We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
google searches redirecting me
spaceboy
Posts: 1,933 Forumite
I have noticed recently when I do a google search and click on a link it redirects me to some completely pointless website rather than the one I wanted.
For example I put "paypal uk" into google just now and clicked the first link and it redirected me to:
http://itcg.20932.expand-search-goals.com/jump1/?affiliate=itcg&subid=20932&terms=paypal%20uk&sid=Z304043845%40EzX1MTN0MzNfhjN18lNh9FM181N5YTNwADMwMTM&a=vgpt&mr=1&rc=0
NetShoppers.com
Is this some dodgy new advertising trick from google?
For example I put "paypal uk" into google just now and clicked the first link and it redirected me to:
http://itcg.20932.expand-search-goals.com/jump1/?affiliate=itcg&subid=20932&terms=paypal%20uk&sid=Z304043845%40EzX1MTN0MzNfhjN18lNh9FM181N5YTNwADMwMTM&a=vgpt&mr=1&rc=0
NetShoppers.com
Is this some dodgy new advertising trick from google?
0
Comments
-
no
download malwarebytes
http://www.filehippo.com/download_malwarebytes_anti_malware/
install and update it , then do a Full Scan
delete all it finds and post the log file in your next replyEx forum ambassador
Long term forum member0 -
I'm not sure it found anything significant:Malwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org
Database version: 6040
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8080.16413
13/03/2011 09:29:26
mbam-log-2011-03-13 (09-27-46).txt
Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 337854
Time elapsed: 30 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\Setup\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\downloads\dreamweaver 8\keygen.exe (RiskWare.Tool.CK) -> No action taken.
d:\downloads\microsoft office 2010 x64 (14.0.4763.1000)\activation\office 2010 activation and conversion kit 1.6.exe (Trojan.Agent.CK) -> No action taken.0 -
ok this computer seems to be worse infected:Malwarebytes' Anti-Malware 1.50.1.1100
https://www.malwarebytes.org
Database version: 6041
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8080.16413
13/03/2011 09:50:17
mbam-log-2011-03-13 (09-50-17).txt
Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 243772
Time elapsed: 39 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 59
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446AF26-B8D7-199B-4CFC-6FD764CA5C9F} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Value: UID -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
Files Infected:
d:\Films\removewat.2.2.5.hazar.carter67\removewat.exe (HackTool.Wpakill) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempwn1644.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxa1560.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxa1712.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxb1724.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxc1656.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxd1776.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxe1556.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxe1592.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxf1596.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxf1668.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxg1608.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxg1664.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxh1612.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxh1688.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxh2072.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxi1596.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxi1640.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxi1680.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxj1584.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxj1680.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxj1712.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxj1824.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxj2216.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxk1656.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxl1656.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxl1996.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxm1696.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxm1776.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxm1852.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxn1632.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxo1552.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxo1612.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxp1632.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxq1648.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxr1588.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxr1660.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxr1888.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxs1400.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxs1600.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxs1708.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxs1740.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxt1624.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxt1672.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxt1748.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxu1680.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxv1644.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxv1716.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxw1552.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxw1704.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxx1644.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxx1648.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxy2176.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxz1596.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxz1636.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxz1648.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\***\local settings\tempxz1704.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.0 -
are we talking about 2 pc's here I'm not clear ??
the first one did you have any action taken ??
ok , you need to follow that one with this
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
takes about 20 minutes, again it will produce a log file
if its 2 PC's can you post as PC1 log and PC2 log in seperate postsEx forum ambassador
Long term forum member0 -
PC1 is the first post, PC2 is the second post.
With PC1 I posted the log before I removed the 3 items. I have now removed them
With PC2 I posted the log from after they were removed. It has now been restarted. It looks like this one had some dodgy infections - the 2 Stolen.data entries are worrying.0 -
ok might be easier to look at PC2 first , then when thats clean go on to PC1 (the lesser infected) so the 2 do not get confused
so do a combofix scan on PC2 now and post the log fileEx forum ambassador
Long term forum member0 -
PC2's log file:ComboFix 11-03-12.01 - Jola 13/03/2011 10:32:39.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1790.1002 [GMT 0:00]
Running from: c:\users\Jola\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 10:40 . 2011-03-13 10:40
d
w- c:\users\Default\AppData\Local\temp
2011-03-13 10:00 . 2011-03-13 10:00 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00DC9A31-38AC-46C5-ABCC-B1A7CF1DC0C2}\MpKsl46e4a19b.sys
2011-03-13 10:00 . 2011-02-10 22:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00DC9A31-38AC-46C5-ABCC-B1A7CF1DC0C2}\mpengine.dll
2011-03-13 09:09 . 2011-03-13 09:09
d
w- c:\users\Jola\AppData\Roaming\Malwarebytes
2011-03-13 09:09 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-13 09:09 . 2011-03-13 09:09
d
w- c:\programdata\Malwarebytes
2011-03-13 09:09 . 2011-03-13 09:09
d
w- c:\program files\Malwarebytes' Anti-Malware
2011-03-13 09:09 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-10 22:41 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-09 07:42 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 07:42 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 07:42 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 07:42 . 2010-12-23 05:54 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 07:42 . 2010-12-23 05:54 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 07:42 . 2010-12-23 05:54 850944 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 07:42 . 2010-12-23 05:50 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-07 07:12 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-07 07:12 . 2011-01-07 07:46 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-07 07:11 . 2011-02-10 22:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-07 07:10 . 2011-03-07 07:10 439632
w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF0FC114-8B2C-4525-AC41-B012862517F3}\gapaengine.dll
2011-03-07 07:06 . 2011-03-07 07:07
d
w- c:\program files\Microsoft Security Client
2011-03-06 23:54 . 2011-03-06 23:54
d
w- c:\windows\system32\SPReview
2011-03-06 23:53 . 2011-03-06 23:53
d
w- c:\windows\system32\EventProviders
2011-03-06 22:44 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-06 22:42 . 2010-11-20 12:30 245632 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-03-06 22:41 . 2010-11-20 12:21 151040 ----a-w- c:\windows\system32\vdsutil.dll
2011-03-06 22:40 . 2010-11-20 12:20 8192 ----a-w- c:\windows\system32\spwmp.dll
2011-03-06 22:39 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-03-06 22:39 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-06 22:38 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-03-06 22:38 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-02-27 21:41 . 2011-02-27 21:41
d
w- c:\programdata\TomTom
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 00:03 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-03 05:54 . 2011-02-09 19:08 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-07 07:45 . 2011-02-09 19:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:43 . 2011-02-09 19:09 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-01-05 03:51 . 2011-02-09 19:11 2330624 ----a-w- c:\windows\system32\win32k.sys
2010-12-17 07:07 . 2011-02-09 19:09 542208 ----a-w- c:\windows\system32\kerberos.dll
2010-12-14 23:14 . 2010-12-14 23:14 504672 ----a-w- c:\windows\system32\ipcoin801.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-11-29 15:26 3908192 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3Trayp"="S3trayp.exe -chkautorun" [X]
"S3Funkey"="S3Funkey.exe" [2008-03-05 102400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OfficeSAS.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk
backup=c:\windows\pss\OfficeSAS.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 13:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-12-20 14:44 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R1 MpKslc8a7f336;MpKslc8a7f336;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2306D5D9-5875-455E-B72F-2E52D067CED0}\MpKslc8a7f336.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 135664]
R2 MMCSS;Multimedia Class Scheduler;c:\windows\system32\svchost.exe [2009-07-14 20992]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [2010-11-20 3179520]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [2010-11-20 164864]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [2010-11-20 10240]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [2010-11-20 80256]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [2010-11-20 50176]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbdx.sys [2009-07-13 430080]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [2009-07-13 13568]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [2009-07-13 5248]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [2009-07-14 272128]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [2009-07-13 62336]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [2009-07-13 12160]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [2009-07-13 37888]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbdx.sys [2009-07-13 3100160]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2009-07-13 28160]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [2009-07-14 46160]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [2009-07-13 26624]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [2009-07-14 67152]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [2010-11-20 332160]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [2010-11-20 65536]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [2010-11-20 233344]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [2009-07-14 30800]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2010-11-20 130432]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2010-11-20 28032]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2010-11-20 116096]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [2009-07-13 4096]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [2009-07-13 12288]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [2009-07-13 27136]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2010-11-20 143744]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064]
R3 rdpbus;Remote Desktop Device Redirector Bus Driver;c:\windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [2010-11-20 26624]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2009-07-13 12288]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [2009-07-13 71168]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 204800]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2010-11-20 31232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [2009-07-14 35840]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2009-07-14 57424]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2009-07-13 86016]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [2009-07-14 22528]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [2010-11-20 160128]
R3 ViaC7;VIA C7 Processor Driver;c:\windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [2009-07-13 21632]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1343400]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [2010-11-20 1203200]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [2009-07-14 19024]
R3 WdiSystemHost;Diagnostic System Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 19008]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 20992]0 -
PC2 part 2:R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [2010-11-20 22400]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-07-14 249408]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [2009-07-14 369568]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2009-07-14 58448]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [2010-11-20 194800]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14208]
S0 KSecPkg;KSecPkg;c:\windows\System32\Drivers\ksecpkg.sys [2009-07-14 133200]
S0 msisadrv;msisadrv;c:\windows\system32\drivers\msisadrv.sys [2009-07-14 13888]
S0 pcw;Performance Counters for Windows Driver;c:\windows\System32\drivers\pcw.sys [2009-07-14 43088]
S0 rdyboost;ReadyBoost;c:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
S0 spldr;Security Processor Loader Driver; [x]
S0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;c:\windows\system32\drivers\vdrvroot.sys [2009-07-14 32832]
S0 volmgr;Volume Manager Driver;c:\windows\system32\drivers\volmgr.sys [2010-11-20 53120]
S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-07-14 297040]
S1 blbdrive;blbdrive;c:\windows\system32\DRIVERS\blbdrive.sys [2009-07-13 35328]
S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2010-11-20 78336]
S1 discache;System Attribute Cache;c:\windows\system32\drivers\discache.sys [2009-07-13 32256]
S1 MpKsl46e4a19b;MpKsl46e4a19b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00DC9A31-38AC-46C5-ABCC-B1A7CF1DC0C2}\MpKsl46e4a19b.sys [2011-03-13 28752]
S1 nsiproxy;NSI proxy service driver.;c:\windows\system32\drivers\nsiproxy.sys [2009-07-13 16896]
S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2009-07-14 6656]
S1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;c:\windows\system32\drivers\rdprefmp.sys [2009-07-14 7168]
S1 tdx;NetIO Legacy TDI Support Driver;c:\windows\system32\DRIVERS\tdx.sys [2010-11-20 74752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2010-11-20 63488]
S1 WfpLwf;WFP Lightweight Filter;c:\windows\system32\DRIVERS\wfplwf.sys [2009-07-13 9728]
S2 AudioEndpointBuilder;Windows Audio Endpoint Builder;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 BFE;Base Filtering Engine;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 DPS;Diagnostic Policy Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 FDResPub;Function Discovery Resource Publication;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 gpsvc;Group Policy Client;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IPBusEnum;PnP-X IP Bus Enumerator;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 iphlpsvc;IP Helper;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2009-07-13 48128]
S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2009-07-13 86528]
S2 MpsSvc;Windows Firewall;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NlaSvc;Network Location Awareness;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 nsi;Network Store Interface Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2009-07-14 586752]
S2 Power;Power;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ProfSvc;User Profile Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 RpcEptMapper;RPC Endpoint Mapper;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2010-11-20 35328]
S2 UxSms;Desktop Window Manager Session Manager;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 bowser;Browser Support Driver;c:\windows\system32\DRIVERS\bowser.sys [2009-07-13 69632]
S3 CompositeBus;Composite Bus Enumerator Driver;c:\windows\system32\drivers\CompositeBus.sys [2010-11-20 31232]
S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2010-11-20 728448]
S3 fdPHost;Function Discovery Provider Host;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 HomeGroupListener;HomeGroup Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 HomeGroupProvider;HomeGroup Provider;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 KeyIso;CNG Key Isolation;c:\windows\system32\lsass.exe [2009-07-14 22528]
S3 monitor;Microsoft Monitor Class Function Driver Service;c:\windows\system32\DRIVERS\monitor.sys [2009-07-13 23552]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 mpsdrv;Windows Firewall Authorization Driver;c:\windows\system32\drivers\mpsdrv.sys [2009-07-13 60416]
S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-11-20 223232]
S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-11-20 96768]
S3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [2009-07-13 267264]
S3 netprofm;Network List Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 PcaSvc;Program Compatibility Assistant Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S3 RasAgileVpn;WAN Miniport (IKEv2);c:\windows\system32\DRIVERS\AgileVpn.sys [2009-07-13 49152]
S3 srv2;Server SMB 2.xxx Driver;c:\windows\system32\DRIVERS\srv2.sys [2010-11-20 309248]
S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2010-11-20 114176]
S3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 tunnel;Microsoft Tunnel Miniport Adapter Driver;c:\windows\system32\DRIVERS\tunnel.sys [2010-11-20 108544]
S3 umbus;UMBus Enumerator Driver;c:\windows\system32\drivers\umbus.sys [2010-11-20 39936]
S3 vwifibus;Virtual WiFi Bus Driver;c:\windows\system32\DRIVERS\vwifibus.sys [2009-07-13 19968]
S3 WdiServiceHost;Diagnostic Service Host;c:\windows\System32\svchost.exe [2009-07-14 20992]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL46E4A19B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
RPCSS REG_MULTI_SZ RpcEptMapper RpcSs
defragsvc REG_MULTI_SZ defragsvc
WerSvcGroup REG_MULTI_SZ wersvc
LocalServiceNoNetwork REG_MULTI_SZ DPS PLA BFE mpssvc WwanSvc
swprv REG_MULTI_SZ swprv
LocalServicePeerNet REG_MULTI_SZ PNRPSvc p2pimsvc p2psvc PnrpAutoReg
NetworkServiceAndNoImpersonation REG_MULTI_SZ KtmRm
regsvc REG_MULTI_SZ RemoteRegistry
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
DcomLaunch REG_MULTI_SZ Power PlugPlay DcomLaunch
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent
sdrsvc REG_MULTI_SZ sdrsvc
WbioSvcGroup REG_MULTI_SZ WbioSrvc
wcssvc REG_MULTI_SZ WcsPlugInService
AxInstSVGroup REG_MULTI_SZ AxInstSV
secsvcs REG_MULTI_SZ WinDefend
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Nla
NWCWorkstation
SRService
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalSystemNetworkRestricted
homegrouplistener
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
WdiServiceHost
sppuinotify
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
lanmanworkstation
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted
BthHFSrv
homegroupprovider
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:06]
.
2011-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-13 20:06]
.
.
Supplementary Scan
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Jola\AppData\Roaming\Mozilla\Firefox\Profiles\36j9oaqy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-volmgr.sys
SafeBoot-volmgrx.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-sacsvr
SafeBoot-vmms
MSConfigStartUp-MyPoi Monitor - c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:40
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:41
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:41
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-13 10:41
Windows 6.1.7601 Service Pack 1 NTFS
.
detected NTDLL code modification:
ZwEnumerateKey 0 != 116, ZwQueryKey 0 != 244, ZwOpenKey 0 != 182, ZwClose 0 != 50, ZwEnumerateValueKey 0 != 119, ZwQueryValueKey 0 != 266, ZwOpenFile 0 != 179, ZwQueryDirectoryFile 0 != 223, ZwQuerySystemInformation 0 != 261Initialization error
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-13 10:45:02
ComboFix-quarantined-files.txt 2011-03-13 10:44
.
Pre-Run: 21,186,887,680 bytes free
Post-Run: 21,939,867,648 bytes free
.
- - End Of File - - 7C631BC455E7740E1AF3DCF588D3C7280 -
lookingat that log it looks like PC2 is in deep doo-doos.
download Dr Web, run, it will start a quick scan, Stop this, and start it off on a full scan. If it detects anything, click Yes To All option and settle back until around 21:00 hrs tonight (it takes many hours for a full dr web)......save to desktop before running.
http://www.freedrweb.com/cureit/?lng=en
then look at PC1
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
PC1 log file (part 1):ComboFix 11-03-12.01 - bert5 13/03/2011 10:33:01.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4085.2637 [GMT 0:00]
Running from: d:\downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bert5\AppData\Local\{E715A33D-96B0-4B55-9DE7-F63F88D62978}
c:\users\bert5\AppData\Local\{E715A33D-96B0-4B55-9DE7-F63F88D62978}\chrome.manifest
c:\users\bert5\AppData\Local\{E715A33D-96B0-4B55-9DE7-F63F88D62978}\chrome\content\_cfg.js
c:\users\bert5\AppData\Local\{E715A33D-96B0-4B55-9DE7-F63F88D62978}\chrome\content\overlay.xul
c:\users\bert5\AppData\Local\{E715A33D-96B0-4B55-9DE7-F63F88D62978}\install.rdf
c:\users\bert5\hdcd.exe
c:\windows\SysWow64\Viveza2FC32.dll
\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-13 to 2011-03-13 )))))))))))))))))))))))))))))))
.
.
2011-03-13 10:36 . 2011-03-13 10:36
d
w- c:\users\Default\AppData\Local\temp
2011-03-13 10:13 . 2011-02-11 07:30 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7389F824-DFEC-438E-9383-1823AABBD182}\mpengine.dll
2011-03-05 08:22 . 2011-03-05 08:22
d
w- c:\windows\system32\SPReview
2011-03-05 08:21 . 2011-03-05 08:21
d
w- c:\windows\system32\EventProviders
2011-03-05 08:19 . 2010-11-20 13:25 3957760 ----a-w- c:\windows\system32\WinSAT.exe
2011-03-05 08:18 . 2010-11-20 13:27 414720 ----a-w- c:\windows\system32\wlanmsm.dll
2011-03-05 08:17 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-05 08:17 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-05 08:17 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-05 08:16 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-05 08:16 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-05 08:16 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-05 08:16 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-03-05 08:05 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-05 08:05 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-02-26 20:23 . 2011-02-26 20:23
d
w- c:\users\bert5\AppData\Roaming\dvdcss
2011-02-23 06:46 . 2011-01-07 12:17 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-02-23 06:46 . 2011-01-07 07:46 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-02-23 06:46 . 2011-01-07 12:17 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-23 06:46 . 2011-01-07 07:46 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-05 08:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-05 08:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-11 07:30 . 2010-01-25 18:08 7947600 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-07 12:14 . 2011-02-09 06:30 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 09:20 . 2011-02-09 06:30 366592 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 07:45 . 2011-02-09 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:43 . 2011-02-09 06:30 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 06:56 . 2011-02-09 06:31 3129344 ----a-w- c:\windows\system32\win32k.sys
2010-12-20 18:09 . 2010-09-20 20:15 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-09-20 20:15 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 16:54 . 2010-12-18 16:55 601424
w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABF12367-1FB0-4C2F-B29D-D5625449878B}\gapaengine.dll
2010-12-17 11:42 . 2011-02-09 06:30 214016 ----a-w- c:\windows\system32\winsrv.dll
2010-12-17 11:40 . 2011-02-09 06:31 715776 ----a-w- c:\windows\system32\kerberos.dll
2010-12-17 07:07 . 2011-02-09 06:31 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SharingPrivate]
@="{08244EE6-92F0-47f2-9FC9-929BAA2E7235}"
[HKEY_CLASSES_ROOT\CLSID\{08244EE6-92F0-47f2-9FC9-929BAA2E7235}]
2010-11-20 12:20 442880 ----a-w- c:\windows\System32\ntshrui.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-28 136176]
R2 sppsvc;Software Protection;c:\windows\system32\sppsvc.exe [x]
R3 1394ohci;1394 OHCI Compliant Host Controller;c:\windows\system32\drivers\1394ohci.sys [x]
R3 AcpiPmi;ACPI Power Meter Driver;c:\windows\system32\drivers\acpipmi.sys [x]
R3 adp94xx;adp94xx;c:\windows\system32\DRIVERS\adp94xx.sys [x]
R3 adpahci;adpahci;c:\windows\system32\DRIVERS\adpahci.sys [x]
R3 amdsata;amdsata;c:\windows\system32\drivers\amdsata.sys [x]
R3 amdsbs;amdsbs;c:\windows\system32\DRIVERS\amdsbs.sys [x]
R3 AppID;AppID Driver;c:\windows\system32\drivers\appid.sys [x]
R3 AppIDSvc;Application Identity;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Appinfo;Application Information;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 arcsas;arcsas;c:\windows\system32\DRIVERS\arcsas.sys [x]
R3 b06bdrv;Broadcom NetXtreme II VBD;c:\windows\system32\DRIVERS\bxvbda.sys [x]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
R3 BDESVC;BitLocker Drive Encryption Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\DRIVERS\BrFiltLo.sys [x]
R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\DRIVERS\BrFiltUp.sys [x]
R3 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\System32\Drivers\Brserid.sys [x]
R3 BrSerWdm;Brother WDM Serial driver;c:\windows\System32\Drivers\BrSerWdm.sys [x]
R3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\System32\Drivers\BrUsbMdm.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 CertPropSvc;Certificate Propagation;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 circlass;Consumer IR Devices;c:\windows\system32\DRIVERS\circlass.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 defragsvc;Disk Defragmenter;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;c:\windows\system32\DRIVERS\evbda.sys [x]
R3 elxstor;elxstor;c:\windows\system32\DRIVERS\elxstor.sys [x]
R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [x]
R3 FsDepends;File System Dependency Minifilter;c:\windows\system32\drivers\FsDepends.sys [x]
R3 hcw85cir;Hauppauge Consumer Infrared Receiver;c:\windows\system32\drivers\hcw85cir.sys [x]
R3 HpSAMD;HpSAMD;c:\windows\system32\drivers\HpSAMD.sys [x]
R3 iaStorV;Intel RAID Controller Windows 7;c:\windows\system32\drivers\iaStorV.sys [x]
R3 IKEEXT;IKE and AuthIP IPsec Keying Modules;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\IPMIDrv.sys [x]
R3 iScsiPrt;iScsiPort Driver;c:\windows\system32\drivers\msiscsi.sys [x]
R3 KtmRm;KtmRm for Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 lltdsvc;Link-Layer Topology Discovery Mapper;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 LSI_FC;LSI_FC;c:\windows\system32\DRIVERS\lsi_fc.sys [x]
R3 LSI_SAS;LSI_SAS;c:\windows\system32\DRIVERS\lsi_sas.sys [x]
R3 LSI_SAS2;LSI_SAS2;c:\windows\system32\DRIVERS\lsi_sas2.sys [x]
R3 LSI_SCSI;LSI_SCSI;c:\windows\system32\DRIVERS\lsi_scsi.sys [x]
R3 megasas;megasas;c:\windows\system32\DRIVERS\megasas.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [x]
R3 msahci;msahci;c:\windows\system32\drivers\msahci.sys [x]
R3 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [x]
R3 mshidkmdf;Pass-through HID to KMDF Filter Driver;c:\windows\System32\drivers\mshidkmdf.sys [x]
R3 MSiSCSI;Microsoft iSCSI Initiator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 MsRPC;MsRPC; [x]
R3 MTConfig;Microsoft Input Configuration Driver;c:\windows\system32\DRIVERS\MTConfig.sys [x]
R3 NativeWifiP;NativeWiFi Filter;c:\windows\system32\DRIVERS\nwifi.sys [x]
R3 NdisCap;NDIS Capture LightWeight Filter;c:\windows\system32\DRIVERS\ndiscap.sys [x]
R3 nfrd960;nfrd960;c:\windows\system32\DRIVERS\nfrd960.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PeerDistSvc;BranchCache;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PerfHost;Performance Counter DLL Host;c:\windows\SysWow64\perfhost.exe [2009-07-14 20992]
R3 pla;Performance Logs & Alerts;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PNRPAutoReg;PNRP Machine Name Publication Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 ql2300;ql2300;c:\windows\system32\DRIVERS\ql2300.sys [x]
R3 ql40xx;ql40xx;c:\windows\system32\DRIVERS\ql40xx.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s3cap;s3cap;c:\windows\system32\drivers\vms3cap.sys [x]
R3 scfilter;Smart card PnP Class Filter Driver;c:\windows\system32\DRIVERS\scfilter.sys [x]
R3 SCPolicySvc;Smart Card Removal Policy;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SDRSVC;Windows Backup;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SensrSvc;Adaptive Brightness;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 SessionEnv;Remote Desktop Configuration;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [x]
R3 SiSRaid4;SiSRaid4;c:\windows\system32\DRIVERS\sisraid4.sys [x]
R3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);c:\windows\system32\DRIVERS\smb.sys [x]
R3 sppuinotify;SPP Notification Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 stexstor;stexstor;c:\windows\system32\DRIVERS\stexstor.sys [x]
R3 storvsc;storvsc;c:\windows\system32\drivers\storvsc.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TabletInputService;Tablet PC Input Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 TBS;TPM Base Services;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 THREADORDER;Thread Ordering Server;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 TrustedInstaller;Windows Modules Installer;c:\windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
R3 tssecsrv;Remote Desktop Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UI0Detect;Interactive Services Detection;c:\windows\system32\UI0Detect.exe [x]
R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [x]
R3 UmRdpService;Remote Desktop Services UserMode Port Redirector;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [x]
R3 VaultSvc;Credential Manager;c:\windows\system32\lsass.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 vhdmp;vhdmp;c:\windows\system32\drivers\vhdmp.sys [x]
R3 VMBusHID;VMBusHID;c:\windows\system32\drivers\VMBusHID.sys [x]
R3 vsmraid;vsmraid;c:\windows\system32\DRIVERS\vsmraid.sys [x]
R3 vwifibus;Virtual WiFi Bus Driver;c:\windows\System32\drivers\vwifibus.sys [x]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\DRIVERS\wacompen.sys [x]
R3 wbengine;Block Level Backup Engine Service;c:\windows\system32\wbengine.exe [x]
R3 WbioSrvc;Windows Biometric Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wcncsvc;Windows Connect Now - Config Registrar;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WcsPlugInService;Windows Color System;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 Wd;Wd;c:\windows\system32\DRIVERS\wd.sys [x]
R3 Wecsvc;Windows Event Collector;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 wercplsupport;Problem Reports and Solutions Control Panel Support;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WerSvc;Windows Error Reporting Service;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WIMMount;WIMMount;c:\windows\system32\drivers\wimmount.sys [2009-07-14 22096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 WinRM;Windows Remote Management (WS-Management);c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 Wlansvc;WLAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPCSvc;Parental Controls;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WPDBusEnum;Portable Device Enumerator Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R3 WwanSvc;WWAN AutoConfig;c:\windows\system32\svchost.exe [2009-07-14 27136]
R4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
R4 Mcx2Svc;Media Center Extender Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S0 amdxata;amdxata;c:\windows\system32\drivers\amdxata.sys [x]
S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [x]
S0 CNG;CNG;c:\windows\System32\Drivers\cng.sys [x]
S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [x]
S0 fvevol;Bitlocker Drive Encryption Filter Driver;c:\windows\System32\DRIVERS\fvevol.sys [x]
S0 hwpolicy;Hardware Policy Driver;c:\windows\System32\drivers\hwpolicy.sys [x]0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.9K Banking & Borrowing
- 253.9K Reduce Debt & Boost Income
- 454.7K Spending & Discounts
- 246K Work, Benefits & Business
- 602K Mortgages, Homes & Bills
- 177.8K Life & Family
- 259.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards