344ED
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): PeerDistSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\peerdistsvc.dll,-9000
Description: @%SystemRoot%\system32\peerdistsvc.dll,-9001
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k PeerDist
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: http

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Power
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpo.dll,-100
Description: @%SystemRoot%\system32\umpo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32006
Description: @%systemroot%\system32\rascfg.dll,-32006
Image path: system32\DRIVERS\raspptp.sys
Image size: 73728
Image MD5: 631E3E205AD6D86F2AED6A4A8E69F2DB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\DRIVERS\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: F42309C4191C506B71DB5D1126D26318
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Psched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 104448
Image MD5: 6270CCAE2A86DE6D146529FE55B3246A
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 11776
Image MD5: 30A81B53C766D0133BB86D234E5556AB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAgileVpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Image path: system32\DRIVERS\AgileVpn.sys
Image size: 49152
Image MD5: 57EC4AEF73660166074D8F7F31C0D4FD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,TapiSrv,RasAcd

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32005
Description: @%systemroot%\system32\rascfg.dll,-32005
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 78848
Image MD5: D9F91EAFEC2815365CBE6D167E4E332A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 77824
Image MD5: 0FE8B15916307A6AC12BFB6A63E45507
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 75264
Image MD5: 44101F495A83EA6401D886E7FD70096B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1000
Description: @%systemroot%\system32\wkssvc.dll,-1001
Image path: system32\DRIVERS\rdbss.sys
Image size: 241664
Image MD5: 835D7E81BF517A3B72384BDCC85E1CE6
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): rdpbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Device Redirector Bus Driver
Image path: system32\DRIVERS\rdpbus.sys
Image size: 18944
Image MD5: 0D8F05481CB76E70E1DA06EE9F0DA9DF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 6656
Image MD5: 1E016846895B15A99F9A176A05029075
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPDR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: System32\drivers\rdpdr.sys
Image size: 133120
Image MD5: C5FF95883FFEF704D50C40D21CFB3AB5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: RDBSS

Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
Image path: system32\drivers\rdpencdd.sys
Image size: 6656
Image MD5: 5A53CA1598DD4156D44196D200C94B8A
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPREFMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
Image path: system32\drivers\rdprefmp.sys
Image size: 7168
Image MD5: 44B0A53CD4F27D50ED461DAE0C0B4E1F
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): rdyboost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: ReadyBoost
Image path: System32\drivers\rdyboost.sys
Image size: 173648
Image MD5: 4EA225BF1CF05E158853F30A99CA29A7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,Bfe,RasMan,Http
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RFCOMM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Device (RFCOMM Protocol TDI)
Description: Bluetooth Device (RFCOMM Protocol TDI)
Image path: system32\DRIVERS\rfcomm.sys
Image size: 129536
Image MD5: CB928D9E6DAF51879DD6BA8D02F01321
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rimmptsk
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\rimmptsk.sys
Image size: 48128
Image MD5: DF672613FBBCD58C38BB0BC2694BCFB0
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): RpcEptMapper
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%windir%\system32\RpcEpMap.dll,-1001
Description: @%windir%\system32\RpcEpMap.dll,-1002
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 9216
Image MD5: 94D36C0E44677DD26981D2BFEEF2A29D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcEptMapper,DcomLaunch

Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 60928
Image MD5: 032B0D36AD92B582D869879F5AF5B928
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): s3cap
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vms3cap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: F42309C4191C506B71DB5D1126D26318
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): scfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
Image path: System32\DRIVERS\scfilter.sys
Image size: 26624
Image MD5: A95C54B2AC3CC9C73FCDF9E51A1D6B51
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\sdbus.sys
Image size: 84992
Image MD5: 7B48CFF3A475FE849DEA65EC4D35C425
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): SensrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000
Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Port Driver
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: system32\DRIVERS\sffdisk.sys
Image size: 11264
Image MD5: 9F976E1EB233DF46FCE808D9DEA3EB9C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\DRIVERS\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: system32\DRIVERS\sffp_sd.sys
Image size: 12800
Image MD5: 4F1E5B0FE7C8050668DBFADE8999AEFB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 71168
Image MD5: 3E21C083B8A01CB70BA1F09303010FCE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 12800
Image MD5: 6A984831644ECA1A33FFEAE4126F4F37
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 316416
Image MD5: 49B6DD6AB3715B7A67965F17194E98A9
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): sppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppsvc.exe,-101
Description: @%SystemRoot%\system32\sppsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\sppsvc.exe
Image size: 3179520
Image MD5: 4C287F9069FEDBD791178876EE9DE536
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): sppuinotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
Description: @%SystemRoot%\system32\sppuinotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): SQTECH905C
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DualCamera
Image path: System32\Drivers\Capt905c.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-102
Description: @%systemroot%\system32\srvsvc.dll,-103
Image path: System32\DRIVERS\srv.sys
Image size: 310784
Image MD5: 50A83CA406C808BD35AC9141A0C7618F
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-104
Description: @%systemroot%\system32\srvsvc.dll,-105
Image path: System32\DRIVERS\srv2.sys
Image size: 306688
Image MD5: DCE7E10FEAABD4CAE95948B3DE5340BB
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 113664
Image MD5: BD1433A32792FD0DC450479094FC435A
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): stexstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): StiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): storflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vmstorfltres.dll,-1000
Image path: system32\DRIVERS\vmstorfl.sys
Image size: 40896
Image MD5: 957E346CA948668F2496A6CCF6FF82CC
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): storvsc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\storvsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: system32\DRIVERS\swenum.sys
Image size: 12240
Image MD5: E58C78A848ADD9610A4DB6D214AF5224
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 1285712
Image MD5: 2CC3D75488ABD3EC628BBB9A4FC84EFC
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): TCPIP6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 1285712
Image MD5: 2CC3D75488ABD3EC628BBB9A4FC84EFC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TCPIP6TUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 34816
Image MD5: E64444523ADD154F86567C469BC0B17F
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TCPIPTUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 17920
Image MD5: 1875C1490D99E70E449E3AFAE9FCBADF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 24064
Image MD5: 7551E91EA999EE9A8E9C331D5A9C31F3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 74240
Image MD5: CB39E896A2A83702D1737BFD402B3542
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: system32\DRIVERS\termdd.sys
Image size: 51776
Image MD5: C36F41EE20E6999DBF4B0425963268A5
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\themeservice.dll,-8192
Description: @%SystemRoot%\System32\themeservice.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 204800
Image MD5: 41A4C781D2286208D397D72099304133
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 30208
Image MD5: 98AE6FA07D12CB4EC5CF4A9BFA5F4242
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 108544
Image MD5: 3E461D890A97F9D4C168F5FDA36E1D00
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 246784
Image MD5: 09CC3E16F8E5EE7168E01CF8FCBE061A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 35840
Image MD5: 8344FD4FCE927880AA1AA7681D4927E5
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus Enumerator Driver
Image path: system32\DRIVERS\umbus.sys
Image size: 39936
Image MD5: 049B3A50B3D646BAEEEE9EEC9B0668DC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UmPass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UMPass Driver
Image path: \SystemRoot\system32\DRIVERS\umpass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UmRdpService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umrdp.dll,-1000
Description: @%SystemRoot%\system32\umrdp.dll,-1001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: TermService,RDPDR

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): USBAAPL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl.sys
Image size: 41472
Image MD5: E8C1B9EBAC65288E1B51E8A987D98AF6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 75264
Image MD5: 8455C4ED038EFD09E99327F9D2D48FFA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\DRIVERS\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: system32\DRIVERS\usbehci.sys
Image size: 41472
Image MD5: 1C333BFD60F2FED2C7AD5DAF533CB742
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 258560
Image MD5: EE6EF93CCFA94FAE8C6AB298273D8AE2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: \SystemRoot\system32\DRIVERS\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: \SystemRoot\system32\DRIVERS\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 74752
Image MD5: D8889D56E0D27E57ED4591837FE71D27
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: system32\DRIVERS\usbuhci.sys
Image size: 24064
Image MD5: 78780C3EBCE17405B1CCD07A3A8A7D72
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): VaultSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: F42309C4191C506B71DB5D1126D26318
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): vdrvroot
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual Drive Enumerator Driver
Image path: system32\DRIVERS\vdrvroot.sys
Image size: 32832
Image MD5: A059C4C3EDB09E07D21A8E5C0AABD3CB
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 452608
Image MD5: 8C4E7C49D3641BC9E299E466A7F8867D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 26112
Image MD5: 17C408214EA61696CEC9C66E388B14F3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): vhdmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vhdmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\DRIVERS\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ViaC7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA C7 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\viac7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): vmbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vmbusres.dll,-1000
Image path: \SystemRoot\system32\DRIVERS\vmbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VMBusHID
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\VMBusHID.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\DRIVERS\volmgr.sys
Image size: 53312
Image MD5: 384E5A2AA49934295171E499F86BA6F3
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
Image path: System32\drivers\volmgrx.sys
Image size: 297040
Image MD5: B5BB72067DDDDBBFB04B2F89FF8C3C87
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Storage volumes
Image path: system32\DRIVERS\volsnap.sys
Image size: 245328
Image MD5: 58DF9D2481A56EDDE167E51B334D44FD
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 1025536
Image MD5: 7EA2BCD94D9CFAF4C556F5CC94532A6C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): vwifibus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\vwifibus.sys,-257
Description: @%SystemRoot%\System32\drivers\vwifibus.sys,-258
Image path: \SystemRoot\System32\drivers\vwifibus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VWiFiFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WANARP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32011
Description: @%systemroot%\system32\rascfg.dll,-32011
Image path: system32\DRIVERS\wanarp.sys
Image size: 63488
Image MD5: 692A712062146E96D28BA0B7D75DE31B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32012
Description: @%systemroot%\system32\rascfg.dll,-32012
Image path: system32\DRIVERS\wanarp.sys
Image size: 63488
Image MD5: 692A712062146E96D28BA0B7D75DE31B
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wbengine
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbengine.exe,-104
Description: @%systemroot%\system32\wbengine.exe,-105
Object name: localSystem
Image path: "%systemroot%\system32\wbengine.exe"
Image size: 1202688
Image MD5: 7790B77FE1E5EE47DCC66247095BB4C9
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WbioSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbiosrvc.dll,-100
Description: @%systemroot%\system32\wbiosrvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,VaultSvc,WUDFSvc

Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Mode Driver Frameworks service
Image path: system32\drivers\Wdf01000.sys
Image size: 445008
Image MD5: 9950E3D0F08141C7E89E64456AE7DC73
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog

Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0

Service (registry key): WfpLwf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Image path: system32\DRIVERS\wfplwf.sys
Image size: 9728
Image MD5: 8B9A943F3B53861F2BFAF6C186168F79
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): WIMMount
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIMMount
Description: WIM Image mount service driver
Image path: system32\drivers\wimmount.sys
Image size: 19008
Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 34944
Image MD5: 30FC6E5448D0CBAAA95280EEEF7FEDAE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: system32\DRIVERS\wmiacpi.sys
Image size: 11264
Image MD5: 0217679B8FCA58714C3BF2726D2CA84E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 136192
Image MD5: 6EB6B66517B048D87DC1856DDF1F4C3F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 1121280
Image MD5: 77FBD400984CF72BA0FC4B3489D65F74
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: http

Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt

Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 428032
Image MD5: 622D95520182F6D3D05310D5810CA8B3
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: User Mode Driver Frameworks Platform Driver
Image path: system32\drivers\WudfPf.sys
Image size: 92672
Image MD5: 6F9B6C0C93232CFF47D0F72D6DB1D21E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 132224
Image MD5: F91FF1E51FCA30B3C3981DB7D5924252
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf

Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {1C422DEC-34F4-4144-82C3-6400EDF84571}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {2C5B8FD6-2985-49DB-83AE-8FA5B3A00C95}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {60CC853D-5195-420C-837B-3B0CD1D5E4A0}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {EED9009B-B401-46DD-931B-5F495A993C33}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {FC8C0370-2793-4D90-A30B-061E88CB98EC}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
06-Sep-2010, 10:09 AM #10
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
__________________
I gotta hold on to my angst. I preserve it because I need it. It keeps me sharp, on the edge, where I gotta be.
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
06-Sep-2010, 12:33 PM #11
Goodmorning, and once again thank you for your fast reply. I have downloaded and ran Combofix. And have cut and paste the log file to this post.
------------------------------------------------------------------------------------------------------
PROBLEMS I AM STILL HAVING
- I am still having problems with my laptop, I downloaded a portable version of Mozilla to put on USB, and tried to un-install the desktop version,
and it wouldn't let me un-install it.
- Mozilla, on the USB is still getting redirections.
- Also when I am typing something, the mouse will automatically move to another spot on the page, and I will start typing in another spot on my post.
- When I was putting a new reply on the TechGuy Website yesterday. The internet disconnected at sometime, and I lost the post I was typing.
So I had to start over multiple times. So now when I type out a post. I type it in Notepad, then Save it, then Copy and Paste it to the
"Post Quick Reply" Page.
- Also when I try to update Windows 7, it won't let me. It says that it can't connect or something, (I can give you exactly what it said if you require it).
------------------------------------------------------------------------------------------------------
1) Before I ran ComboFix.exe, I disabled My AVG 9.0 Anti-virus
- Resident Shield
- AVG Link Scanner
- E-Mail Scanner
2) Now While I was running ComboFix.exe A box came up with the following notes:
The following websiter are not in any way affiliated to ComboFix
http://www.combofixdownloads.biz/
http://www.combofix.org/
http://www.combofixdownload.com/
If you have purchased anything from them, I suggest you instruct your Financiers
to cancel the transaction.
---------------------------------------------------------------------------------------------------------
A guide on proper ComboFix usage may be found at:
http://www.bleepingcomputer.com/comb...o-use-combofix.
ComboFix is meant for private use. It should never be used in an
unsupervised environment. If infections are found, it will automatically
reboot the machine to complete the removal process. Please ensure all
open windows are closed before proceeding.
The Software provided 'as is' without warranty of any kind. All
implied warranties are expressly disclaimed. If you do not agree to the
above terms, please click No to exit. "I Clicked Yes"
" So I Closed All Open Windows but ComboFix"
------------------------------------------------------------------------------------------------------------
While running ComboFix, a box came up, while the Administrator Auto-Scan window was up that said at the top:
----------------------------------------------------------------------------------------------------------------
MBR.CFXXE
MBR.CFXXE Has stopped working
A problem has caused the program to stop working correctly
Windows will close the program, and notify you if a solution is
available.
Close Program
----------------------------------------------------------------------------------------------------------------
Next the Administrator Auto-Scan went through all it's stages from Stage_1 to ?

Then "Preparing Log Report"
Do not run any programs untill ComboFix has finished
ComboFix's Log shall be located in C:\COMBOFIX.TXT
-------------------------------------------------------------------------------------------------------------------
- Also I did not have to download and install the "Microsoft Windows Recovery Console"
- Also I was not prompted to reboot my computer, so I did it manually.
- Also am I supposed to re-enable my Anti-Virus Software or leave it disabled untill
further notification?
Thank you for your time and effort you have given to helping all these people, I am greatly appreciated.
Thank You
Johnnie. Walker.

- If you need any other information or any other log files or something, I will be home and online
all day.
--------------------------------------------------------------------------------------------------------
COMBOFIX.TXT LOG FILE IS BELOW.

ComboFix 10-09-04.06 - Ayrian 09/06/2010 10:38:49.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2003.1416 [GMT -4:00]
Running from: c:\users\Ayrian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-03 20:07 . 2010-09-03 20:07 -------- d-----w- c:\users\Ayrian\AppData\Roaming\GlarySoft
2010-09-03 03:35 . 2010-09-06 05:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 03:35 . 2010-09-06 05:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 03:19 . 2010-09-03 03:23 80767800 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-03 03:19 . 2010-09-03 03:19 -------- d-----w- c:\programdata\PC Tools
2010-09-03 00:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-09-03 00:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-09-03 00:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-03 00:45 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-03 00:45 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-03 00:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-03 00:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-09-03 00:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-09-03 00:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-03 00:16 . 2010-02-23 18:04 1664256 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 04:56 . 2010-09-06 04:56 388096 ----a-r- c:\users\Ayrian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-06 04:56 . 2010-09-06 04:56 -------- d-----w- c:\program files\Trend Micro
2010-09-06 01:54 . 2010-09-06 01:54 -------- d-----w- c:\users\Ayrian\AppData\Roaming\Malwarebytes
2010-09-06 01:54 . 2010-09-06 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 01:54 . 2010-09-06 01:54 -------- d-----w- c:\programdata\Malwarebytes
2010-09-05 23:21 . 2010-06-12 03:40 -------- d-----w- c:\program files\IObit
2010-09-05 21:33 . 2009-04-30 07:59 -------- d-----w- c:\programdata\avg9
2010-09-03 07:07 . 2010-06-12 02:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-03 00:16 . 2009-04-30 19:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-07 04:23 . 2010-08-07 04:23 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-07 04:22 . 2010-08-07 04:22 84480 ----a-w- c:\users\Ayrian\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66 .0A.dll
2010-08-07 04:22 . 2010-08-07 04:22 -------- d-----w- c:\users\Ayrian\AppData\Roaming\SystemRequirementsLab
2010-08-07 01:55 . 2010-06-16 03:29 -------- d-----w- c:\programdata\IObit
2010-08-06 04:11 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-08-06 02:54 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\NDIS.sys
2010-07-17 05:12 . 2010-06-08 01:22 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 05:11 . 2010-06-08 01:16 -------- d-----w- c:\programdata\DivX
2010-07-17 05:11 . 2010-06-08 01:16 -------- d-----w- c:\program files\DivX
2010-07-17 05:11 . 2010-06-08 01:20 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-17 05:08 . 2010-04-28 23:14 -------- d-----w- c:\program files\RegWork
2010-07-15 21:50 . 2010-06-12 03:40 -------- d-----w- c:\users\Ayrian\AppData\Roaming\IObit
2010-07-15 13:46 . 2009-04-30 19:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:46 . 2010-07-15 13:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:45 . 2009-04-30 19:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 05:43 . 2010-04-22 21:32 0 ----a-w- c:\users\Ayrian\AppData\Local\Tyalamufoye.dat
2010-07-10 07:42 . 2010-04-21 19:37 74032 ----a-w- c:\users\Ayrian\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-09 05:18 . 2010-04-22 21:32 0 ----a-w- c:\users\Ayrian\AppData\Local\Lqidowoziqipu.bin
2010-07-09 05:09 . 2010-07-09 05:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 05:08 . 2010-07-09 05:08 -------- d-----w- c:\program files\Microsoft.NET
2010-07-08 07:06 . 2010-07-08 07:06 0 ----a-w- c:\users\Ayrian\AppData\Roaming\wklnhst.dat
2010-06-27 23:46 . 2010-06-27 23:46 8603 ----a-w- c:\users\Ayrian\AppData\Local\obipafebocovofa.dll
2010-06-17 16:55 . 2010-06-17 14:45 112 ----a-w- c:\programdata\s4tu6mSK.dat
2010-06-12 05:30 . 2010-06-12 05:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-06-12 05:30 . 2010-06-12 05:30 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-12 05:29 . 2010-06-12 05:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-09 01:34 . 2010-06-09 01:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2010-06-09 01:33 . 2010-06-09 01:33 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2010-06-09 01:22 . 2010-06-09 01:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-09 01:22 . 2010-06-09 01:22 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-09-05_22.59.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 05:54 . 2010-09-06 05:16 28084 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-09-06 14:23 38964 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-04-30 07:47 . 2010-09-06 14:23 10490 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3414327761-151168445-450945681-1000_UserData.bin
+ 2010-09-06 01:54 . 2010-04-29 19:39 38224 c:\windows\System32\drivers\mbamswissarmy.sys
+ 2010-09-06 01:54 . 2010-04-29 19:39 20952 c:\windows\System32\drivers\mbam.sys
- 2009-04-30 07:43 . 2010-09-05 21:33 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-04-30 07:43 . 2010-09-06 14:21 81920 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2010-04-22 23:02 . 2010-09-06 05:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2010-04-22 23:02 . 2010-08-05 21:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-07-14 04:41 . 2010-09-06 14:21 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-09-05 21:33 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2010-04-21 22:24 . 2010-09-05 06:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
+ 2010-04-21 22:24 . 2010-09-06 05:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows \Cookies\index.dat
- 2010-04-21 22:24 . 2010-09-05 06:23 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2010-04-21 22:24 . 2010-09-06 05:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat
+ 2010-04-21 22:24 . 2010-09-06 05:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2010-04-21 22:24 . 2010-09-05 06:23 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat
- 2010-04-21 22:24 . 2010-09-05 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2010-04-21 22:24 . 2010-09-06 14:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\C ookies\index.dat
+ 2010-04-21 22:24 . 2010-09-06 14:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat
- 2010-04-21 22:24 . 2010-09-05 22:01 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat
- 2010-04-21 22:24 . 2010-09-05 22:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2010-04-21 22:24 . 2010-09-06 14:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\His tory\History.IE5\index.dat
+ 2010-09-06 14:21 . 2010-09-06 14:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-05 21:33 . 2010-09-05 21:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-05 21:33 . 2010-09-05 21:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-06 14:21 . 2010-09-06 14:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-22 03:46 . 2010-09-06 14:20 276620 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-09-05 21:38 615360 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-09-06 14:25 615360 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-09-05 21:38 107926 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-09-06 14:25 107926 c:\windows\System32\perfc009.dat
- 2010-02-10 05:43 . 2010-09-05 06:45 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2010-02-10 05:43 . 2010-09-06 05:33 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ IETldCache\index.dat
+ 2009-07-14 02:03 . 2010-09-06 06:02 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-09-05 22:23 6815744 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-04-30 07:43 . 2010-09-06 14:21 1310720 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-04-30 07:43 . 2010-09-05 21:33 1310720 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2010-09-06 04:55 . 2010-09-06 04:55 1402880 c:\windows\Installer\379e3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 21:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-22 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Ayrian\AppData\Roaming\Mozilla\Firefox\Profiles\i4ecvkvj.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,f9,12,d3,b7,2c,3b,40,95,66,f0, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,f9,12,d3,b7,2c,3b,40,95,66,f0, \

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-06 10:45:39
ComboFix-quarantined-files.txt 2010-09-06 14:45
ComboFix2.txt 2010-09-05 23:03

Pre-Run: 53,051,682,816 bytes free
Post-Run: 53,115,293,696 bytes free

- - End Of File - - 80323EC35D8E8AE7FC53BBF0F5A1F957
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
06-Sep-2010, 12:47 PM #12
post this log


ComboFix2.txt 2010-09-05 23:03


its in C:\qoobox
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
06-Sep-2010, 02:00 PM #13
I HOPE THIS IS THE RIGHT ONE, LET ME KNOW IF IT ISN'T. THANK YOU.

JOHNNIE. WALKER.
SENT AT 1:00PM
---------------------------------------------------------------------------------------------------
ComboFix 10-09-04.05 - Ayrian 09/05/2010 18:52:12.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2003.967 [GMT -4:00]
Running from: F:\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\SysWoW32
c:\programdata\SysWoW32\mu1488368228v4.kwd
c:\programdata\SysWoW32\mu1488368228v5.kwd
c:\programdata\SysWoW32\mu1488368228v6.kwd
c:\programdata\SysWoW32\mu1488368228v7.kwd
c:\programdata\SysWoW32\wu1488368228v0
c:\programdata\SysWoW32\wu1488368228v0.kwd
c:\programdata\SysWoW32\wu1488368228v1.kwd
c:\programdata\SysWoW32\wu1488368228v2.kwd
c:\programdata\SysWoW32\wu1488368228v3.kwd
c:\programdata\unrar.exe
c:\users\Ayrian\AppData\Local\{307DCBE9-EC1B-4131-BFB0-FD5335E34C07}
c:\users\Ayrian\AppData\Local\{307DCBE9-EC1B-4131-BFB0-FD5335E34C07}\chrome.manifest
c:\users\Ayrian\AppData\Local\{307DCBE9-EC1B-4131-BFB0-FD5335E34C07}\chrome\content\_cfg.js
c:\users\Ayrian\AppData\Local\{307DCBE9-EC1B-4131-BFB0-FD5335E34C07}\chrome\content\overlay.xul
c:\users\Ayrian\AppData\Local\{307DCBE9-EC1B-4131-BFB0-FD5335E34C07}\install.rdf
c:\users\Ayrian\AppData\Local\048102515610049.xxe
c:\users\Ayrian\AppData\Local\052575210198102.xxe
c:\users\Ayrian\AppData\Local\0535049569854.xxe
c:\users\Ayrian\AppData\Local\0569949489854.xxe
c:\users\Ayrian\AppData\Local\oxiyexam.dll_old
c:\users\Ayrian\AppData\Local\rdr_1275804485.exe
c:\users\Ayrian\AppData\Roaming\02000000c4c750b8891C.manifest
c:\users\Ayrian\AppData\Roaming\02000000c4c750b8891O.manifest
c:\users\Ayrian\AppData\Roaming\02000000c4c750b8891P.manifest
c:\users\Ayrian\AppData\Roaming\02000000c4c750b8891S.manifest
c:\users\Ayrian\AppData\Roaming\inst.exe
c:\users\Ayrian\AppData\Roaming\SystemProc
c:\users\Ayrian\AppData\Roaming\SystemProc\upd.exe
c:\windows\bk23567.dat
c:\windows\fdgg34353edfgdfdf
c:\windows\system32\certstore.dat
c:\windows\system32\winset.ini

.
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.

2010-09-05 05:43 . 2010-09-05 05:43 388096 ----a-r- c:\users\Ayrian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-05 05:43 . 2010-09-05 05:43 -------- d-----w- c:\program files\Trend Micro
2010-09-03 20:07 . 2010-09-03 20:07 -------- d-----w- c:\users\Ayrian\AppData\Roaming\GlarySoft
2010-09-03 03:35 . 2010-09-03 06:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-03 03:35 . 2010-09-03 03:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-03 03:19 . 2010-09-03 03:23 80767800 ----a-w- c:\programdata\PC Tools\DownloadManager\Spyware Doctor8.0\sdsetup_dl.exe
2010-09-03 03:19 . 2010-09-03 03:19 -------- d-----w- c:\programdata\PC Tools
2010-09-03 00:45 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-09-03 00:45 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-09-03 00:45 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-09-03 00:45 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-09-03 00:45 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-09-03 00:45 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-09-03 00:45 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-09-03 00:45 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-09-03 00:45 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-09-03 00:16 . 2010-02-23 18:04 1664256 ----a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-08-07 04:23 . 2010-08-07 04:23 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-07 04:22 . 2010-08-07 04:22 84480 ----a-w- c:\users\Ayrian\AppData\Roaming\SystemRequirementsLab\srlproxy_intel_4.1.66 .0A.dll
2010-08-07 04:22 . 2010-08-07 04:22 -------- d-----w- c:\users\Ayrian\AppData\Roaming\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 21:33 . 2009-04-30 07:59 -------- d-----w- c:\programdata\avg9
2010-09-03 07:07 . 2010-06-12 02:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-03 00:16 . 2009-04-30 19:25 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-08-07 01:55 . 2010-06-16 03:29 -------- d-----w- c:\programdata\IObit
2010-08-07 01:55 . 2010-06-12 03:40 -------- d-----w- c:\program files\IObit
2010-08-06 04:11 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-08-06 02:54 . 2009-07-13 23:12 710720 ----a-w- c:\windows\system32\drivers\NDIS.sys
2010-07-17 05:12 . 2010-06-08 01:22 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-17 05:11 . 2010-06-08 01:16 -------- d-----w- c:\programdata\DivX
2010-07-17 05:11 . 2010-06-08 01:16 -------- d-----w- c:\program files\DivX
2010-07-17 05:11 . 2010-06-08 01:20 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-07-17 05:08 . 2010-04-28 23:14 -------- d-----w- c:\program files\RegWork
2010-07-15 21:50 . 2010-06-12 03:40 -------- d-----w- c:\users\Ayrian\AppData\Roaming\IObit
2010-07-15 13:46 . 2009-04-30 19:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:46 . 2010-07-15 13:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:45 . 2009-04-30 19:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-11 05:43 . 2010-04-22 21:32 0 ----a-w- c:\users\Ayrian\AppData\Local\Tyalamufoye.dat
2010-07-10 07:42 . 2010-04-21 19:37 74032 ----a-w- c:\users\Ayrian\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-09 05:18 . 2010-04-22 21:32 0 ----a-w- c:\users\Ayrian\AppData\Local\Lqidowoziqipu.bin
2010-07-09 05:09 . 2010-07-09 05:09 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-07-09 05:08 . 2010-07-09 05:08 -------- d-----w- c:\program files\Microsoft.NET
2010-07-08 07:06 . 2010-07-08 07:06 0 ----a-w- c:\users\Ayrian\AppData\Roaming\wklnhst.dat
2010-06-27 23:46 . 2010-06-27 23:46 8603 ----a-w- c:\users\Ayrian\AppData\Local\obipafebocovofa.dll
2010-06-17 16:55 . 2010-06-17 14:45 112 ----a-w- c:\programdata\s4tu6mSK.dat
2010-06-12 05:30 . 2010-06-12 05:30 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-06-12 05:30 . 2010-06-12 05:30 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-12 05:29 . 2010-06-12 05:29 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-09 01:34 . 2010-06-09 01:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microso ft.MediaCenter.Sports.UI.dll
2010-06-09 01:33 . 2010-06-09 01:33 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2010-06-09 01:22 . 2010-06-09 01:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-09 01:22 . 2010-06-09 01:22 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 18:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Crokevafi
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rcefabuyudi

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 23:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-24 21:54 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 13112]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-03-16 17408]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-22 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
Contents of the 'Scheduled Tasks' folder

2010-07-26 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-06-23 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Ayrian\AppData\Roaming\Mozilla\Firefox\Profiles\i4ecvkvj.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{3BF7CEB6-B299-4F7F-A950-A561A273CA30} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,f9,12,d3,b7,2c,3b,40,95,66,f0, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,f9,12,d3,b7,2c,3b,40,95,66,f0, \

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-09-05 19:03:18
ComboFix-quarantined-files.txt 2010-09-05 23:03

Pre-Run: 53,715,591,168 bytes free
Post-Run: 53,388,693,504 bytes free

- - End Of File - - 13F8C05E49D197F250D005523A1C4EAE
Rorschach112's Avatar
Senior Member with 2,392 posts.
  
Join Date: Oct 2008
06-Sep-2010, 02:51 PM #14
why did you run combofix yourself before ?


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://forums.techguy.org/virus-other-malware-removal/947936-need-help-please.html

Collect::
c:\users\Ayrian\AppData\Local\Tyalamufoye.dat
c:\users\Ayrian\AppData\Local\Lqidowoziqipu.bin
c:\users\Ayrian\AppData\Local\obipafebocovofa.dll
c:\programdata\s4tu6mSK.dat

KillAll::

RenV::
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\DivX\DivX Update\DivXUpdate .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\QuickTime\QTTask .exe
Suspect::
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
__________________
I gotta hold on to my angst. I preserve it because I need it. It keeps me sharp, on the edge, where I gotta be.
johnnie_walker's Avatar
Computer Specs
Junior Member with 21 posts.
  
Join Date: Sep 2010
Experience: Beginner
06-Sep-2010, 03:03 PM #15
Yes, I have run ComboFix before. I did this when I was reading some of the posts. "Before I read, to not run programs unless, personally specified to do so", after I read the first post on the Virus and other malware page. I didn't alter or do anything, other than just run the program, and save the log file.

I still have the anti-virus program disabled as well.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools


Similar Threads
Title Thread Starter Forum Replies Last Post
hi guys ! i need help! please!!! Thetrixrabbit Multimedia 0 31-Mar-2010 06:37 AM
Windows Security Center Virus?? need help please rbucher1 Virus & Other Malware Removal 0 01-Mar-2010 11:05 AM
need help please kimberlys Windows XP 4 26-Feb-2010 01:39 PM
i need help king_shawn Windows XP 0 01-Dec-2008 10:05 PM
Help!!!!!!! Explorer.exe problem help!!! - MOVED THREAD NEEDING HELP brandonengell Virus & Other Malware Removal 11 04-Sep-2008 09:09 PM


Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:27 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.