1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Need Help On Resolving An Ad-Ware Problem

Discussion in 'Malware Removal Help' started by FloydPalmer, Nov 16, 2012.

  1. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    Just noticed in last few days that whenever I click on a link or try to visit another part of a forum that it brings up another tab with a link directed to www. ilitili. com which asks for answers to survey for a "prize".

    I started doing it once but stopped as I sensed it was too good to be true, now it seems to happen the odd time when clicking on a link or another access to a forum.

    I'm told it is an adware/malware (whichever one it is) problem. I've tried following some help steps in other tutorials but for one, I can't find the program on my Control Panel. Tried using CCLeaner but that brought up a whole host of things which I didn't have a clue which one was the ilitilli link.

    I've seen some manual self helps but I don't mind doing it but the gobble-de-gook and or lack of simple instructions make me uneasy doing so.

    ATM, I'm contemplating rebooting which I don't want to.

    Help needed!

    :)
     
  2. allheart55 (Cindy E)

    allheart55 (Cindy E) Administrator Administrator

    Joined:
    Jun 11, 2009
    Messages:
    10,518
    Location:
    Pennsylvania
    Operating System:
    Windows 10
    Computer Brand or Motherboard:
    ASUS M4A77TD AM3 AMD 770 ATX AMD
    CPU:
    AMD Phenom II X6 1090T-Thuban 3.2GHz
    Memory:
    Crucial-DDR3 SDRAM 1333-8GB
    Hard Drive:
    WD Caviar Black SE HDD 640 GB - WD Caviar Black SE HDD 500 GB
    Graphics Card:
    Sapphire Radeon HD-7870 2GB
    Power Supply:
    CORSAIR CMPSU-750W
    Hello FloydPalmer and Welcome to CHF,

    Please follow the instructions here.... Preparation for Malware removal help and copy
    and paste the results in your next reply. One of our Malware Removal Specialists will
    be along to assist you shortly.
     
  3. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi FloydPalmer,

    My name is etavares and I'll be helping to resolve this issue. Please follow the instructions in the link that allheart55 provided and I'll look over the logs and reply with further instructions.

    Thanks!
    -etavares
     
  4. BeeCeeBee

    BeeCeeBee ADMINISTRATOR IN MEMORY

    Joined:
    Apr 20, 2009
    Messages:
    7,201
    Location:
    New Jersey "Stronger than the Storm"
    Operating System:
    Windows 7
    I am moving this to Malware removal. Just a note to all members. Even if a post is in General Malware, once you see either Starbuck or etavares posting instructions please no longer reply in the thread even if it has not been moved. I have removed one members post upon moving the thread. There was nothing wrong with the removed post and it was technically within the rules.
     
  5. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    Hi, done as requested, thank you for looking into it!

    MBAM

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.16.08

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Aky :: AKY-PC [administrator]

    17/11/2012 21:54:31
    mbam-log-2012-11-17 (21-54-31).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 366856
    Time elapsed: 1 hour(s), 49 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    OTL EXTRAS

    OTL Extras logfile created on: 17/11/2012 23:47:45 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aky\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 55.10% Memory free
    5.73 Gb Paging File | 4.18 Gb Available in Paging File | 72.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 55.68 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 105.99 Gb Free Space | 95.01% Space Free | Partition Type: NTFS

    Computer Name: AKY-PC | User Name: Aky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01045638-67AA-4C00-AAD4-231B29388F3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{0438A32A-0F38-4D70-B1E1-89AA698EA739}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0A6AEA29-BBE0-44EC-B6CF-E4B7E996C056}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
    "{0AA84881-73A9-4E28-A17F-8FBFAE5F0F85}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{0CA5014B-92F4-4E79-8A29-931761B9EC97}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{1749C1BA-194F-4D20-B9B5-6413D0AD578E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{1B0FE3DF-E580-41E8-8A66-E044D4FA4DD6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{41BF4BA4-2FC3-497A-8180-A1166EC1228D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
    "{60E5BF07-9D04-4F76-A89F-86ED2541A1AC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{69268EA6-B62E-49A3-AAD6-87A3C71E8CA8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{71DF95A0-AA96-4037-8FE2-74B79BD8FD4E}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{75535D6A-9687-4DF6-93EF-E5ED227DF19E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{79EFB8D8-AEC0-428D-8082-A6D849650BF3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{7B3F7192-ADAA-4514-B883-7C1105754CB0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{7B6A87FC-782B-4789-A6F1-7868DBD83E99}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{7E615168-508F-4B3C-BD1A-8B9CC20059D0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{8560915A-8A9B-4A45-98FB-23EC8B3847B7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{8FEAE47F-2ACA-4598-A697-1A35ED6998C9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{922592A3-7289-436E-854B-151315F781F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{A99E25D4-F52A-4491-A860-843F4474678A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{ACBD494A-4F97-4160-A17B-C0256F7F0FEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{B6E029C5-C413-46C6-BBBA-02A7D4EC6B80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BC7DAD2F-D2AB-400B-9E25-A39A9C20E918}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{CDCD3487-AF04-4133-8173-B961BFDBB29E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{E38097F4-93A0-47E8-B3A3-B2D9BA926FCD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{EAB4B7C0-1732-49AC-BF52-028AF4377546}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F676CB8B-EEAA-456C-9910-DCAE6B388624}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{FCE28476-5788-4BC9-8AE6-52804B86D2D0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06396923-449E-4881-DB30-9677EBFBE5ED}" = Catalyst Control Center Localization Dutch
    "{0AD7E761-CDD9-79AD-6C0F-2CE53F7277DB}" = Catalyst Control Center Localization Japanese
    "{0CAA0BF0-293D-32E7-BF40-99C26947B3B6}" = CCC Help Greek
    "{0D0256AB-54EF-414E-A6D9-896610EBAB70}" = Catalyst Control Center Localization Thai
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{16A31107-6828-ED37-8551-37888EA51D85}" = Catalyst Control Center Localization Chinese Standard
    "{18855F72-E9B6-74C7-67DC-86CA6D775554}" = CCC Help Swedish
    "{1D801B9D-9473-2001-2FB4-875F75C5CFFA}" = Catalyst Control Center Localization French
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{265B1C1D-9BD0-A416-D5FE-0710AC0A9592}" = CCC Help Italian
    "{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager
    "{33D8205B-9118-D20E-F94A-4B467BB46289}" = Catalyst Control Center Localization Chinese Traditional
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
    "{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
    "{4684B4D7-A90A-028E-F300-7C96761B1287}" = CCC Help Chinese Traditional
    "{468789CE-4A7C-F9C8-9DB9-6F32827F1721}" = CCC Help Danish
    "{5122D45F-16C5-6E6C-4509-4EE321E8A45F}" = Catalyst Control Center Localization Finnish
    "{5735B860-F404-20E5-2C4A-2108AFDF7DAB}" = CCC Help Polish
    "{573CE82D-3BA8-1D84-9F59-87DD11EAFB79}" = CCC Help Norwegian
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{591137F5-39FD-BFEF-FA09-181F0FA9B9EF}" = CCC Help Hungarian
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB587B5-8FAE-55F2-DB26-5A83234E3FDC}" = CCC Help Japanese
    "{60C85C96-8D91-58AF-E5D0-4C53A0ACEE78}" = Catalyst Control Center Localization Polish
    "{613D098B-93C6-A2DE-5319-FF7D2229DB2B}" = CCC Help German
    "{67DEBF39-8470-344D-6332-969307D41805}" = CCC Help Chinese Standard
    "{687BD5FD-DC50-A653-9022-A7113D50B331}" = CCC Help Korean
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{781B8114-9EFF-BFF5-B7F7-7DCFE5571218}" = Catalyst Control Center Localization German
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7CAE5047-9916-477F-283A-8E994DFAAD21}" = Catalyst Control Center Localization Spanish
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
    "{849C1158-7421-893E-8E33-4312F49C1ADF}" = Catalyst Control Center Localization Greek
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
    "{8EA318FC-D486-57D6-2A25-6BD247FA99DB}" = Catalyst Control Center Localization Norwegian
    "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{925150D7-0CC2-D6DF-6066-3784CE22CEE7}" = Catalyst Control Center Localization Korean
    "{966DE944-348D-01B7-F9B7-0F0D696F4076}" = Catalyst Control Center Localization Swedish
    "{99F8744D-211D-42D9-CA25-1029F8E0912B}" = Catalyst Control Center Localization Portuguese
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C3FA7FD-9B70-C526-FA63-162783E1060D}" = CCC Help Portuguese
    "{9D6271F2-6F0A-A259-085B-5BBD4F05A33E}" = Catalyst Control Center Localization Hungarian
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A2694396-5508-3DB0-5308-7E6768DD7896}" = Catalyst Control Center Localization Turkish
    "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A5FDB0FC-8DD0-E5D4-E031-922AE876403A}" = CCC Help Turkish
    "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
    "{A79E4110-0087-E8AE-BD4F-A1883B2FD357}" = CCC Help French
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{B316A8CE-F7F6-C99A-C41D-369A7CD33FC6}" = Catalyst Control Center Localization Danish
    "{B44695F8-959E-95EC-F3AC-F734C9DC6DAE}" = Catalyst Control Center Localization Italian
    "{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static
    "{C0A1C9D6-9AC7-5B5A-6C25-B8FBC478BA8A}" = CCC Help Russian
    "{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New
    "{C83127E6-697A-7EEC-D53D-C089610D7F4A}" = CCC Help Dutch
    "{C91E74DA-8852-D2BB-B3A2-60A9202E1732}" = CCC Help Thai
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAC9E80B-7515-0DB9-40BB-09B3703D90BB}" = Catalyst Control Center Localization Russian
    "{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DCD2B7EA-5452-DD3E-D008-2320C06862DB}" = CCC Help Finnish
    "{DE5EB975-946C-4ADF-ABCC-3609BCEBF978}" = AVG 2013
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
    "{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech
    "{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility
    "{F42D4CA6-E811-C8DA-D607-4F8A510D7953}" = CCC Help Spanish
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2013
    "AVG Secure Search" = AVG Security Toolbar
    "CamStudio" = CamStudio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
    "E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    "ERUNT_is1" = ERUNT 1.1j
    "GridVista" = Acer GridVista
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
    "Nokia PC Suite" = Nokia PC Suite
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 2.0.1

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "NetAssistant" = NetAssistant for Firefox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/11/2012 19:50:47 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/11/2012 19:50:47 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7519

    Error - 11/11/2012 19:50:47 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7519

    Error - 11/11/2012 19:50:49 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/11/2012 19:50:49 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9079

    Error - 11/11/2012 19:50:49 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9079

    Error - 11/11/2012 19:50:50 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/11/2012 19:50:50 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10109

    Error - 11/11/2012 19:50:50 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10109

    Error - 11/11/2012 21:12:31 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ System Events ]
    Error - 16/11/2012 17:12:09 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:27:30 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/11/2012 17:27:30 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:27:30 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:31:52 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:47:11 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/11/2012 17:47:11 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 20:41:26 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 17/11/2012 17:44:17 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 17/11/2012 17:44:17 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =


    < End of report >

    OTL OTL

    OTL Extras logfile created on: 17/11/2012 23:47:45 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aky\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 55.10% Memory free
    5.73 Gb Paging File | 4.18 Gb Available in Paging File | 72.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 55.68 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 105.99 Gb Free Space | 95.01% Space Free | Partition Type: NTFS

    Computer Name: AKY-PC | User Name: Aky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01045638-67AA-4C00-AAD4-231B29388F3F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{0438A32A-0F38-4D70-B1E1-89AA698EA739}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{0A6AEA29-BBE0-44EC-B6CF-E4B7E996C056}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
    "{0AA84881-73A9-4E28-A17F-8FBFAE5F0F85}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{0CA5014B-92F4-4E79-8A29-931761B9EC97}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{1749C1BA-194F-4D20-B9B5-6413D0AD578E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{1B0FE3DF-E580-41E8-8A66-E044D4FA4DD6}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{41BF4BA4-2FC3-497A-8180-A1166EC1228D}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
    "{60E5BF07-9D04-4F76-A89F-86ED2541A1AC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{69268EA6-B62E-49A3-AAD6-87A3C71E8CA8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{71DF95A0-AA96-4037-8FE2-74B79BD8FD4E}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{75535D6A-9687-4DF6-93EF-E5ED227DF19E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{79EFB8D8-AEC0-428D-8082-A6D849650BF3}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{7B3F7192-ADAA-4514-B883-7C1105754CB0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
    "{7B6A87FC-782B-4789-A6F1-7868DBD83E99}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{7E615168-508F-4B3C-BD1A-8B9CC20059D0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{8560915A-8A9B-4A45-98FB-23EC8B3847B7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{8FEAE47F-2ACA-4598-A697-1A35ED6998C9}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{922592A3-7289-436E-854B-151315F781F6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{A99E25D4-F52A-4491-A860-843F4474678A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{ACBD494A-4F97-4160-A17B-C0256F7F0FEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
    "{B6E029C5-C413-46C6-BBBA-02A7D4EC6B80}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{BC7DAD2F-D2AB-400B-9E25-A39A9C20E918}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{CDCD3487-AF04-4133-8173-B961BFDBB29E}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
    "{E38097F4-93A0-47E8-B3A3-B2D9BA926FCD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{EAB4B7C0-1732-49AC-BF52-028AF4377546}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F676CB8B-EEAA-456C-9910-DCAE6B388624}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
    "{FCE28476-5788-4BC9-8AE6-52804B86D2D0}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{06396923-449E-4881-DB30-9677EBFBE5ED}" = Catalyst Control Center Localization Dutch
    "{0AD7E761-CDD9-79AD-6C0F-2CE53F7277DB}" = Catalyst Control Center Localization Japanese
    "{0CAA0BF0-293D-32E7-BF40-99C26947B3B6}" = CCC Help Greek
    "{0D0256AB-54EF-414E-A6D9-896610EBAB70}" = Catalyst Control Center Localization Thai
    "{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
    "{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{16A31107-6828-ED37-8551-37888EA51D85}" = Catalyst Control Center Localization Chinese Standard
    "{18855F72-E9B6-74C7-67DC-86CA6D775554}" = CCC Help Swedish
    "{1D801B9D-9473-2001-2FB4-875F75C5CFFA}" = Catalyst Control Center Localization French
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{265B1C1D-9BD0-A416-D5FE-0710AC0A9592}" = CCC Help Italian
    "{27C9470C-2077-F4AD-8921-9504D1B9BC83}" = Catalyst Control Center Graphics Light
    "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
    "{3066F7B1-5918-4E18-292B-1153283E2CC3}" = ATI Catalyst Install Manager
    "{33D8205B-9118-D20E-F94A-4B467BB46289}" = Catalyst Control Center Localization Chinese Traditional
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
    "{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
    "{4684B4D7-A90A-028E-F300-7C96761B1287}" = CCC Help Chinese Traditional
    "{468789CE-4A7C-F9C8-9DB9-6F32827F1721}" = CCC Help Danish
    "{5122D45F-16C5-6E6C-4509-4EE321E8A45F}" = Catalyst Control Center Localization Finnish
    "{5735B860-F404-20E5-2C4A-2108AFDF7DAB}" = CCC Help Polish
    "{573CE82D-3BA8-1D84-9F59-87DD11EAFB79}" = CCC Help Norwegian
    "{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
    "{591137F5-39FD-BFEF-FA09-181F0FA9B9EF}" = CCC Help Hungarian
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AB587B5-8FAE-55F2-DB26-5A83234E3FDC}" = CCC Help Japanese
    "{60C85C96-8D91-58AF-E5D0-4C53A0ACEE78}" = Catalyst Control Center Localization Polish
    "{613D098B-93C6-A2DE-5319-FF7D2229DB2B}" = CCC Help German
    "{67DEBF39-8470-344D-6332-969307D41805}" = CCC Help Chinese Standard
    "{687BD5FD-DC50-A653-9022-A7113D50B331}" = CCC Help Korean
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73B5C7D2-30E4-5522-52BC-89677DFD8E32}" = Catalyst Control Center InstallProxy
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{781B8114-9EFF-BFF5-B7F7-7DCFE5571218}" = Catalyst Control Center Localization German
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79866648-18CB-4C93-F124-31AFE54F9A9D}" = Catalyst Control Center Core Implementation
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7CAE5047-9916-477F-283A-8E994DFAAD21}" = Catalyst Control Center Localization Spanish
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{802F0F4E-A0A5-4E4D-9D7B-1933913EF7B6}" = Catalyst Control Center - Branding
    "{849C1158-7421-893E-8E33-4312F49C1ADF}" = Catalyst Control Center Localization Greek
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Client 1.10.01
    "{8EA318FC-D486-57D6-2A25-6BD247FA99DB}" = Catalyst Control Center Localization Norwegian
    "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
    "{90C26DA5-6780-0E5F-BC97-CAA7B5727E86}" = Catalyst Control Center Graphics Full Existing
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
    "{925150D7-0CC2-D6DF-6066-3784CE22CEE7}" = Catalyst Control Center Localization Korean
    "{966DE944-348D-01B7-F9B7-0F0D696F4076}" = Catalyst Control Center Localization Swedish
    "{99F8744D-211D-42D9-CA25-1029F8E0912B}" = Catalyst Control Center Localization Portuguese
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C3FA7FD-9B70-C526-FA63-162783E1060D}" = CCC Help Portuguese
    "{9D6271F2-6F0A-A259-085B-5BBD4F05A33E}" = Catalyst Control Center Localization Hungarian
    "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
    "{A2694396-5508-3DB0-5308-7E6768DD7896}" = Catalyst Control Center Localization Turkish
    "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{A5FDB0FC-8DD0-E5D4-E031-922AE876403A}" = CCC Help Turkish
    "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
    "{A79E4110-0087-E8AE-BD4F-A1883B2FD357}" = CCC Help French
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
    "{B316A8CE-F7F6-C99A-C41D-369A7CD33FC6}" = Catalyst Control Center Localization Danish
    "{B44695F8-959E-95EC-F3AC-F734C9DC6DAE}" = Catalyst Control Center Localization Italian
    "{C08A4D67-6837-5097-CC0C-B5DFD60630B9}" = ccc-core-static
    "{C0A1C9D6-9AC7-5B5A-6C25-B8FBC478BA8A}" = CCC Help Russian
    "{C34686CD-A03B-1B48-8085-341CD632C0BC}" = Catalyst Control Center Graphics Full New
    "{C83127E6-697A-7EEC-D53D-C089610D7F4A}" = CCC Help Dutch
    "{C91E74DA-8852-D2BB-B3A2-60A9202E1732}" = CCC Help Thai
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAC9E80B-7515-0DB9-40BB-09B3703D90BB}" = Catalyst Control Center Localization Russian
    "{CD4D90B4-CC18-C176-B261-8BA8D5F644AB}" = CCC Help Czech
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DCD2B7EA-5452-DD3E-D008-2320C06862DB}" = CCC Help Finnish
    "{DE5EB975-946C-4ADF-ABCC-3609BCEBF978}" = AVG 2013
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E7E36B90-24D7-E382-CEFB-6F293A2302F6}" = CCC Help English
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F38FD0E4-B991-462B-873D-F2115EADD093}" = Nokia PC Suite
    "{F3E29994-EE0A-C417-7FDE-902B1D722460}" = Catalyst Control Center Localization Czech
    "{F420F5B3-677A-779E-AEEC-81A00ED373FE}" = ccc-utility
    "{F42D4CA6-E811-C8DA-D607-4F8A510D7953}" = CCC Help Spanish
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "6DA48AFDE796708D5A4C9121A83E7617A63A9A15" = Windows Driver Package - Nokia Modem (10/07/2010 4.6)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AVG" = AVG 2013
    "AVG Secure Search" = AVG Security Toolbar
    "CamStudio" = CamStudio
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
    "E5372C32E8562C76C24DBA6525002B1031495F34" = Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
    "ERUNT_is1" = ERUNT 1.1j
    "GridVista" = Acer GridVista
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 9.0.1 (x86 en-GB)" = Mozilla Firefox 9.0.1 (x86 en-GB)
    "Nokia PC Suite" = Nokia PC Suite
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VLC media player" = VLC media player 2.0.1

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "NetAssistant" = NetAssistant for Firefox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 11/11/2012 19:50:47 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/11/2012 19:50:47 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7519

    Error - 11/11/2012 19:50:47 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7519

    Error - 11/11/2012 19:50:49 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/11/2012 19:50:49 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9079

    Error - 11/11/2012 19:50:49 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9079

    Error - 11/11/2012 19:50:50 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/11/2012 19:50:50 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10109

    Error - 11/11/2012 19:50:50 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10109

    Error - 11/11/2012 21:12:31 | Computer Name = Aky-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ System Events ]
    Error - 16/11/2012 17:12:09 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:27:30 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/11/2012 17:27:30 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:27:30 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:31:52 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 17:47:11 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 16/11/2012 17:47:11 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 16/11/2012 20:41:26 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =

    Error - 17/11/2012 17:44:17 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 17/11/2012 17:44:17 | Computer Name = Aky-PC | Source = Service Control Manager | ID = 7006
    Description =


    < End of report >


    ASW

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-18 00:22:30
    -----------------------------
    00:22:30.398 OS Version: Windows 6.0.6002 Service Pack 2
    00:22:30.398 Number of processors: 2 586 0x301
    00:22:30.398 ComputerName: AKY-PC UserName: Aky
    00:22:32.723 Initialize success
    00:22:45.879 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
    00:22:45.879 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 8
    00:22:45.942 Disk 0 MBR read successfully
    00:22:45.957 Disk 0 MBR scan
    00:22:45.957 Disk 0 unknown MBR code
    00:22:45.973 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
    00:22:46.004 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114243 MB offset 20482048
    00:22:46.035 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 114230 MB offset 254451712
    00:22:46.051 Disk 0 scanning sectors +488394752
    00:22:46.145 Disk 0 scanning C:\Windows\system32\drivers
    00:22:53.571 Service scanning
    00:23:09.592 Modules scanning
    00:23:16.722 Disk 0 trace - called modules:
    00:23:16.768 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys ahcix86s.sys dxgkrnl.sys atikmdag.sys tcpip.sys NETIO.SYS
    00:23:17.283 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8653cac8]
    00:23:17.299 3 CLASSPNP.SYS[89bab8b3] -> nt!IofCallDriver -> [0x858cf850]
    00:23:17.330 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\00000065[0x852e3a30]
    00:23:17.361 Scan finished successfully
    00:23:27.534 Disk 0 MBR has been saved successfully to "C:\Users\Aky\Desktop\MBR.dat"
    00:23:27.550 The log file has been saved successfully to "C:\Users\Aky\Desktop\aswMBR.txt"
     
  6. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi FloydPalmer,

    Please click STart --> type add or remove programs and press Enter.
    Select NetAssistant for Firefox and uninstall...that's adware.

    Then please reboot.

    Next, please run OTL again as before. Please post OTL.txt...it was missing in the last log. Please do run it again versus just posting the old log.

    Are the redirects happening in all browsers? Or just Internet Explorer? Or just FIrefox?

    -etavares
     
  7. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    Just to clarify the American/UK terminology isn't misconstrued, but by reboot, you wanting me to A) Close and re-start Firefox B) Turn laptop off and back on C)COMPLETELY reboot? lolUninstalled Net Assistant, doing the relevant search on OTL now.I hardly use IE, haven't done so in ages, but used it abit now and didn't come up with the adware link.
     
  8. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    OTL logfile created on: 18/11/2012 19:05:57 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aky\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 56.12% Memory free
    5.74 Gb Paging File | 4.32 Gb Available in Paging File | 75.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 54.94 Gb Free Space | 49.24% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 105.99 Gb Free Space | 95.01% Space Free | Partition Type: NTFS

    Computer Name: AKY-PC | User Name: Aky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Aky\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
    PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    PRC - C:\Acer\Mobility Center\MobilityService.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f6525d01b5cfcafeea3997aafc54d5d1\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7584733b0bfcbe669ea38a81b914a83a\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\739c5209c3538b3457c2f8f9ad196cbb\System.Xaml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\79f3661da2402c72b0bba0de1e55f4d1\Accessibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\960b6130c64f21d8f5d8d3eb183ae660\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6053166746abce42f4c4432e0ec54fc7\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\947466e2a04c48c43a8b255eb236ba71\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4a2b56d6031270f0fcf7388e4d787333\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e46c644e0ef0456434b32f3e91b56424\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ff1ceec110e2983a75c2c21f50274ac2\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9d1f9ff307e93bb9929b2b11661623cb\System.Core.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\20ce3ca371acfbe996c6a21b5469992d\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\aaf8a137263c899815f0acff07eb1562\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\031abbfbd476fdc0c392160b67f2c662\mscorlib.ni.dll ()
    MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
    MOD - C:\Users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll ()
    MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3097.37069__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3097.37130__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3097.37107__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3097.37090__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3097.37114__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3097.37332__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3097.37287__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3097.37237__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3097.37372__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3097.37379__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3097.37084__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3097.37306__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3097.37093__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3097.37137__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3097.37278__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3097.37153__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3097.37238__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3097.37277__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3097.37359__90ba9c70f846762e\MOM.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3097.37396__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
    MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3097.37411__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3097.37059__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3097.37100__90ba9c70f846762e\CLI.Component.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3097.37356__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3097.37062__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3097.37060__90ba9c70f846762e\CLI.Component.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3097.37077__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3097.37061__90ba9c70f846762e\ATIDEMOS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3097.37057__90ba9c70f846762e\APM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3097.37358__90ba9c70f846762e\CCC.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3097.37058__90ba9c70f846762e\AEM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
    MOD - C:\Windows\System32\atitmmxx.dll ()
    MOD - C:\Windows\System32\SysHook.dll ()
    MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
    MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
    MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
    MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


    ========== Services (SafeList) ==========

    SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
    DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
    DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
    DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
    DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
    DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
    DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
    DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
    DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
    DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
    DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
    DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID= 112050&babsrc=HP_ss&mntrId=5a00335700000000000000234e6f9479
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID= 112050&babsrc=SP_ss&mntrId=5a00335700000000000000234e6f9479
    IE - HKCU\..\SearchScopes\{757AC380-0FDC-4DA8-AF7A-E94E5D962E33}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E379B2AB-F5B6-4E68-9DE8-8D6351C48198}&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&lang=en&ds=AVG&pr=fr&d=2012-09-29 20:34:59&v=12.2.5.34&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110519,16932,0,19,0"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoomail.com/"
    FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
    FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:13.2.0.5
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B0a71d742-943a-41f3-8505-07e337de002e%7D&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-29%2020%3A34%3A59&sap=ku&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:27:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 22:55:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/04/23 20:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Extensions
    [2012/11/14 16:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions
    [2011/05/02 21:01:05 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions\plugin@yontoo.com
    [2012/11/14 16:49:31 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2011/05/06 20:35:29 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2011/04/23 20:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/11/08 20:27:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5
    [2011/04/26 18:51:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/01/12 22:55:17 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/01/12 22:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/11/08 20:27:00 | 000,003,572 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/04/19 18:03:48 | 000,002,314 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/01/12 22:55:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/12 22:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/01/12 22:55:13 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/01/12 22:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4 - HKLM..\Run: [eRecoveryService] File not found
    O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe File not found
    O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
    O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
    O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
    O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
    O4 - HKCU..\Run: [Startw3i] C:\Program Files\PC Speed Maximizer\Startw3i.exe File not found
    O4 - Startup: C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
    O4 - Startup: C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{580CFBD5-DEEF-445C-AA1D-2C41A2412BF5}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAF7D1EC-25F8-482E-B66D-42E0FF000732}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/17 21:57:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Aky\Desktop\aswMBR.exe
    [2012/11/17 21:56:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aky\Desktop\OTL.exe
    [2012/11/17 21:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/11/17 21:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/11/17 21:47:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Aky\Desktop\erunt-setup.exe
    [2012/11/16 18:59:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/11/16 18:59:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/11/16 18:59:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/11/16 18:59:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/11/16 18:59:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/11/16 18:59:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/11/16 18:59:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/11/16 18:59:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/11/16 01:19:55 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
    [2012/11/16 01:12:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/11/08 17:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/10/22 13:02:46 | 000,179,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/11/18 19:01:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2012/11/18 19:00:45 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/18 19:00:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/18 19:00:43 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/18 19:00:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/18 19:00:31 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/18 18:26:10 | 000,000,680 | ---- | M] () -- C:\Users\Aky\AppData\Local\d3d9caps.dat
    [2012/11/18 01:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/18 00:23:27 | 000,000,512 | ---- | M] () -- C:\Users\Aky\Desktop\MBR.dat
    [2012/11/17 21:57:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Aky\Desktop\aswMBR.exe
    [2012/11/17 21:56:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aky\Desktop\OTL.exe
    [2012/11/17 21:49:28 | 000,000,917 | ---- | M] () -- C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/11/17 21:49:05 | 000,000,718 | ---- | M] () -- C:\Users\Aky\Desktop\ERUNT.lnk
    [2012/11/17 21:48:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Aky\Desktop\erunt-setup.exe
    [2012/11/16 19:40:48 | 000,296,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/11/16 19:17:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/11/16 19:17:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/11/16 01:38:09 | 052,527,232 | ---- | M] () -- C:\Users\Aky\Desktop\vox_20121115_low.mp3
    [2012/11/08 20:26:55 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2012/11/08 17:27:08 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys

    ========== Files Created - No Company Name ==========

    [2012/11/18 18:26:10 | 000,000,680 | ---- | C] () -- C:\Users\Aky\AppData\Local\d3d9caps.dat
    [2012/11/18 00:23:27 | 000,000,512 | ---- | C] () -- C:\Users\Aky\Desktop\MBR.dat
    [2012/11/17 21:49:28 | 000,000,917 | ---- | C] () -- C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/11/17 21:49:05 | 000,000,718 | ---- | C] () -- C:\Users\Aky\Desktop\ERUNT.lnk
    [2012/11/16 21:00:26 | 2951,135,232 | -HS- | C] () -- C:\hiberfil.sys
    [2012/11/16 01:33:49 | 052,527,232 | ---- | C] () -- C:\Users\Aky\Desktop\vox_20121115_low.mp3
    [2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011/06/10 17:05:32 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
    [2011/06/10 17:05:32 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2011/06/10 17:05:32 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
    [2011/06/10 17:05:32 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
    [2011/04/30 18:29:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/04/30 18:29:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/24 03:31:07 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
    [2011/04/24 03:26:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/04/24 03:25:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2011/04/24 03:25:37 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2011/04/24 03:25:36 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/04/24 03:25:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2011/04/24 02:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/04/23 19:47:21 | 000,022,016 | ---- | C] () -- C:\Users\Aky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/23 19:18:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/04/23 19:08:03 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
    [2011/04/23 19:03:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2011/04/23 18:58:04 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2011/04/23 18:58:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2011/04/23 18:58:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2011/04/23 18:58:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/06/24 16:04:37 | 000,000,000 | -HSD | M] -- C:\Users\Aky\AppData\Roaming\.#
    [2008/08/20 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Acer GameZone Console
    [2012/06/21 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Audacity
    [2012/09/29 19:38:11 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\AVG2013
    [2012/04/19 18:03:29 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Babylon
    [2011/10/21 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/04/19 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\BSplayer
    [2012/04/19 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\BSplayer Pro
    [2011/05/06 21:38:52 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\eSobi
    [2011/08/12 19:05:22 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Nokia
    [2011/04/28 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\PC Suite
    [2011/05/02 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\RegistryKeys
    [2012/06/05 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Samsung
    [2012/09/29 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: SCSI
    Media Type: Fixed hard disk media
    Model: WDC WD25 00BEVT-22ZCT0 SCSI Disk Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 10.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 112.00GB
    Starting Offset: 10486808576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 112.00GB
    Starting Offset: 130279276544
    Hidden sectors: 0


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/02/10 23:06:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/12/05 20:31:38 | 000,000,043 | ---- | M] () -- C:\END
    [2012/11/18 19:00:31 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/18 19:00:27 | 3264,933,888 | -HS- | M] () -- C:\pagefile.sys
    [2008/10/31 02:49:08 | 000,002,955 | -HS- | M] () -- C:\Patch.rev
    [2008/08/21 00:17:36 | 000,000,146 | RHS- | M] () -- C:\preload.rev
    [2011/04/23 19:00:39 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
    [2012/04/19 18:03:59 | 000,000,238 | ---- | M] () -- C:\user.js

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\* >
    [2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/12 22:55:13 | 000,715,216 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/12 22:55:13 | 000,715,216 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/12 22:55:13 | 000,715,216 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/12 22:55:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/12 22:55:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/12 22:55:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/07/27 21:52:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/07/27 21:52:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/07/27 21:52:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/01/12 22:55:13 | 000,715,216 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/01/12 22:55:13 | 000,715,216 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/01/12 22:55:13 | 000,715,216 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/01/12 22:55:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/01/12 22:55:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/01/12 22:55:16 | 000,924,632 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/07/27 21:52:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/07/27 21:52:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/07/27 21:52:57 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FEBEC560
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
    @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8

    < End of report >
     
  9. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, .
    Reboot to me means to shut down windows, power off the computer and restart the computer. :)





    Step 1

    We need run an OTL Script
    1. Please download OTL from one of the following mirrors if you do not still have it.
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Paste the following code under the Custom Scans/Fixes box at the bottom.
      Code:
      :OTL
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID= 112050&babsrc=HP_ss&mntrId=5a00335700000000000000234e6f9479
      IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...chTerms}&affID= 112050&babsrc=SP_ss&mntrId=5a00335700000000000000234e6f9479
      FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
      [2012/04/19 18:03:48 | 000,002,314 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKLM..\Run: [eRecoveryService]  File not found
      O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe"  /DoAction File not found
      O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe File not found
      O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
      O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
      O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
      O4 - HKCU..\Run: [Startw3i] C:\Program Files\PC Speed Maximizer\Startw3i.exe File not found
      O4 - Startup: C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk =  File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
      @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EC2246A6
      @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C95B63DA
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FEBEC560
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4CF61E54
      @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:3E7393FC
      @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:580E04D8
      :files
      C:\Users\Aky\AppData\Roaming\Babylon
      
      
    5. Click the Run Fix button at the top.
    6. let the program run unhindered and reboot when it is done.
    7. You will get a log when it is done, please post that in your reply.
    8. Please then create a new OTL report....
    9. Click the "Scan All Users" checkbox.
    10. Push the [​IMG] button.
    11. A report will open, copy and paste it in a reply here.



    Step 2

    1. Download TDSSKiller.exe and save it to your desktop.
    2. Double-click TDSSKiller.exe to run it.
    3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
    4. Click Start scan and allow it to scan for Malicious objects.
    5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
    7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
    9. If no reboot is required, click on Report. A log file should appear.
    10. Please post the contents of the logfile in your next reply

    etavares
     
  10. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    ========== OTL ==========
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
    C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PLFSetL deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_roc_dec12 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesAirMessage deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Startw3i deleted successfully.
    C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found not found.
    ADS C:\ProgramData\TEMP:EC2246A6 deleted successfully.
    ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
    ADS C:\ProgramData\TEMP:FEBEC560 deleted successfully.
    ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
    ADS C:\ProgramData\TEMP:3E7393FC deleted successfully.
    ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
    ========== FILES ==========
    C:\Users\Aky\AppData\Roaming\Babylon folder moved successfully.



    OTL by OldTimer - Version 3.2.69.0 log created on 11182012_205718



    OTL logfile created on: 18/11/2012 20:58:59 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Aky\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 59.12% Memory free
    5.74 Gb Paging File | 4.28 Gb Available in Paging File | 74.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.57 Gb Total Space | 53.96 Gb Free Space | 48.37% Space Free | Partition Type: NTFS
    Drive D: | 111.55 Gb Total Space | 105.99 Gb Free Space | 95.01% Space Free | Partition Type: NTFS

    Computer Name: AKY-PC | User Name: Aky | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Aky\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
    PRC - C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
    PRC - C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer)
    PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    PRC - C:\Acer\Mobility Center\MobilityService.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\79f3661da2402c72b0bba0de1e55f4d1\Accessibility.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll ()
    MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
    MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3097.37069__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3097.37130__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3097.37107__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3097.37090__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3097.37114__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3097.37332__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3097.37287__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3097.37237__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3097.37372__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3097.37379__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3097.37084__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3097.37306__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3097.37093__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3097.37137__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3097.37278__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3097.37153__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3097.37238__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3097.37239__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3097.37277__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3091.17980__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3091.17961__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3091.17978__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3091.18004__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3091.17954__90ba9c70f846762e\LOG.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3091.17956__90ba9c70f846762e\NEWAEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3091.17981__90ba9c70f846762e\DEM.OS.I0602.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3091.17977__90ba9c70f846762e\MOM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3091.17980__90ba9c70f846762e\DEM.OS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3091.17981__90ba9c70f846762e\DEM.Graphics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3091.17957__90ba9c70f846762e\CLI.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3091.18035__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3091.17968__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3091.17961__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3091.17967__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3091.17987__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3091.17993__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3091.18001__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3091.17992__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3091.17976__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3091.17982__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3091.17983__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3091.17990__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3091.17979__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3091.17977__90ba9c70f846762e\APM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3091.17968__90ba9c70f846762e\AEM.Server.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3097.37359__90ba9c70f846762e\MOM.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3097.37396__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3091.17963__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
    MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3097.37411__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3097.37059__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3097.37100__90ba9c70f846762e\CLI.Component.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3097.37356__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3097.37062__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3097.37060__90ba9c70f846762e\CLI.Component.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3091.17979__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3091.17961__90ba9c70f846762e\CLI.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3091.17965__90ba9c70f846762e\LOG.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3091.17978__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3091.17977__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3097.37077__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3097.37061__90ba9c70f846762e\ATIDEMOS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3097.37057__90ba9c70f846762e\APM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3091.17970__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3097.37358__90ba9c70f846762e\CCC.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3091.17977__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3091.17993__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3097.37058__90ba9c70f846762e\AEM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3006.0__739b31b1908c49e5\Framework.UIComponent.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3006.0__3036420f80dd6947\Framework.Library.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3006.0__4df5dcab8860d239\Framework.Utility.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3006.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()
    MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()
    MOD - C:\Windows\System32\atitmmxx.dll ()
    MOD - C:\Windows\System32\SysHook.dll ()
    MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll ()
    MOD - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
    MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
    MOD - C:\Program Files\Launch Manager\PowerUtl.dll ()


    ========== Services (SafeList) ==========

    SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
    SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
    SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
    SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
    DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
    DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
    DRV - (ssadserd) -- C:\Windows\System32\drivers\ssadserd.sys (MCCI Corporation)
    DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
    DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
    DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
    DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
    DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
    DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
    DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)
    DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
    DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
    DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
    DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
    DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


    ========== Standard Registry (All) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\..\SearchScopes\{757AC380-0FDC-4DA8-AF7A-E94E5D962E33}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_en
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E379B2AB-F5B6-4E68-9DE8-8D6351C48198}&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&lang=en&ds=AVG&pr=fr&d=2012-09-29 20:34:59&v=12.2.5.34&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.order.2: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110519,16932,0,19,0"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoomail.com/"
    FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
    FF - prefs.js..extensions.enabledAddons: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
    FF - prefs.js..extensions.enabledAddons: {20a82645-c095-46ed-80e3-08825760534b}:0.0.0
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:13.2.0.5
    FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1
    FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7B0a71d742-943a-41f3-8505-07e337de002e%7D&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-29%2020%3A34%3A59&sap=ku&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/04/26 18:51:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:27:16 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/12 22:55:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/04/23 20:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Extensions
    [2012/11/14 16:49:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions
    [2011/05/02 21:01:05 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions\plugin@yontoo.com
    [2012/11/14 16:49:31 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    [2011/05/06 20:35:29 | 000,016,192 | ---- | M] () (No name found) -- C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
    [2011/04/23 20:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/12 22:55:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012/11/08 20:27:16 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5
    [2011/04/26 18:51:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/01/12 22:55:17 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/01/12 22:55:13 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/11/08 20:27:00 | 000,003,572 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/01/12 22:55:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/01/12 22:55:13 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/01/12 22:55:13 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/01/12 22:55:13 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2012/01/12 22:55:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2012/01/12 22:55:13 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
    [2011/05/02 21:04:21 | 000,000,863 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahoo.xml

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
    O3 - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
    O4 - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
    O4 - HKU\S-1-5-21-2348374830-1884495636-3650376586-1000..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
    O4 - Startup: C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
    O4 - Startup: C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{580CFBD5-DEEF-445C-AA1D-2C41A2412BF5}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAF7D1EC-25F8-482E-B66D-42E0FF000732}: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
    O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Aky\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/18 20:57:18 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/11/18 20:51:37 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Aky\Desktop\tdsskiller.exe
    [2012/11/17 21:57:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Aky\Desktop\aswMBR.exe
    [2012/11/17 21:56:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Aky\Desktop\OTL.exe
    [2012/11/17 21:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/11/17 21:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2012/11/17 21:47:52 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Aky\Desktop\erunt-setup.exe
    [2012/11/16 18:59:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/11/16 18:59:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/11/16 18:59:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/11/16 18:59:19 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/11/16 18:59:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/11/16 18:59:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/11/16 18:59:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/11/16 18:59:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/11/16 01:19:55 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
    [2012/11/16 01:12:10 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/11/08 17:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/10/22 13:02:46 | 000,179,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/11/18 21:00:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/18 21:00:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/18 20:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/18 20:51:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Aky\Desktop\tdsskiller.exe
    [2012/11/18 20:25:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/18 19:01:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2012/11/18 19:00:45 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/18 19:00:31 | 2951,135,232 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/18 18:26:10 | 000,000,680 | ---- | M] () -- C:\Users\Aky\AppData\Local\d3d9caps.dat
    [2012/11/18 00:23:27 | 000,000,512 | ---- | M] () -- C:\Users\Aky\Desktop\MBR.dat
    [2012/11/17 21:57:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Aky\Desktop\aswMBR.exe
    [2012/11/17 21:56:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Aky\Desktop\OTL.exe
    [2012/11/17 21:49:28 | 000,000,917 | ---- | M] () -- C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/11/17 21:49:05 | 000,000,718 | ---- | M] () -- C:\Users\Aky\Desktop\ERUNT.lnk
    [2012/11/17 21:48:01 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Aky\Desktop\erunt-setup.exe
    [2012/11/16 19:40:48 | 000,296,568 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/11/16 19:17:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/11/16 19:17:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/11/16 01:38:09 | 052,527,232 | ---- | M] () -- C:\Users\Aky\Desktop\vox_20121115_low.mp3
    [2012/11/08 20:26:55 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
    [2012/11/08 17:27:08 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys

    ========== Files Created - No Company Name ==========

    [2012/11/18 18:26:10 | 000,000,680 | ---- | C] () -- C:\Users\Aky\AppData\Local\d3d9caps.dat
    [2012/11/18 00:23:27 | 000,000,512 | ---- | C] () -- C:\Users\Aky\Desktop\MBR.dat
    [2012/11/17 21:49:28 | 000,000,917 | ---- | C] () -- C:\Users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2012/11/17 21:49:05 | 000,000,718 | ---- | C] () -- C:\Users\Aky\Desktop\ERUNT.lnk
    [2012/11/16 21:00:26 | 2951,135,232 | -HS- | C] () -- C:\hiberfil.sys
    [2012/11/16 01:33:49 | 052,527,232 | ---- | C] () -- C:\Users\Aky\Desktop\vox_20121115_low.mp3
    [2012/05/23 17:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012/05/23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/05/23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/05/23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/05/23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2011/06/10 17:05:32 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
    [2011/06/10 17:05:32 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2011/06/10 17:05:32 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
    [2011/06/10 17:05:32 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
    [2011/04/30 18:29:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/04/30 18:29:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/04/24 03:31:07 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
    [2011/04/24 03:26:36 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/04/24 03:25:37 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2011/04/24 03:25:37 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2011/04/24 03:25:36 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/04/24 03:25:36 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2011/04/24 02:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/04/23 19:47:21 | 000,022,016 | ---- | C] () -- C:\Users\Aky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/04/23 19:18:34 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/04/23 19:08:03 | 000,000,000 | ---- | C] () -- C:\Windows\setup.INI
    [2011/04/23 19:03:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
    [2011/04/23 18:58:04 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
    [2011/04/23 18:58:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
    [2011/04/23 18:58:04 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2011/04/23 18:58:04 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2012/06/24 16:04:37 | 000,000,000 | -HSD | M] -- C:\Users\Aky\AppData\Roaming\.#
    [2008/08/20 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Acer GameZone Console
    [2012/06/21 21:50:03 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Audacity
    [2012/09/29 19:38:11 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\AVG2013
    [2011/10/21 20:28:05 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/04/19 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\BSplayer
    [2012/04/19 18:31:19 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\BSplayer Pro
    [2011/05/06 21:38:52 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\eSobi
    [2011/08/12 19:05:22 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Nokia
    [2011/04/28 20:20:42 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\PC Suite
    [2011/05/02 21:08:14 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\RegistryKeys
    [2012/06/05 23:55:41 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\Samsung
    [2012/09/29 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\Aky\AppData\Roaming\TuneUp Software
    [2012/10/13 13:27:20 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/10/13 13:27:20 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

    ========== Purity Check ==========



    < End of report >
     
  11. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    21:22:25.0814 4724 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    21:22:26.0095 4724 ============================================================
    21:22:26.0095 4724 Current date / time: 2012/11/18 21:22:26.0095
    21:22:26.0095 4724 SystemInfo:
    21:22:26.0095 4724
    21:22:26.0095 4724 OS Version: 6.0.6002 ServicePack: 2.0
    21:22:26.0095 4724 Product type: Workstation
    21:22:26.0095 4724 ComputerName: AKY-PC
    21:22:26.0095 4724 UserName: Aky
    21:22:26.0095 4724 Windows directory: C:\Windows
    21:22:26.0095 4724 System windows directory: C:\Windows
    21:22:26.0095 4724 Processor architecture: Intel x86
    21:22:26.0095 4724 Number of processors: 2
    21:22:26.0095 4724 Page size: 0x1000
    21:22:26.0095 4724 Boot type: Normal boot
    21:22:26.0095 4724 ============================================================
    21:22:27.0640 4724 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    21:22:27.0640 4724 ============================================================
    21:22:27.0640 4724 \Device\Harddisk0\DR0:
    21:22:27.0640 4724 MBR partitions:
    21:22:27.0640 4724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0xDF21800
    21:22:27.0640 4724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF2AA000, BlocksNum 0xDF1B000
    21:22:27.0640 4724 ============================================================
    21:22:27.0686 4724 C: \Device\Harddisk0\DR0\Partition1
    21:22:27.0733 4724 D: \Device\Harddisk0\DR0\Partition2
    21:22:27.0733 4724 ============================================================
    21:22:27.0733 4724 Initialize success
    21:22:27.0733 4724 ============================================================
    21:23:00.0229 4764 ============================================================
    21:23:00.0229 4764 Scan started
    21:23:00.0229 4764 Mode: Manual;
    21:23:00.0229 4764 ============================================================
    21:23:00.0978 4764 ================ Scan system memory ========================
    21:23:00.0978 4764 System memory - ok
    21:23:00.0978 4764 ================ Scan services =============================
    21:23:01.0227 4764 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
    21:23:01.0243 4764 ACPI - ok
    21:23:01.0337 4764 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:23:01.0352 4764 AdobeARMservice - ok
    21:23:01.0415 4764 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:23:01.0430 4764 adp94xx - ok
    21:23:01.0477 4764 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:23:01.0493 4764 adpahci - ok
    21:23:01.0508 4764 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    21:23:01.0524 4764 adpu160m - ok
    21:23:01.0555 4764 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:23:01.0555 4764 adpu320 - ok
    21:23:01.0617 4764 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:23:01.0617 4764 AeLookupSvc - ok
    21:23:01.0664 4764 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
    21:23:01.0664 4764 AFD - ok
    21:23:01.0695 4764 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:23:01.0695 4764 agp440 - ok
    21:23:01.0758 4764 [ FBE4016F9EF3AB3DB547E40A936B6CD9 ] ahcix86s C:\Windows\system32\DRIVERS\ahcix86s.sys
    21:23:01.0758 4764 ahcix86s - ok
    21:23:01.0789 4764 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    21:23:01.0789 4764 aic78xx - ok
    21:23:01.0805 4764 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
    21:23:01.0820 4764 ALG - ok
    21:23:01.0820 4764 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:23:01.0820 4764 aliide - ok
    21:23:01.0836 4764 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    21:23:01.0836 4764 amdagp - ok
    21:23:01.0867 4764 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:23:01.0867 4764 amdide - ok
    21:23:01.0883 4764 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
    21:23:01.0883 4764 AmdK7 - ok
    21:23:01.0898 4764 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:23:01.0898 4764 AmdK8 - ok
    21:23:01.0945 4764 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    21:23:01.0945 4764 androidusb - ok
    21:23:01.0992 4764 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
    21:23:01.0992 4764 Appinfo - ok
    21:23:02.0195 4764 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:23:02.0195 4764 Apple Mobile Device - ok
    21:23:02.0226 4764 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
    21:23:02.0226 4764 arc - ok
    21:23:02.0257 4764 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:23:02.0257 4764 arcsas - ok
    21:23:02.0304 4764 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:23:02.0304 4764 AsyncMac - ok
    21:23:02.0335 4764 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
    21:23:02.0335 4764 atapi - ok
    21:23:02.0413 4764 [ 7FA516FC81DD5931F389B56279A27A3E ] athr C:\Windows\system32\DRIVERS\athr.sys
    21:23:02.0444 4764 athr - ok
    21:23:02.0507 4764 [ EEC308E4E061344BB31AE295A016721B ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    21:23:02.0507 4764 Ati External Event Utility - ok
    21:23:02.0663 4764 [ 8FDD2385D30080711633FE9FF2A64126 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    21:23:02.0772 4764 atikmdag - ok
    21:23:02.0819 4764 [ 5A1465AD2E7C1BC39CDA12A355329096 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    21:23:02.0834 4764 AtiPcie - ok
    21:23:02.0881 4764 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:23:02.0881 4764 AudioEndpointBuilder - ok
    21:23:02.0912 4764 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
    21:23:02.0928 4764 Audiosrv - ok
    21:23:03.0099 4764 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    21:23:03.0146 4764 AVG Security Toolbar Service - ok
    21:23:03.0474 4764 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    21:23:03.0708 4764 AVGIDSAgent - ok
    21:23:03.0817 4764 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
    21:23:03.0817 4764 AVGIDSDriver - ok
    21:23:03.0864 4764 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
    21:23:03.0864 4764 AVGIDSHX - ok
    21:23:03.0879 4764 [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
    21:23:03.0895 4764 AVGIDSShim - ok
    21:23:03.0911 4764 [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
    21:23:03.0926 4764 Avgldx86 - ok
    21:23:03.0973 4764 [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
    21:23:03.0989 4764 Avglogx - ok
    21:23:04.0004 4764 [ 6C7C00B8DD22B4343B47FED148387057 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
    21:23:04.0004 4764 Avgmfx86 - ok
    21:23:04.0067 4764 [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
    21:23:04.0067 4764 Avgrkx86 - ok
    21:23:04.0082 4764 [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
    21:23:04.0082 4764 Avgtdix - ok
    21:23:04.0113 4764 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
    21:23:04.0113 4764 avgtp - ok
    21:23:04.0160 4764 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    21:23:04.0160 4764 avgwd - ok
    21:23:04.0207 4764 [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    21:23:04.0223 4764 b57nd60x - ok
    21:23:04.0254 4764 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:23:04.0254 4764 Beep - ok
    21:23:04.0316 4764 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
    21:23:04.0316 4764 BFE - ok
    21:23:04.0410 4764 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
    21:23:04.0441 4764 BITS - ok
    21:23:04.0472 4764 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    21:23:04.0472 4764 blbdrive - ok
    21:23:04.0597 4764 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:23:04.0613 4764 Bonjour Service - ok
    21:23:04.0675 4764 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:23:04.0675 4764 bowser - ok
    21:23:04.0706 4764 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    21:23:04.0706 4764 BrFiltLo - ok
    21:23:04.0737 4764 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    21:23:04.0737 4764 BrFiltUp - ok
    21:23:04.0784 4764 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
    21:23:04.0784 4764 Browser - ok
    21:23:04.0800 4764 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
    21:23:04.0815 4764 Brserid - ok
    21:23:04.0815 4764 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    21:23:04.0831 4764 BrSerWdm - ok
    21:23:04.0862 4764 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    21:23:04.0862 4764 BrUsbMdm - ok
    21:23:04.0878 4764 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    21:23:04.0878 4764 BrUsbSer - ok
    21:23:04.0893 4764 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:23:04.0893 4764 BTHMODEM - ok
    21:23:04.0956 4764 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    21:23:04.0971 4764 BUNAgentSvc - ok
    21:23:05.0018 4764 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
    21:23:05.0018 4764 BVRPMPR5 - ok
    21:23:05.0034 4764 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:23:05.0034 4764 cdfs - ok
    21:23:05.0081 4764 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:23:05.0081 4764 cdrom - ok
    21:23:05.0143 4764 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
    21:23:05.0143 4764 CertPropSvc - ok
    21:23:05.0174 4764 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
    21:23:05.0174 4764 circlass - ok
    21:23:05.0221 4764 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
    21:23:05.0221 4764 CLFS - ok
    21:23:05.0315 4764 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    21:23:05.0315 4764 CLHNService - ok
    21:23:05.0393 4764 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:23:05.0393 4764 clr_optimization_v2.0.50727_32 - ok
    21:23:05.0517 4764 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:23:05.0517 4764 clr_optimization_v4.0.30319_32 - ok
    21:23:05.0564 4764 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    21:23:05.0564 4764 CmBatt - ok
    21:23:05.0611 4764 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:23:05.0611 4764 cmdide - ok
    21:23:05.0642 4764 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    21:23:05.0642 4764 Compbatt - ok
    21:23:05.0658 4764 COMSysApp - ok
    21:23:05.0673 4764 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:23:05.0673 4764 crcdisk - ok
    21:23:05.0689 4764 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
    21:23:05.0689 4764 Crusoe - ok
    21:23:05.0736 4764 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:23:05.0751 4764 CryptSvc - ok
    21:23:05.0829 4764 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:23:05.0861 4764 DcomLaunch - ok
    21:23:05.0907 4764 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:23:05.0923 4764 DfsC - ok
    21:23:06.0032 4764 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
    21:23:06.0126 4764 DFSR - ok
    21:23:06.0173 4764 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    21:23:06.0188 4764 Dhcp - ok
    21:23:06.0235 4764 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
    21:23:06.0251 4764 disk - ok
    21:23:06.0297 4764 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
    21:23:06.0313 4764 DKbFltr - ok
    21:23:06.0375 4764 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:23:06.0391 4764 Dnscache - ok
    21:23:06.0438 4764 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:23:06.0453 4764 dot3svc - ok
    21:23:06.0485 4764 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
    21:23:06.0500 4764 DPS - ok
    21:23:06.0516 4764 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:23:06.0516 4764 drmkaud - ok
    21:23:06.0563 4764 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:23:06.0578 4764 DXGKrnl - ok
    21:23:06.0625 4764 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:23:06.0625 4764 E1G60 - ok
    21:23:06.0641 4764 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
    21:23:06.0641 4764 EapHost - ok
    21:23:06.0687 4764 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
    21:23:06.0687 4764 Ecache - ok
    21:23:06.0781 4764 [ 2CE2DDCB1A41ED4488A2A8B98D286B3D ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    21:23:06.0781 4764 eDataSecurity Service - ok
    21:23:06.0797 4764 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:23:06.0797 4764 elxstor - ok
    21:23:06.0875 4764 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    21:23:06.0875 4764 EMDMgmt - ok
    21:23:06.0906 4764 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:23:06.0906 4764 ErrDev - ok
    21:23:06.0937 4764 [ A51FD9DF23720485991F56741BBEFCFB ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    21:23:06.0937 4764 ETService - ok
    21:23:06.0999 4764 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
    21:23:06.0999 4764 EventSystem - ok
    21:23:07.0062 4764 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
    21:23:07.0062 4764 exfat - ok
    21:23:07.0109 4764 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:23:07.0109 4764 fastfat - ok
    21:23:07.0124 4764 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:23:07.0124 4764 fdc - ok
    21:23:07.0140 4764 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:23:07.0155 4764 fdPHost - ok
    21:23:07.0171 4764 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:23:07.0187 4764 FDResPub - ok
    21:23:07.0202 4764 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:23:07.0202 4764 FileInfo - ok
    21:23:07.0218 4764 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:23:07.0218 4764 Filetrace - ok
    21:23:07.0233 4764 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:23:07.0233 4764 flpydisk - ok
    21:23:07.0280 4764 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:23:07.0280 4764 FltMgr - ok
    21:23:07.0358 4764 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
    21:23:07.0374 4764 FontCache - ok
    21:23:07.0452 4764 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    21:23:07.0452 4764 FontCache3.0.0.0 - ok
    21:23:07.0483 4764 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:23:07.0483 4764 Fs_Rec - ok
    21:23:07.0530 4764 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:23:07.0530 4764 gagp30kx - ok
    21:23:07.0592 4764 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:23:07.0592 4764 GEARAspiWDM - ok
    21:23:07.0655 4764 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
    21:23:07.0670 4764 gpsvc - ok
    21:23:07.0733 4764 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    21:23:07.0748 4764 gupdate - ok
    21:23:07.0764 4764 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    21:23:07.0764 4764 gupdatem - ok
    21:23:07.0795 4764 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    21:23:07.0811 4764 HdAudAddService - ok
    21:23:07.0857 4764 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:23:07.0873 4764 HDAudBus - ok
    21:23:07.0889 4764 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:23:07.0889 4764 HidBth - ok
    21:23:07.0904 4764 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:23:07.0904 4764 HidIr - ok
    21:23:07.0951 4764 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
    21:23:07.0951 4764 hidserv - ok
    21:23:07.0951 4764 [ 854CA287AB7FAF949617A788306D967E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:23:07.0951 4764 HidUsb - ok
    21:23:07.0998 4764 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:23:07.0998 4764 hkmsvc - ok
    21:23:08.0013 4764 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    21:23:08.0013 4764 HpCISSs - ok
    21:23:08.0045 4764 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    21:23:08.0045 4764 HSFHWAZL - ok
    21:23:08.0107 4764 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
    21:23:08.0154 4764 HSF_DPV - ok
    21:23:08.0185 4764 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    21:23:08.0201 4764 HSXHWAZL - ok
    21:23:08.0263 4764 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:23:08.0279 4764 HTTP - ok
    21:23:08.0325 4764 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    21:23:08.0325 4764 i2omp - ok
    21:23:08.0357 4764 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    21:23:08.0357 4764 i8042prt - ok
    21:23:08.0372 4764 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    21:23:08.0388 4764 iaStorV - ok
    21:23:08.0466 4764 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    21:23:08.0513 4764 idsvc - ok
    21:23:08.0559 4764 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:23:08.0559 4764 iirsp - ok
    21:23:08.0622 4764 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
    21:23:08.0637 4764 IKEEXT - ok
    21:23:08.0669 4764 [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15 C:\Windows\system32\drivers\int15.sys
    21:23:08.0684 4764 int15 - ok
    21:23:08.0809 4764 [ 58628F232A00A3149D7CC7708C521499 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    21:23:08.0871 4764 IntcAzAudAddService - ok
    21:23:08.0903 4764 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
    21:23:08.0903 4764 intelide - ok
    21:23:08.0934 4764 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:23:08.0934 4764 intelppm - ok
    21:23:08.0965 4764 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:23:08.0965 4764 IPBusEnum - ok
    21:23:08.0996 4764 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:23:08.0996 4764 IpFilterDriver - ok
    21:23:09.0043 4764 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    21:23:09.0059 4764 iphlpsvc - ok
    21:23:09.0074 4764 IpInIp - ok
    21:23:09.0105 4764 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    21:23:09.0105 4764 IPMIDRV - ok
    21:23:09.0137 4764 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    21:23:09.0152 4764 IPNAT - ok
    21:23:09.0293 4764 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:23:09.0293 4764 iPod Service - ok
    21:23:09.0339 4764 [ E50A95179211B12946F7E035D60AF560 ] irda C:\Windows\system32\DRIVERS\irda.sys
    21:23:09.0339 4764 irda - ok
    21:23:09.0355 4764 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:23:09.0355 4764 IRENUM - ok
    21:23:09.0402 4764 [ CBB0D940221A281BCFEAEA695BD1CDA5 ] Irmon C:\Windows\System32\irmon.dll
    21:23:09.0402 4764 Irmon - ok
    21:23:09.0417 4764 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:23:09.0417 4764 isapnp - ok
    21:23:09.0464 4764 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    21:23:09.0480 4764 iScsiPrt - ok
    21:23:09.0511 4764 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    21:23:09.0511 4764 iteatapi - ok
    21:23:09.0527 4764 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
    21:23:09.0527 4764 iteraid - ok
    21:23:09.0558 4764 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:23:09.0558 4764 kbdclass - ok
    21:23:09.0589 4764 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:23:09.0589 4764 kbdhid - ok
    21:23:09.0620 4764 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
    21:23:09.0620 4764 KeyIso - ok
    21:23:09.0667 4764 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:23:09.0698 4764 KSecDD - ok
    21:23:09.0745 4764 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:23:09.0761 4764 KtmRm - ok
    21:23:09.0807 4764 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:23:09.0807 4764 LanmanServer - ok
    21:23:09.0854 4764 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:23:09.0854 4764 LanmanWorkstation - ok
    21:23:09.0917 4764 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    21:23:09.0917 4764 LightScribeService - ok
    21:23:09.0948 4764 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:23:09.0963 4764 lltdio - ok
    21:23:09.0995 4764 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:23:10.0010 4764 lltdsvc - ok
    21:23:10.0026 4764 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:23:10.0026 4764 lmhosts - ok
    21:23:10.0057 4764 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:23:10.0057 4764 LSI_FC - ok
    21:23:10.0073 4764 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:23:10.0073 4764 LSI_SAS - ok
    21:23:10.0088 4764 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:23:10.0088 4764 LSI_SCSI - ok
    21:23:10.0119 4764 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
    21:23:10.0119 4764 luafv - ok
    21:23:10.0166 4764 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    21:23:10.0166 4764 MBAMProtector - ok
    21:23:10.0229 4764 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    21:23:10.0244 4764 MBAMScheduler - ok
    21:23:10.0275 4764 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    21:23:10.0291 4764 MBAMService - ok
    21:23:10.0322 4764 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
    21:23:10.0322 4764 mdmxsdk - ok
    21:23:10.0338 4764 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
    21:23:10.0338 4764 megasas - ok
    21:23:10.0369 4764 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    21:23:10.0385 4764 MegaSR - ok
    21:23:10.0416 4764 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
    21:23:10.0416 4764 MMCSS - ok
    21:23:10.0463 4764 MobilityService - ok
    21:23:10.0494 4764 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
    21:23:10.0494 4764 Modem - ok
    21:23:10.0509 4764 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:23:10.0509 4764 monitor - ok
    21:23:10.0541 4764 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:23:10.0541 4764 mouclass - ok
    21:23:10.0541 4764 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:23:10.0556 4764 mouhid - ok
    21:23:10.0572 4764 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    21:23:10.0572 4764 MountMgr - ok
    21:23:10.0572 4764 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:23:10.0587 4764 mpio - ok
    21:23:10.0619 4764 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:23:10.0619 4764 mpsdrv - ok
    21:23:10.0665 4764 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:23:10.0681 4764 MpsSvc - ok
    21:23:10.0697 4764 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    21:23:10.0697 4764 Mraid35x - ok
    21:23:10.0743 4764 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:23:10.0743 4764 MRxDAV - ok
    21:23:10.0775 4764 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:23:10.0790 4764 mrxsmb - ok
    21:23:10.0821 4764 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:23:10.0837 4764 mrxsmb10 - ok
    21:23:10.0868 4764 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:23:10.0868 4764 mrxsmb20 - ok
    21:23:10.0915 4764 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
    21:23:10.0915 4764 msahci - ok
    21:23:10.0946 4764 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:23:10.0946 4764 msdsm - ok
    21:23:10.0977 4764 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
    21:23:10.0977 4764 MSDTC - ok
    21:23:11.0009 4764 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:23:11.0009 4764 Msfs - ok
    21:23:11.0009 4764 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:23:11.0024 4764 msisadrv - ok
    21:23:11.0055 4764 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:23:11.0055 4764 MSiSCSI - ok
    21:23:11.0071 4764 msiserver - ok
    21:23:11.0087 4764 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:23:11.0087 4764 MSKSSRV - ok
    21:23:11.0102 4764 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:23:11.0102 4764 MSPCLOCK - ok
    21:23:11.0118 4764 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:23:11.0118 4764 MSPQM - ok
    21:23:11.0165 4764 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:23:11.0180 4764 MsRPC - ok
    21:23:11.0211 4764 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    21:23:11.0211 4764 mssmbios - ok
    21:23:11.0227 4764 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:23:11.0227 4764 MSTEE - ok
    21:23:11.0258 4764 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
    21:23:11.0258 4764 Mup - ok
    21:23:11.0305 4764 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
    21:23:11.0305 4764 napagent - ok
    21:23:11.0367 4764 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:23:11.0367 4764 NativeWifiP - ok
    21:23:11.0430 4764 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:23:11.0430 4764 NDIS - ok
    21:23:11.0461 4764 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:23:11.0461 4764 NdisTapi - ok
    21:23:11.0508 4764 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:23:11.0508 4764 Ndisuio - ok
    21:23:11.0539 4764 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:23:11.0539 4764 NdisWan - ok
    21:23:11.0570 4764 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:23:11.0586 4764 NDProxy - ok
    21:23:11.0601 4764 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:23:11.0601 4764 NetBIOS - ok
    21:23:11.0664 4764 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    21:23:11.0679 4764 netbt - ok
    21:23:11.0711 4764 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
    21:23:11.0711 4764 Netlogon - ok
    21:23:11.0773 4764 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
    21:23:11.0773 4764 Netman - ok
    21:23:11.0820 4764 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
    21:23:11.0820 4764 netprofm - ok
    21:23:11.0867 4764 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:23:11.0882 4764 NetTcpPortSharing - ok
    21:23:11.0913 4764 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:23:11.0913 4764 nfrd960 - ok
    21:23:11.0929 4764 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:23:11.0945 4764 NlaSvc - ok
    21:23:11.0976 4764 [ 48FB907B069524F2DC7BA62A0762850C ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
    21:23:11.0991 4764 nmwcd - ok
    21:23:12.0038 4764 [ 2914CEB789964141AC6E22C6BC980C42 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
    21:23:12.0038 4764 nmwcdc - ok
    21:23:12.0069 4764 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:23:12.0069 4764 Npfs - ok
    21:23:12.0085 4764 [ 6D8D2E5652FC2442C810C5D8BE784148 ] NSCIRDA C:\Windows\system32\DRIVERS\nscirda.sys
    21:23:12.0085 4764 NSCIRDA - ok
    21:23:12.0116 4764 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
    21:23:12.0116 4764 nsi - ok
    21:23:12.0132 4764 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:23:12.0132 4764 nsiproxy - ok
    21:23:12.0210 4764 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:23:12.0241 4764 Ntfs - ok
    21:23:12.0257 4764 [ A2B6583A5652A385DFF5E4F49AD48761 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
    21:23:12.0257 4764 NTIBackupSvc - ok
    21:23:12.0288 4764 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
    21:23:12.0288 4764 NTIDrvr - ok
    21:23:12.0319 4764 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
    21:23:12.0319 4764 NTIPPKernel - ok
    21:23:12.0350 4764 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    21:23:12.0366 4764 NTISchedulerSvc - ok
    21:23:12.0381 4764 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
    21:23:12.0381 4764 ntrigdigi - ok
    21:23:12.0413 4764 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
    21:23:12.0413 4764 Null - ok
    21:23:12.0428 4764 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:23:12.0428 4764 nvraid - ok
    21:23:12.0444 4764 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:23:12.0444 4764 nvstor - ok
    21:23:12.0459 4764 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:23:12.0459 4764 nv_agp - ok
    21:23:12.0475 4764 NwlnkFlt - ok
    21:23:12.0475 4764 NwlnkFwd - ok
    21:23:12.0553 4764 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:23:12.0584 4764 odserv - ok
    21:23:12.0600 4764 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    21:23:12.0615 4764 ohci1394 - ok
    21:23:12.0631 4764 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:23:12.0631 4764 ose - ok
    21:23:12.0709 4764 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
    21:23:12.0740 4764 p2pimsvc - ok
    21:23:12.0771 4764 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:23:12.0787 4764 p2psvc - ok
    21:23:12.0818 4764 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
    21:23:12.0818 4764 Parport - ok
    21:23:12.0865 4764 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:23:12.0881 4764 partmgr - ok
    21:23:12.0912 4764 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
    21:23:12.0912 4764 Parvdm - ok
    21:23:12.0959 4764 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:23:12.0959 4764 PcaSvc - ok
    21:23:13.0037 4764 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
    21:23:13.0037 4764 pccsmcfd - ok
    21:23:13.0099 4764 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
    21:23:13.0099 4764 pci - ok
    21:23:13.0130 4764 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
    21:23:13.0130 4764 pciide - ok
    21:23:13.0161 4764 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    21:23:13.0161 4764 pcmcia - ok
    21:23:13.0224 4764 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:23:13.0255 4764 PEAUTH - ok
    21:23:13.0349 4764 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
    21:23:13.0380 4764 pla - ok
    21:23:13.0427 4764 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:23:13.0442 4764 PlugPlay - ok
    21:23:13.0489 4764 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    21:23:13.0505 4764 PNRPAutoReg - ok
    21:23:13.0536 4764 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
    21:23:13.0551 4764 PNRPsvc - ok
    21:23:13.0598 4764 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:23:13.0614 4764 PolicyAgent - ok
    21:23:13.0645 4764 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:23:13.0645 4764 PptpMiniport - ok
    21:23:13.0676 4764 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys
    21:23:13.0676 4764 Processor - ok
    21:23:13.0723 4764 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:23:13.0739 4764 ProfSvc - ok
    21:23:13.0754 4764 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:23:13.0754 4764 ProtectedStorage - ok
    21:23:13.0801 4764 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    21:23:13.0817 4764 PSched - ok
    21:23:13.0863 4764 [ 1DCBB35090CC4B2BD3D661E6089523C6 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
    21:23:13.0879 4764 PSDFilter - ok
    21:23:13.0895 4764 [ E26E46D619469964AC3609620F443867 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
    21:23:13.0895 4764 PSDNServ - ok
    21:23:13.0926 4764 [ 3E1D134AF2806867D06047C4CC33CC65 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
    21:23:13.0926 4764 psdvdisk - ok
    21:23:14.0004 4764 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:23:14.0051 4764 ql2300 - ok
    21:23:14.0082 4764 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:23:14.0082 4764 ql40xx - ok
    21:23:14.0113 4764 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
    21:23:14.0144 4764 QWAVE - ok
    21:23:14.0175 4764 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:23:14.0175 4764 QWAVEdrv - ok
    21:23:14.0207 4764 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:23:14.0207 4764 RasAcd - ok
    21:23:14.0238 4764 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
    21:23:14.0253 4764 RasAuto - ok
    21:23:14.0269 4764 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:23:14.0285 4764 Rasl2tp - ok
    21:23:14.0331 4764 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
    21:23:14.0363 4764 RasMan - ok
    21:23:14.0394 4764 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:23:14.0394 4764 RasPppoe - ok
    21:23:14.0441 4764 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:23:14.0441 4764 RasSstp - ok
    21:23:14.0503 4764 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:23:14.0519 4764 rdbss - ok
    21:23:14.0581 4764 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:23:14.0581 4764 RDPCDD - ok
    21:23:14.0643 4764 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    21:23:14.0659 4764 rdpdr - ok
    21:23:14.0690 4764 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:23:14.0690 4764 RDPENCDD - ok
    21:23:14.0753 4764 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:23:14.0753 4764 RDPWD - ok
    21:23:14.0815 4764 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:23:14.0815 4764 RemoteAccess - ok
    21:23:14.0862 4764 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:23:14.0877 4764 RemoteRegistry - ok
    21:23:14.0909 4764 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
    21:23:14.0924 4764 RpcLocator - ok
    21:23:14.0971 4764 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
    21:23:14.0987 4764 RpcSs - ok
    21:23:15.0033 4764 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:23:15.0033 4764 rspndr - ok
    21:23:15.0065 4764 [ 30AF53469B2A60F693ACB24FBD90ABD7 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
    21:23:15.0065 4764 RTSTOR - ok
    21:23:15.0096 4764 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
    21:23:15.0111 4764 SamSs - ok
    21:23:15.0143 4764 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:23:15.0143 4764 sbp2port - ok
    21:23:15.0205 4764 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:23:15.0205 4764 SCardSvr - ok
    21:23:15.0283 4764 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
    21:23:15.0314 4764 Schedule - ok
    21:23:15.0330 4764 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:23:15.0330 4764 SCPolicySvc - ok
    21:23:15.0377 4764 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    21:23:15.0392 4764 sdbus - ok
    21:23:15.0423 4764 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:23:15.0455 4764 SDRSVC - ok
    21:23:15.0470 4764 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:23:15.0470 4764 secdrv - ok
    21:23:15.0486 4764 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
    21:23:15.0501 4764 seclogon - ok
    21:23:15.0501 4764 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
    21:23:15.0517 4764 SENS - ok
    21:23:15.0533 4764 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:23:15.0533 4764 Serenum - ok
    21:23:15.0548 4764 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
    21:23:15.0548 4764 Serial - ok
    21:23:15.0548 4764 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:23:15.0564 4764 sermouse - ok
    21:23:15.0626 4764 [ 7D3903AF48E6C1DC2704EAFCB608D031 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    21:23:15.0626 4764 ServiceLayer - ok
    21:23:15.0673 4764 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:23:15.0673 4764 SessionEnv - ok
    21:23:15.0689 4764 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:23:15.0689 4764 sffdisk - ok
    21:23:15.0704 4764 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:23:15.0704 4764 sffp_mmc - ok
    21:23:15.0704 4764 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:23:15.0720 4764 sffp_sd - ok
    21:23:15.0735 4764 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    21:23:15.0751 4764 sfloppy - ok
    21:23:15.0798 4764 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    21:23:15.0798 4764 SharedAccess - ok
    21:23:15.0829 4764 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:23:15.0845 4764 ShellHWDetection - ok
    21:23:15.0860 4764 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
    21:23:15.0860 4764 sisagp - ok
    21:23:15.0891 4764 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    21:23:15.0891 4764 SiSRaid2 - ok
    21:23:15.0907 4764 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:23:15.0907 4764 SiSRaid4 - ok
    21:23:16.0063 4764 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
    21:23:16.0110 4764 slsvc - ok
    21:23:16.0172 4764 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    21:23:16.0172 4764 SLUINotify - ok
    21:23:16.0203 4764 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:23:16.0219 4764 Smb - ok
    21:23:16.0250 4764 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:23:16.0250 4764 SNMPTRAP - ok
    21:23:16.0266 4764 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
    21:23:16.0281 4764 spldr - ok
    21:23:16.0313 4764 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
    21:23:16.0313 4764 Spooler - ok
    21:23:16.0359 4764 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:23:16.0359 4764 srv - ok
    21:23:16.0422 4764 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:23:16.0422 4764 srv2 - ok
    21:23:16.0453 4764 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:23:16.0469 4764 srvnet - ok
    21:23:16.0500 4764 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    21:23:16.0500 4764 ssadbus - ok
    21:23:16.0547 4764 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    21:23:16.0547 4764 ssadmdfl - ok
    21:23:16.0593 4764 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    21:23:16.0593 4764 ssadmdm - ok
    21:23:16.0625 4764 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    21:23:16.0640 4764 ssadserd - ok
    21:23:16.0671 4764 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:23:16.0671 4764 SSDPSRV - ok
    21:23:16.0718 4764 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:23:16.0718 4764 SstpSvc - ok
    21:23:16.0765 4764 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
    21:23:16.0781 4764 stisvc - ok
    21:23:16.0812 4764 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    21:23:16.0812 4764 swenum - ok
    21:23:16.0859 4764 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
    21:23:16.0874 4764 swprv - ok
    21:23:16.0905 4764 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    21:23:16.0905 4764 Symc8xx - ok
    21:23:16.0937 4764 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    21:23:16.0937 4764 Sym_hi - ok
    21:23:16.0952 4764 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    21:23:16.0952 4764 Sym_u3 - ok
    21:23:16.0999 4764 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    21:23:16.0999 4764 SynTP - ok
    21:23:17.0061 4764 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
    21:23:17.0061 4764 SysMain - ok
    21:23:17.0093 4764 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:23:17.0093 4764 TabletInputService - ok
    21:23:17.0139 4764 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:23:17.0155 4764 TapiSrv - ok
    21:23:17.0186 4764 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
    21:23:17.0186 4764 TBS - ok
    21:23:17.0249 4764 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:23:17.0280 4764 Tcpip - ok
    21:23:17.0327 4764 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:23:17.0342 4764 Tcpip6 - ok
    21:23:17.0405 4764 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:23:17.0405 4764 tcpipreg - ok
    21:23:17.0467 4764 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:23:17.0467 4764 TDPIPE - ok
    21:23:17.0483 4764 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:23:17.0483 4764 TDTCP - ok
    21:23:17.0529 4764 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:23:17.0545 4764 tdx - ok
    21:23:17.0561 4764 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    21:23:17.0561 4764 TermDD - ok
    21:23:17.0623 4764 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
    21:23:17.0639 4764 TermService - ok
    21:23:17.0685 4764 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
    21:23:17.0685 4764 Themes - ok
    21:23:17.0717 4764 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
    21:23:17.0717 4764 THREADORDER - ok
    21:23:17.0763 4764 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
    21:23:17.0763 4764 TrkWks - ok
    21:23:17.0841 4764 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:23:17.0841 4764 TrustedInstaller - ok
    21:23:17.0873 4764 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:23:17.0873 4764 tssecsrv - ok
    21:23:17.0919 4764 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    21:23:17.0919 4764 tunmp - ok
    21:23:17.0966 4764 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:23:17.0966 4764 tunnel - ok
    21:23:17.0982 4764 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:23:17.0982 4764 uagp35 - ok
    21:23:18.0029 4764 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
    21:23:18.0029 4764 UBHelper - ok
    21:23:18.0075 4764 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:23:18.0075 4764 udfs - ok
    21:23:18.0153 4764 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:23:18.0153 4764 UI0Detect - ok
    21:23:18.0185 4764 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:23:18.0185 4764 uliagpkx - ok
    21:23:18.0200 4764 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
    21:23:18.0216 4764 uliahci - ok
    21:23:18.0231 4764 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
    21:23:18.0231 4764 UlSata - ok
    21:23:18.0247 4764 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    21:23:18.0247 4764 ulsata2 - ok
    21:23:18.0263 4764 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:23:18.0278 4764 umbus - ok
    21:23:18.0309 4764 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
    21:23:18.0309 4764 upnphost - ok
    21:23:18.0356 4764 [ E526A166E6ACAFD0A9B3841D3941669E ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
    21:23:18.0356 4764 upperdev - ok
    21:23:18.0403 4764 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    21:23:18.0403 4764 USBAAPL - ok
    21:23:18.0434 4764 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:23:18.0434 4764 usbccgp - ok
    21:23:18.0450 4764 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:23:18.0450 4764 usbcir - ok
    21:23:18.0512 4764 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:23:18.0512 4764 usbehci - ok
    21:23:18.0559 4764 [ EDCA5124B54BCF04E5C0538AA397A9C1 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    21:23:18.0559 4764 usbfilter - ok
    21:23:18.0590 4764 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:23:18.0606 4764 usbhub - ok
    21:23:18.0637 4764 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    21:23:18.0637 4764 usbohci - ok
    21:23:18.0684 4764 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    21:23:18.0684 4764 usbprint - ok
    21:23:18.0746 4764 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys
    21:23:18.0746 4764 usbser - ok
    21:23:18.0793 4764 [ 6F3E3C6811B930D2414552A2E4A40F36 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
    21:23:18.0793 4764 UsbserFilt - ok
    21:23:18.0824 4764 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:23:18.0824 4764 USBSTOR - ok
    21:23:18.0871 4764 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    21:23:18.0871 4764 usbuhci - ok
    21:23:18.0887 4764 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    21:23:18.0887 4764 usbvideo - ok
    21:23:18.0933 4764 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
    21:23:18.0933 4764 UxSms - ok
    21:23:18.0996 4764 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
    21:23:19.0027 4764 vds - ok
    21:23:19.0043 4764 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:23:19.0043 4764 vga - ok
    21:23:19.0074 4764 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:23:19.0074 4764 VgaSave - ok
    21:23:19.0089 4764 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
    21:23:19.0089 4764 viaagp - ok
    21:23:19.0105 4764 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    21:23:19.0105 4764 ViaC7 - ok
    21:23:19.0121 4764 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
    21:23:19.0121 4764 viaide - ok
    21:23:19.0152 4764 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:23:19.0152 4764 volmgr - ok
    21:23:19.0199 4764 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:23:19.0214 4764 volmgrx - ok
    21:23:19.0261 4764 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:23:19.0277 4764 volsnap - ok
    21:23:19.0308 4764 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:23:19.0308 4764 vsmraid - ok
    21:23:19.0370 4764 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
    21:23:19.0401 4764 VSS - ok
    21:23:19.0557 4764 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    21:23:19.0635 4764 vToolbarUpdater13.2.0 - ok
    21:23:19.0682 4764 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
    21:23:19.0698 4764 W32Time - ok
    21:23:19.0760 4764 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:23:19.0760 4764 WacomPen - ok
    21:23:19.0791 4764 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    21:23:19.0791 4764 Wanarp - ok
    21:23:19.0807 4764 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:23:19.0807 4764 Wanarpv6 - ok
    21:23:19.0869 4764 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:23:19.0885 4764 wcncsvc - ok
    21:23:19.0932 4764 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:23:19.0932 4764 WcsPlugInService - ok
    21:23:19.0963 4764 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
    21:23:19.0963 4764 Wd - ok
    21:23:20.0010 4764 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:23:20.0025 4764 Wdf01000 - ok
    21:23:20.0057 4764 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:23:20.0072 4764 WdiServiceHost - ok
    21:23:20.0072 4764 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:23:20.0088 4764 WdiSystemHost - ok
    21:23:20.0119 4764 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
    21:23:20.0135 4764 WebClient - ok
    21:23:20.0150 4764 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:23:20.0166 4764 Wecsvc - ok
    21:23:20.0197 4764 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:23:20.0197 4764 wercplsupport - ok
    21:23:20.0244 4764 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:23:20.0244 4764 WerSvc - ok
    21:23:20.0306 4764 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    21:23:20.0337 4764 winachsf - ok
    21:23:20.0384 4764 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    21:23:20.0400 4764 WinDefend - ok
    21:23:20.0415 4764 WinHttpAutoProxySvc - ok
    21:23:20.0509 4764 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:23:20.0509 4764 Winmgmt - ok
    21:23:20.0634 4764 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
    21:23:20.0681 4764 WinRM - ok
    21:23:20.0759 4764 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:23:20.0774 4764 Wlansvc - ok
    21:23:20.0805 4764 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:23:20.0805 4764 WmiAcpi - ok
    21:23:20.0852 4764 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:23:20.0852 4764 wmiApSrv - ok
    21:23:20.0930 4764 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    21:23:20.0930 4764 WMPNetworkSvc - ok
    21:23:20.0977 4764 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:23:20.0977 4764 WPCSvc - ok
    21:23:21.0024 4764 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:23:21.0024 4764 WPDBusEnum - ok
    21:23:21.0055 4764 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    21:23:21.0055 4764 WpdUsb - ok
    21:23:21.0180 4764 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    21:23:21.0180 4764 WPFFontCache_v0400 - ok
    21:23:21.0211 4764 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:23:21.0211 4764 ws2ifsl - ok
    21:23:21.0242 4764 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
    21:23:21.0258 4764 wscsvc - ok
    21:23:21.0258 4764 WSearch - ok
    21:23:21.0383 4764 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    21:23:21.0429 4764 wuauserv - ok
    21:23:21.0461 4764 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:23:21.0476 4764 WudfPf - ok
    21:23:21.0523 4764 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:23:21.0539 4764 WUDFRd - ok
    21:23:21.0585 4764 [ 2C0206FF8D2C75AC027D1096FA2FAFDA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:23:21.0585 4764 wudfsvc - ok
    21:23:21.0632 4764 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
    21:23:21.0632 4764 XAudio - ok
    21:23:21.0679 4764 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
    21:23:21.0695 4764 XAudioService - ok
    21:23:21.0773 4764 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
    21:23:21.0788 4764 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
    21:23:21.0804 4764 ================ Scan global ===============================
    21:23:21.0835 4764 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
    21:23:21.0882 4764 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    21:23:21.0944 4764 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
    21:23:22.0007 4764 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
    21:23:22.0022 4764 [Global] - ok
    21:23:22.0022 4764 ================ Scan MBR ==================================
    21:23:22.0038 4764 [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
    21:23:26.0687 4764 \Device\Harddisk0\DR0 - ok
    21:23:26.0687 4764 ================ Scan VBR ==================================
    21:23:26.0687 4764 [ 1C3D9CEDCE07347F2B993F64EE6092FC ] \Device\Harddisk0\DR0\Partition1
    21:23:26.0702 4764 \Device\Harddisk0\DR0\Partition1 - ok
    21:23:26.0733 4764 [ 94BEC462F954FF75BD5A1A16FE0DB613 ] \Device\Harddisk0\DR0\Partition2
    21:23:26.0733 4764 \Device\Harddisk0\DR0\Partition2 - ok
    21:23:26.0733 4764 ============================================================
    21:23:26.0733 4764 Scan finished
    21:23:26.0733 4764 ============================================================
    21:23:26.0765 5072 Detected object count: 0
    21:23:26.0765 5072 Actual detected object count: 0

    TDSKILLER
     
  12. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hi,

    Are you still having the issues after that?

    -etavares
     
  13. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    Yeah, ititali tabs aren't popping up as frequently but they still seem to exist and my internet connection is better but sometimes drops off but whether that's just general internet speed issues or something else, difficult to assess. If that is the tests all done and to your knowledge that there is nothing else to do then I could give it a few days, see how it goes.
     
  14. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    As part of this ad-ware, when I go to forums and certain headings (e.g Motoring, Games) or certain words are clickable to links for ads so it still exists in the system but not interrupting my internet usage as much though. Are there any next steps that might be worth trying at all my friend?
     
  15. etavares

    etavares Malware Removal Specialist - Moderator

    Joined:
    Aug 6, 2011
    Messages:
    259
    Location:
    USA (GMT -5)
    Hello, FloydPalmer.

    Sorry for the delay. I missed the notification. It won't happen again.

    We'll bring out a more powerful tool. Please download ComboFix from one of these locations:

    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
    • Double click on etavaresCF.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

    Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

    etavares
     
  16. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    I just seen this now, will give it a try tomorrow and post the necessary information. Thank you again ;)
     
  17. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    ComboFix 12-11-23.02 - Aky 24/11/2012 20:57:56.3.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1693 [GMT 0:00]
    Running from: c:\users\Aky\Desktop\etavaresCF.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    .
    ---- Previous Run -------
    .
    c:\users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-24 21:06 . 2012-11-24 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-24 00:15 . 2012-11-24 00:44 -------- d-----w- C:\etavaresCF
    2012-11-18 20:57 . 2012-11-18 20:57 -------- d-----w- C:\_OTL
    2012-11-17 21:49 . 2012-11-17 21:49 -------- d-----w- c:\program files\ERUNT
    2012-11-16 01:19 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-16 01:12 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-08 20:26 . 2012-09-04 15:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-22 13:02 . 2012-10-22 13:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-10-15 03:48 . 2012-10-15 03:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-10-05 03:32 . 2012-10-05 03:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-29 18:54 . 2011-04-23 20:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 13:28 . 2012-10-10 20:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27 . 2012-10-10 20:56 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-29 11:27 . 2012-10-10 20:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-12 22:55 . 2011-04-23 20:00 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 20:26 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    c:\users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 16:29]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 16:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoomail.com/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0a71d742-943a-41f3-8505-07e337de002e%7D&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-29%2020%3A34%3A59&sap=ku&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID= 112050
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 5a00335700000000000000234e6f9479
    FF - user.js: extensions.BabylonToolbar_i.hardId - 5a00335700000000000000234e6f9479
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:03
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-24 21:08
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
    "ImagePath"="system32\drivers\acpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
    "ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
    "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
    "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
    "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
    "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ahcix86s]
    "ImagePath"="system32\DRIVERS\ahcix86s.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
    "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]
    "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
    "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
    "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\androidusb]
    "ImagePath"="System32\Drivers\ssadadb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]
    "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
    "ImagePath"="\SystemRoot\system32\drivers\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
    "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\athr]
    "ImagePath"="system32\DRIVERS\athr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati External Event Utility]
    "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atikmdag]
    "ImagePath"="system32\DRIVERS\atikmdag.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AtiPcie]
    "ImagePath"="system32\DRIVERS\AtiPcie.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG Security Toolbar Service]
    "ImagePath"="c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
    "ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
    "ImagePath"="system32\DRIVERS\avgidshx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]
    "ImagePath"="system32\DRIVERS\avgidsshimx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]
    "ImagePath"="system32\DRIVERS\avgldx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]
    "ImagePath"="system32\DRIVERS\avglogx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]
    "ImagePath"="system32\DRIVERS\avgmfx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]
    "ImagePath"="system32\DRIVERS\avgrkx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]
    "ImagePath"="system32\DRIVERS\avgtdix.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
    "ImagePath"="\??\c:\windows\system32\drivers\avgtpx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
    "ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b57nd60x]
    "ImagePath"="system32\DRIVERS\b57nd60x.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
    "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]
    "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
    "ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
    "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
    "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
    "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BUNAgentSvc]
    "ImagePath"="\"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BVRPMPR5]
    "ImagePath"="\??\c:\windows\system32\drivers\BVRPMPR5.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
    "ImagePath"="\??\c:\users\Aky\AppData\Local\Temp\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
    "ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLHNService]
    "ImagePath"="c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]
    "ImagePath"="system32\DRIVERS\CmBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
    "ImagePath"="system32\DRIVERS\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
    "ImagePath"="system32\drivers\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]
    "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CSC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
    "ImagePath"="%SystemRoot%\system32\DFSR.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
    "ImagePath"="system32\drivers\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DKbFltr]
    "ImagePath"="system32\DRIVERS\DKbFltr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
    "ImagePath"="system32\DRIVERS\E1G60I32.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
    "ImagePath"="System32\drivers\ecache.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eDataSecurity Service]
    "ImagePath"="\"c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
    "ServiceDll"="%systemroot%\system32\emdmgmt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ETService]
    "ImagePath"="c:\program files\Acer\Empowering Technology\Service\ETService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]
    "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
    "ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
    "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSFHWAZL]
    "ImagePath"="system32\DRIVERS\VSTAZL3.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSF_DPV]
    "ImagePath"="system32\DRIVERS\HSX_DPV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSXHWAZL]
    "ImagePath"="system32\DRIVERS\HSXHWAZL.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
    "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\int15]
    "ImagePath"="\??\c:\windows\system32\drivers\int15.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHDA.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
    "ImagePath"="system32\DRIVERS\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\irda]
    "ImagePath"="system32\DRIVERS\irda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Irmon]
    "ServiceDll"="%SystemRoot%\System32\irmon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
    "ImagePath"="system32\DRIVERS\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
    "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
    "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
    "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector]
    "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMScheduler]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdmxsdk]
    "ImagePath"="system32\DRIVERS\mdmxsdk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
    "ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MobilityService]
    "ImagePath"="c:\acer\Mobility Center\MobilityService.exe -p"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
    "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
    "ImagePath"="system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
    "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcd]
    "ImagePath"="system32\drivers\ccdcmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcdc]
    "ImagePath"="system32\drivers\ccdcmbo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSCIRDA]
    "ImagePath"="system32\DRIVERS\nscirda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIBackupSvc]
    "ImagePath"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIDrvr]
    "ImagePath"="system32\DRIVERS\NTIDrvr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIPPKernel]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTISchedulerSvc]
    "ImagePath"="c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]
    "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
    "ImagePath"="\SystemRoot\system32\drivers\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]
    "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pccsmcfd]
    "ImagePath"="system32\DRIVERS\pccsmcfd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
    "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
    "ImagePath"="system32\DRIVERS\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSDFilter]
    "ImagePath"="system32\DRIVERS\psdfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSDNServ]
    "ImagePath"="system32\DRIVERS\PSDNServ.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\psdvdisk]
    "ImagePath"="system32\DRIVERS\PSDVdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
    "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Realtek USB 2.0 Card Reader]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RTSTOR]
    "ImagePath"="system32\drivers\RTSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]
    "ImagePath"="system32\DRIVERS\sdbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceLayer]
    "ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
    "ImagePath"="system32\DRIVERS\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]
    "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
    "ImagePath"="%SystemRoot%\system32\SLsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
    "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadbus]
    "ImagePath"="system32\DRIVERS\ssadbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadmdfl]
    "ImagePath"="system32\DRIVERS\ssadmdfl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadmdm]
    "ImagePath"="system32\DRIVERS\ssadmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadserd]
    "ImagePath"="system32\DRIVERS\ssadserd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
    "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
    "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
    "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]
    "ImagePath"="system32\DRIVERS\SynTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
    "ImagePath"="system32\DRIVERS\tunmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UBHelper]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
    "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upperdev]
    "ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL]
    "ImagePath"="System32\Drivers\usbaapl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbfilter]
    "ImagePath"="system32\DRIVERS\usbfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbser]
    "ImagePath"="system32\DRIVERS\usbser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsbserFilt]
    "ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]
    "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]
    "ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
    "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vToolbarUpdater13.2.0]
    "ImagePath"="c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
    "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
    "ImagePath"="\SystemRoot\system32\drivers\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winachsf]
    "ImagePath"="system32\DRIVERS\HSX_CNXT.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
    "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
    "ImagePath"="system32\DRIVERS\wpdusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudio]
    "ImagePath"="system32\DRIVERS\xaudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudioService]
    "ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{580CFBD5-DEEF-445C-AA1D-2C41A2412BF5}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AAF7D1EC-25F8-482E-B66D-42E0FF000732}]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆ]
    "0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,41,6b,79,2f,44,65,
    73,6b,74,6f,70,2f,41,6b,79,2f,4d,75,73,69,63,2f,4d,75,73,69,63,2f,45,6e,67,\
    "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
    "1"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,41,6b,79,2f,44,65,
    73,6b,74,6f,70,2f,41,6b,79,2f,4d,75,73,69,63,2f,4d,75,73,69,63,2f,45,6e,67,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3860)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2013\avgrsx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2013\avgidsagent.exe
    c:\program files\AVG\AVG2013\avgwdsvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\AVG\AVG2013\avgnsx.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-24 21:13:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-24 21:13
    ComboFix2.txt 2012-11-24 00:43
    .
    Pre-Run: 62,116,593,664 bytes free
    Post-Run: 61,774,098,432 bytes free
    .
    - - End Of File - - 643886E52B04343EDA1447B62D057FF0
     
  18. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    ComboFix 12-11-23.02 - Aky 24/11/2012 20:57:56.3.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1693 [GMT 0:00]
    Running from: c:\users\Aky\Desktop\etavaresCF.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    .
    ---- Previous Run -------
    .
    c:\users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-24 21:06 . 2012-11-24 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-24 00:15 . 2012-11-24 00:44 -------- d-----w- C:\etavaresCF
    2012-11-18 20:57 . 2012-11-18 20:57 -------- d-----w- C:\_OTL
    2012-11-17 21:49 . 2012-11-17 21:49 -------- d-----w- c:\program files\ERUNT
    2012-11-16 01:19 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-16 01:12 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-08 20:26 . 2012-09-04 15:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-22 13:02 . 2012-10-22 13:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-10-15 03:48 . 2012-10-15 03:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-10-05 03:32 . 2012-10-05 03:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-29 18:54 . 2011-04-23 20:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 13:28 . 2012-10-10 20:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27 . 2012-10-10 20:56 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-29 11:27 . 2012-10-10 20:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-12 22:55 . 2011-04-23 20:00 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 20:26 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    c:\users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 16:29]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 16:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoomail.com/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0a71d742-943a-41f3-8505-07e337de002e%7D&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-29%2020%3A34%3A59&sap=ku&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID= 112050
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 5a00335700000000000000234e6f9479
    FF - user.js: extensions.BabylonToolbar_i.hardId - 5a00335700000000000000234e6f9479
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:03
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-24 21:08
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
    "ImagePath"="system32\drivers\acpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
    "ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
    "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
    "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
    "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
    "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ahcix86s]
    "ImagePath"="system32\DRIVERS\ahcix86s.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
    "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]
    "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
    "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
    "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\androidusb]
    "ImagePath"="System32\Drivers\ssadadb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]
    "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
    "ImagePath"="\SystemRoot\system32\drivers\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
    "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\athr]
    "ImagePath"="system32\DRIVERS\athr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati External Event Utility]
    "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atikmdag]
    "ImagePath"="system32\DRIVERS\atikmdag.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AtiPcie]
    "ImagePath"="system32\DRIVERS\AtiPcie.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG Security Toolbar Service]
    "ImagePath"="c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
    "ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
    "ImagePath"="system32\DRIVERS\avgidshx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]
    "ImagePath"="system32\DRIVERS\avgidsshimx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]
    "ImagePath"="system32\DRIVERS\avgldx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]
    "ImagePath"="system32\DRIVERS\avglogx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]
    "ImagePath"="system32\DRIVERS\avgmfx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]
    "ImagePath"="system32\DRIVERS\avgrkx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]
    "ImagePath"="system32\DRIVERS\avgtdix.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
    "ImagePath"="\??\c:\windows\system32\drivers\avgtpx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
    "ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b57nd60x]
    "ImagePath"="system32\DRIVERS\b57nd60x.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
    "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]
    "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
    "ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
    "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
    "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
    "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BUNAgentSvc]
    "ImagePath"="\"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BVRPMPR5]
    "ImagePath"="\??\c:\windows\system32\drivers\BVRPMPR5.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
    "ImagePath"="\??\c:\users\Aky\AppData\Local\Temp\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
    "ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLHNService]
    "ImagePath"="c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]
    "ImagePath"="system32\DRIVERS\CmBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
    "ImagePath"="system32\DRIVERS\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
    "ImagePath"="system32\drivers\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]
    "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CSC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
    "ImagePath"="%SystemRoot%\system32\DFSR.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
    "ImagePath"="system32\drivers\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DKbFltr]
    "ImagePath"="system32\DRIVERS\DKbFltr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
    "ImagePath"="system32\DRIVERS\E1G60I32.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
    "ImagePath"="System32\drivers\ecache.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eDataSecurity Service]
    "ImagePath"="\"c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
    "ServiceDll"="%systemroot%\system32\emdmgmt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ETService]
    "ImagePath"="c:\program files\Acer\Empowering Technology\Service\ETService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]
    "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
    "ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
    "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSFHWAZL]
    "ImagePath"="system32\DRIVERS\VSTAZL3.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSF_DPV]
    "ImagePath"="system32\DRIVERS\HSX_DPV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSXHWAZL]
    "ImagePath"="system32\DRIVERS\HSXHWAZL.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
    "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\int15]
    "ImagePath"="\??\c:\windows\system32\drivers\int15.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHDA.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
    "ImagePath"="system32\DRIVERS\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\irda]
    "ImagePath"="system32\DRIVERS\irda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Irmon]
    "ServiceDll"="%SystemRoot%\System32\irmon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
    "ImagePath"="system32\DRIVERS\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
    "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
    "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
    "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector]
    "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMScheduler]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdmxsdk]
    "ImagePath"="system32\DRIVERS\mdmxsdk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
    "ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MobilityService]
    "ImagePath"="c:\acer\Mobility Center\MobilityService.exe -p"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
    "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
    "ImagePath"="system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
    "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcd]
    "ImagePath"="system32\drivers\ccdcmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcdc]
    "ImagePath"="system32\drivers\ccdcmbo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSCIRDA]
    "ImagePath"="system32\DRIVERS\nscirda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIBackupSvc]
    "ImagePath"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIDrvr]
    "ImagePath"="system32\DRIVERS\NTIDrvr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIPPKernel]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTISchedulerSvc]
    "ImagePath"="c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]
    "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
    "ImagePath"="\SystemRoot\system32\drivers\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]
    "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pccsmcfd]
    "ImagePath"="system32\DRIVERS\pccsmcfd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
    "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
    "ImagePath"="system32\DRIVERS\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSDFilter]
    "ImagePath"="system32\DRIVERS\psdfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSDNServ]
    "ImagePath"="system32\DRIVERS\PSDNServ.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\psdvdisk]
    "ImagePath"="system32\DRIVERS\PSDVdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
    "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Realtek USB 2.0 Card Reader]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RTSTOR]
    "ImagePath"="system32\drivers\RTSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]
    "ImagePath"="system32\DRIVERS\sdbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceLayer]
    "ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
    "ImagePath"="system32\DRIVERS\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]
    "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
    "ImagePath"="%SystemRoot%\system32\SLsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
    "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadbus]
    "ImagePath"="system32\DRIVERS\ssadbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadmdfl]
    "ImagePath"="system32\DRIVERS\ssadmdfl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadmdm]
    "ImagePath"="system32\DRIVERS\ssadmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadserd]
    "ImagePath"="system32\DRIVERS\ssadserd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
    "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
    "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
    "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]
    "ImagePath"="system32\DRIVERS\SynTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
    "ImagePath"="system32\DRIVERS\tunmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UBHelper]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
    "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upperdev]
    "ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL]
    "ImagePath"="System32\Drivers\usbaapl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbfilter]
    "ImagePath"="system32\DRIVERS\usbfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbser]
    "ImagePath"="system32\DRIVERS\usbser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsbserFilt]
    "ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]
    "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]
    "ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
    "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vToolbarUpdater13.2.0]
    "ImagePath"="c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
    "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
    "ImagePath"="\SystemRoot\system32\drivers\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winachsf]
    "ImagePath"="system32\DRIVERS\HSX_CNXT.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
    "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
    "ImagePath"="system32\DRIVERS\wpdusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudio]
    "ImagePath"="system32\DRIVERS\xaudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudioService]
    "ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{580CFBD5-DEEF-445C-AA1D-2C41A2412BF5}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AAF7D1EC-25F8-482E-B66D-42E0FF000732}]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆ]
    "0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,41,6b,79,2f,44,65,
    73,6b,74,6f,70,2f,41,6b,79,2f,4d,75,73,69,63,2f,4d,75,73,69,63,2f,45,6e,67,\
    "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
    "1"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,41,6b,79,2f,44,65,
    73,6b,74,6f,70,2f,41,6b,79,2f,4d,75,73,69,63,2f,4d,75,73,69,63,2f,45,6e,67,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3860)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2013\avgrsx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2013\avgidsagent.exe
    c:\program files\AVG\AVG2013\avgwdsvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\AVG\AVG2013\avgnsx.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-24 21:13:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-24 21:13
    ComboFix2.txt 2012-11-24 00:43
    .
    Pre-Run: 62,116,593,664 bytes free
    Post-Run: 61,774,098,432 bytes free
    .
    - - End Of File - - 643886E52B04343EDA1447B62D057FF0
     
  19. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    ComboFix 12-11-23.02 - Aky 24/11/2012 20:57:56.3.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1693 [GMT 0:00]
    Running from: c:\users\Aky\Desktop\etavaresCF.exe
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    .
    ---- Previous Run -------
    .
    c:\users\Aky\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-24 21:06 . 2012-11-24 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-11-24 00:15 . 2012-11-24 00:44 -------- d-----w- C:\etavaresCF
    2012-11-18 20:57 . 2012-11-18 20:57 -------- d-----w- C:\_OTL
    2012-11-17 21:49 . 2012-11-17 21:49 -------- d-----w- c:\program files\ERUNT
    2012-11-16 01:19 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
    2012-11-16 01:12 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-08 20:26 . 2012-09-04 15:01 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2012-10-22 13:02 . 2012-10-22 13:02 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2012-10-15 03:48 . 2012-10-15 03:48 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-10-05 03:32 . 2012-10-05 03:32 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-09-29 18:54 . 2011-04-23 20:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
    2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-09-13 13:28 . 2012-10-10 20:57 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-08-29 11:27 . 2012-10-10 20:56 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-29 11:27 . 2012-10-10 20:56 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-01-12 22:55 . 2011-04-23 20:00 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 20:26 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-05-14 16:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    c:\users\Aky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    Orion.lnk - c:\program files\Convesoft\Orion\Messenger.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 16:29]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-09-22 16:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page =
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0411&m=aspire_5535
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Aky\AppData\Roaming\Mozilla\Firefox\Profiles\fyfoic31.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoomail.com/
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B0a71d742-943a-41f3-8505-07e337de002e%7D&mid=9392a15da3f947d19832d1543433a099-1b62730cc3bb4bcb36306e4f0b52005d1a2cf034&ds=AVG&v=12.2.5.34&lang=en&pr=fr&d=2012-09-29%2020%3A34%3A59&sap=ku&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID= 112050
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 5a00335700000000000000234e6f9479
    FF - user.js: extensions.BabylonToolbar_i.hardId - 5a00335700000000000000234e6f9479
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15449
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:03
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-11-24 21:08
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
    "ImagePath"="system32\drivers\acpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
    "ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
    "ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
    "ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
    "ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
    "ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
    "ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
    "ImagePath"="\SystemRoot\system32\drivers\afd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
    "ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ahcix86s]
    "ImagePath"="system32\DRIVERS\ahcix86s.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
    "ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
    "ImagePath"="%SystemRoot%\System32\alg.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
    "ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]
    "ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
    "ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
    "ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
    "ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\androidusb]
    "ImagePath"="System32\Drivers\ssadadb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
    "ServiceDll"="%SystemRoot%\System32\appinfo.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]
    "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
    "ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
    "ImagePath"="\SystemRoot\system32\drivers\arc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
    "ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
    "ImagePath"="system32\DRIVERS\asyncmac.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
    "ImagePath"="system32\drivers\atapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\athr]
    "ImagePath"="system32\DRIVERS\athr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati External Event Utility]
    "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atikmdag]
    "ImagePath"="system32\DRIVERS\atikmdag.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AtiPcie]
    "ImagePath"="system32\DRIVERS\AtiPcie.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
    "ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG Security Toolbar Service]
    "ImagePath"="c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
    "ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
    "ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
    "ImagePath"="system32\DRIVERS\avgidshx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]
    "ImagePath"="system32\DRIVERS\avgidsshimx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]
    "ImagePath"="system32\DRIVERS\avgldx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]
    "ImagePath"="system32\DRIVERS\avglogx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]
    "ImagePath"="system32\DRIVERS\avgmfx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]
    "ImagePath"="system32\DRIVERS\avgrkx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]
    "ImagePath"="system32\DRIVERS\avgtdix.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgtp]
    "ImagePath"="\??\c:\windows\system32\drivers\avgtpx86.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
    "ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\b57nd60x]
    "ImagePath"="system32\DRIVERS\b57nd60x.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
    "MofImagePath"="system32\drivers\battc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
    "ServiceDll"="%SystemRoot%\System32\bfe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
    "ServiceDll"="%systemroot%\system32\qmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
    "ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]
    "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
    "ImagePath"="system32\DRIVERS\bowser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
    "ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
    "ServiceDll"="%SystemRoot%\System32\browser.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
    "ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
    "ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
    "ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
    "ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
    "ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BUNAgentSvc]
    "ImagePath"="\"c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BVRPMPR5]
    "ImagePath"="\??\c:\windows\system32\drivers\BVRPMPR5.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
    "ImagePath"="\??\c:\users\Aky\AppData\Local\Temp\catchme.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
    "ImagePath"="system32\DRIVERS\cdfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
    "ImagePath"="system32\DRIVERS\cdrom.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
    "ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
    "ImagePath"="System32\CLFS.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLHNService]
    "ImagePath"="c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]
    "ImagePath"="system32\DRIVERS\CmBatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
    "ImagePath"="system32\DRIVERS\compbatt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
    "ImagePath"="system32\drivers\crcdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]
    "ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CSC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
    "ImagePath"="System32\Drivers\dfsc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
    "ImagePath"="%SystemRoot%\system32\DFSR.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
    "ImagePath"="system32\drivers\disk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DKbFltr]
    "ImagePath"="system32\DRIVERS\DKbFltr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
    "ImagePath"="system32\DRIVERS\E1G60I32.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
    "ImagePath"="System32\drivers\ecache.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eDataSecurity Service]
    "ImagePath"="\"c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
    "ServiceDll"="%systemroot%\system32\emdmgmt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ETService]
    "ImagePath"="c:\program files\Acer\Empowering Technology\Service\ETService.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
    "ImagePath"="system32\drivers\filetrace.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
    "ServiceDll"="%SystemRoot%\system32\FntCache.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]
    "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
    "ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
    "ServiceDll"="%SystemRoot%\System32\hidserv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
    "ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSFHWAZL]
    "ImagePath"="system32\DRIVERS\VSTAZL3.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSF_DPV]
    "ImagePath"="system32\DRIVERS\HSX_DPV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSXHWAZL]
    "ImagePath"="system32\DRIVERS\HSXHWAZL.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
    "ImagePath"="system32\drivers\HTTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
    "ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\int15]
    "ImagePath"="\??\c:\windows\system32\drivers\int15.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]
    "ImagePath"="system32\drivers\RTKVHDA.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
    "ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
    "ImagePath"="system32\DRIVERS\ipnat.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\irda]
    "ImagePath"="system32\DRIVERS\irda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\drivers\irenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Irmon]
    "ServiceDll"="%SystemRoot%\System32\irmon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
    "ImagePath"="system32\DRIVERS\msiscsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
    "ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
    "ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
    "ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector]
    "ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMScheduler]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService]
    "ImagePath"="\"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mdmxsdk]
    "ImagePath"="system32\DRIVERS\mdmxsdk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
    "ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MobilityService]
    "ImagePath"="c:\acer\Mobility Center\MobilityService.exe -p"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
    "ImagePath"="system32\drivers\modem.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
    "ImagePath"="System32\drivers\mountmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
    "ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
    "ImagePath"="system32\drivers\msahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
    "ImagePath"="System32\Drivers\mup.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
    "ImagePath"="system32\drivers\ndis.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
    "ImagePath"="System32\DRIVERS\netbt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
    "ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcd]
    "ImagePath"="system32\drivers\ccdcmb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmwcdc]
    "ImagePath"="system32\drivers\ccdcmbo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSCIRDA]
    "ImagePath"="system32\DRIVERS\nscirda.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIBackupSvc]
    "ImagePath"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIDrvr]
    "ImagePath"="system32\DRIVERS\NTIDrvr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTIPPKernel]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTISchedulerSvc]
    "ImagePath"="c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]
    "ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\odserv]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
    "ImagePath"="\SystemRoot\system32\drivers\parport.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
    "ImagePath"="System32\drivers\partmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]
    "ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pccsmcfd]
    "ImagePath"="system32\DRIVERS\pccsmcfd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
    "ImagePath"="system32\drivers\pci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
    "ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
    "ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
    "ImagePath"="system32\drivers\peauth.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
    "ServiceDll"="%systemroot%\system32\pla.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
    "ImagePath"="system32\DRIVERS\processr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\pacer.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSDFilter]
    "ImagePath"="system32\DRIVERS\psdfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSDNServ]
    "ImagePath"="system32\DRIVERS\PSDNServ.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\psdvdisk]
    "ImagePath"="system32\DRIVERS\PSDVdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
    "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Realtek USB 2.0 Card Reader]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RTSTOR]
    "ImagePath"="system32\drivers\RTSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]
    "ImagePath"="system32\DRIVERS\sdbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceLayer]
    "ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
    "ImagePath"="system32\DRIVERS\sfloppy.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]
    "ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
    "ImagePath"="%SystemRoot%\system32\SLsvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
    "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
    "ImagePath"="system32\DRIVERS\smb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
    "ImagePath"="System32\DRIVERS\srv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadbus]
    "ImagePath"="system32\DRIVERS\ssadbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadmdfl]
    "ImagePath"="system32\DRIVERS\ssadmdfl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadmdm]
    "ImagePath"="system32\DRIVERS\ssadmdm.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssadserd]
    "ImagePath"="system32\DRIVERS\ssadserd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
    "ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
    "ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
    "ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]
    "ImagePath"="system32\DRIVERS\SynTP.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
    "ImagePath"="System32\drivers\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
    "ImagePath"="system32\DRIVERS\tdx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
    "ImagePath"="system32\DRIVERS\tunmp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UBHelper]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
    "ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upperdev]
    "ImagePath"="system32\DRIVERS\usbser_lowerflt.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL]
    "ImagePath"="System32\Drivers\usbaapl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbfilter]
    "ImagePath"="system32\DRIVERS\usbfilter.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbser]
    "ImagePath"="system32\DRIVERS\usbser.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UsbserFilt]
    "ImagePath"="system32\DRIVERS\usbser_lowerfltj.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]
    "ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]
    "ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
    "ImagePath"="system32\drivers\volmgr.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
    "ImagePath"="system32\drivers\volsnap.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
    "ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vToolbarUpdater13.2.0]
    "ImagePath"="c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
    "ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
    "ImagePath"="\SystemRoot\system32\drivers\wd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winachsf]
    "ImagePath"="system32\DRIVERS\HSX_CNXT.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
    "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
    "ImagePath"="system32\DRIVERS\wpdusb.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
    "ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
    "ImagePath"="system32\drivers\WudfPf.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudio]
    "ImagePath"="system32\DRIVERS\xaudio.sys"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XAudioService]
    "ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio.exe"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
    "ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{580CFBD5-DEEF-445C-AA1D-2C41A2412BF5}]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{AAF7D1EC-25F8-482E-B66D-42E0FF000732}]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆ\OpenWithList]
    @Class="Shell"
    "a"="vlc.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-2348374830-1884495636-3650376586-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆ]
    "0"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,41,6b,79,2f,44,65,
    73,6b,74,6f,70,2f,41,6b,79,2f,4d,75,73,69,63,2f,4d,75,73,69,63,2f,45,6e,67,\
    "MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
    "1"=hex:66,69,6c,65,3a,2f,2f,2f,43,3a,2f,55,73,65,72,73,2f,41,6b,79,2f,44,65,
    73,6b,74,6f,70,2f,41,6b,79,2f,4d,75,73,69,63,2f,4d,75,73,69,63,2f,45,6e,67,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3860)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2013\avgrsx.exe
    c:\program files\AVG\AVG2013\avgcsrvx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2013\avgidsagent.exe
    c:\program files\AVG\AVG2013\avgwdsvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\AVG\AVG2013\avgnsx.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-24 21:13:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-24 21:13
    ComboFix2.txt 2012-11-24 00:43
    .
    Pre-Run: 62,116,593,664 bytes free
    Post-Run: 61,774,098,432 bytes free
    .
    - - End Of File - - 643886E52B04343EDA1447B62D057FF0
     
  20. FloydPalmer

    FloydPalmer Registered Members

    Joined:
    Nov 16, 2012
    Messages:
    143
    Location:
    UK
    Operating System:
    Windows 7
    Hey man, posted the log and the combo report as required.

    I don't know if I've messed up this step however. I decided to do this last night, so I did as the process said. And the log report came up, then the AV pop up blocker appeared asking if I wanted to accept or reject, so I naively thought, the log's done - it'll be OK. Did that and the log report closed. So I did again today, left the laptop on its own, came back and there was no log. That error message above appeared. So I rebooted, did it again and the log appeared. I don't know whether this report I've done might be different to the one I did last night.

    Also AVG's picked up the etavaresCF file later when I put the anti virus back on, but I'm assuming that's nothing much to worry about?
     

Share This Page