I'll post this in two parts
ComboFix 13-11-27.01 - myComputer 12/01/2013 10:42:07.2.2 - x64
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.4094.2414 [GMT -7:00]
Running from: c:\users\myComputer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTY4OSHC\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ydi.log
.
.
((((((((((((((((((((((((( Files Created from 2013-11-01 to 2013-12-01 )))))))))))))))))))))))))))))))
.
.
2013-12-01 18:33 . 2013-12-01 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-01 10:56 . 2013-12-01 10:56 -------- d-----w- c:\users\myComputer\AppData\Local\ESET
2013-11-29 03:43 . 2013-11-29 03:43 -------- d-----w- c:\program files\ESET
2013-11-29 00:47 . 2013-11-29 00:47 -------- d-----w- c:\users\myComputer\AppData\Roaming\AVG2014
2013-11-29 00:46 . 2013-11-29 00:46 -------- d-----w- c:\users\myComputer\AppData\Roaming\TuneUp Software
2013-11-29 00:45 . 2013-12-01 18:35 -------- d-----w- c:\programdata\AVG2014
2013-11-29 00:45 . 2013-11-29 00:45 -------- d-----w- C:\$AVG
2013-11-29 00:45 . 2013-11-29 00:45 -------- d-----w- c:\program files (x86)\AVG
2013-11-29 00:41 . 2013-12-01 17:10 -------- d-----w- c:\programdata\MFAData
2013-11-29 00:41 . 2013-11-29 03:00 -------- d-----w- c:\users\myComputer\AppData\Local\Avg2014
2013-11-29 00:41 . 2013-11-29 00:41 -------- d-----w- c:\users\myComputer\AppData\Local\MFAData
2013-11-28 03:55 . 2013-11-18 08:28 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71ADEC8A-24EC-4322-8DCA-6FC540A33935}\mpengine.dll
2013-11-28 00:28 . 2013-11-28 00:28 -------- d-----w- c:\windows\ERUNT
2013-11-27 14:28 . 2013-11-27 14:28 -------- d-----w- c:\users\wangjihua
2013-11-27 06:27 . 2013-11-27 06:27 -------- d-----w- c:\users\myComputer\.android
2013-11-27 06:27 . 2013-11-27 14:28 -------- d-----w- c:\users\myComputer\AppData\Local\cache
2013-11-27 06:27 . 2013-11-27 14:29 -------- d-----w- c:\users\myComputer\AppData\Local\Mobogenie
2013-11-27 06:26 . 2013-11-27 14:29 -------- d-----w- c:\program files (x86)\Mobogenie
2013-11-27 05:49 . 2013-11-27 05:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-27 05:49 . 2013-11-27 05:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-26 22:09 . 2013-11-28 03:39 -------- d-----w- C:\AdwCleaner
2013-11-26 15:27 . 2013-11-27 22:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-26 15:27 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-26 15:17 . 2013-11-26 15:17 -------- d-----w- c:\programdata\AVAST Software
2013-11-26 14:30 . 2013-11-27 00:23 -------- d-----w- c:\users\myComputer\AppData\Local\LogMeIn Rescue Applet
2013-11-26 06:45 . 2013-11-26 06:45 -------- d-----w- c:\programdata\HitmanPro
2013-11-26 03:11 . 2013-11-26 03:11 -------- d-----w- c:\programdata\Pure Networks
2013-11-14 10:03 . 2013-10-13 14:36 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-14 10:03 . 2013-10-13 14:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 10:03 . 2013-10-13 09:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-14 10:03 . 2013-10-13 16:04 183024 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-11-14 10:03 . 2013-10-13 14:46 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-11-14 10:03 . 2013-10-13 14:44 305152 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-11-14 10:03 . 2013-10-13 10:49 149744 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-11-14 10:03 . 2013-10-13 09:33 768512 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll
2013-11-14 10:03 . 2013-10-13 09:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-13 14:38 . 2013-10-11 04:23 462848 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 14:38 . 2013-10-11 04:23 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 14:38 . 2013-10-11 02:07 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-13 14:38 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 14:38 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 14:38 . 2013-10-03 15:03 389632 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 14:38 . 2013-10-03 12:46 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 14:38 . 2013-09-04 02:31 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 03:16 . 2013-11-13 03:16 -------- d-----w- c:\users\myComputer\AppData\Local\MaxiGet Download Manager
2013-11-13 03:16 . 2013-11-13 03:20 -------- d-----w- c:\users\myComputer\AppData\Local\Maxiget
2013-11-06 04:55 . 2013-11-06 04:55 150808 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-11-05 04:52 . 2013-11-05 04:52 240920 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-11-05 04:19 . 2013-11-05 04:19 -------- d-----w- c:\windows\Sun
2013-11-05 04:19 . 2013-11-26 05:30 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-11-05 04:18 . 2013-10-08 14:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-05 04:16 . 2013-11-05 04:19 -------- d-----w- c:\programdata\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-14 10:01 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
2013-11-11 12:50 . 2013-01-09 02:38 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-01 06:00 . 2013-11-01 06:00 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-11-01 05:49 . 2013-11-01 05:49 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-10-25 05:25 . 2013-10-25 05:25 194872 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-10-01 07:52 . 2013-10-01 07:52 123704 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-09-17 22:17 . 2013-09-17 22:17 239320 ----a-w- c:\windows\system32\drivers\eamonm.sys
2013-09-17 22:17 . 2013-09-17 22:17 239296 ----a-w- c:\windows\system32\drivers\edevmon.sys
2013-09-17 22:17 . 2013-09-17 22:17 168256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2013-09-17 22:17 . 2013-09-17 22:17 157432 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2013-09-10 07:43 . 2013-09-10 07:43 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
"ForceActiveDesktopOn"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rjatydimofu.exe]
"debugger"=tasklist.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2013-01-31 15:11 542632 ----a-w- c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 18:18 1185112 ----a-w- c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 16:16 254336 ----a-w- c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-27 05:49]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 03:16]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-09 03:16]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929725188-2267044026-2474493764-1000Core.job
- c:\users\myComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-21 00:38]
.
2013-12-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-929725188-2267044026-2474493764-1000UA.job
- c:\users\myComputer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-21 00:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
hxxp://www.google.com/uDefault_Page_URL =
hxxp://www.google.commStart Page =
hxxp://www.google.commDefault_Page_URL =
hxxp://www.google.commDefault_Search_URL =
hxxp://www.google.commSearch Page =
hxxp://do-search.com/web/?type=ds&ts=1385533547&from=ild&uid=HitachiXHDP725016GLA380_GEM864RH27AR4E27AR4EX&q={searchTerms}mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
Toolbar-10 - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SBRegRebootCleaner - c:\program files (x86)\Ad-Aware Antivirus\SBRC.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdkmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgdiska]
"ImagePath"="system32\DRIVERS\avgdiska.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2014\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CSC]
"ImagePath"="system32\drivers\csc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CscService]
"ServiceDll"="%SystemRoot%\System32\cscsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G6032E.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eamonm]
"ImagePath"="system32\DRIVERS\eamonm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\edevmon]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehdrv]
"ImagePath"="system32\DRIVERS\ehdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ekrn]
"ImagePath"="\"c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\epfwwfpr]
"ImagePath"="system32\DRIVERS\epfwwfpr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gfiark]
"ImagePath"="system32\drivers\gfiark.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
"ImagePath"="system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMScheduler]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MBAMService]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"