Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus that cannot be removed

Started by Lisav123 , Sep 29 2010 01:21 PM

  • Please log in to reply

#1
Lisav123
Posted 29 September 2010 - 01:21 PM

Lisav123

    New Member

  • Member
  • Pip
  • 1 posts
I am helping my cousin to remove a virus from her laptop, after she inadvertantly got infected with antivirus 2010. I have tried running malwarebytes, hijackthis, and lots of other virus removers, but nothing has worked until I tried combofix. I am hoping that the information in my log will let someone here help me get rid of this virus.

ComboFix 10-09-28.03 - Administrator 29/09/2010 19:52:36.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.291 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
c:\windows\system32\drivers\eicon.txt
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\drivers\aliide.sys was found and disinfected
Restored copy from - Kitty had a snack :D
.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 18:25 . 2010-09-29 18:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-09-29 17:02 . 2010-09-29 17:07 -------- d-----w- c:\documents and settings\KELLEY\Malwarebytes' Anti-Malware
2010-09-29 08:50 . 2010-09-29 10:03 -------- d-----w- c:\windows\system32\NtmsData
2010-09-29 08:29 . 2010-09-29 08:29 -------- d-----w- c:\documents and settings\KELLEY\Application Data\Avira
2010-09-29 05:45 . 2010-09-29 14:39 24486 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3166u3165wk.bin
2010-09-29 05:12 . 2010-09-29 14:39 108825 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_243d242kv.bin
2010-09-28 22:23 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-28 22:23 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-28 22:23 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-28 22:23 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-28 22:23 . 2010-09-28 22:23 -------- d-----w- c:\program files\Avira
2010-09-28 22:23 . 2010-09-28 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-28 21:54 . 2010-09-28 21:54 -------- d-----w- c:\documents and settings\KELLEY\Local Settings\Application Data\Threat Expert
2010-09-28 20:02 . 2010-09-28 20:02 -------- d-----w- c:\program files\CCleaner
2010-09-28 17:48 . 2010-09-28 21:40 20042 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3165u3164uq.bin
2010-09-28 06:41 . 2010-09-28 19:19 42135 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3164u3162ka.bin
2010-09-28 05:02 . 2010-09-28 19:19 317 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_242d241gl.bin
2010-09-27 21:44 . 2010-09-27 21:44 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-09-27 21:42 . 2010-09-27 21:42 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-09-27 18:55 . 2010-09-27 18:55 -------- d-----w- c:\documents and settings\KELLEY\Application Data\Malwarebytes
2010-09-27 18:32 . 2010-09-27 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-27 18:32 . 2010-09-29 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-27 06:43 . 2010-09-27 18:02 72592 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3162u3160tb.bin
2010-09-27 05:04 . 2010-09-27 18:02 609 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_355d354cm.bin
2010-09-26 07:09 . 2010-09-26 17:52 43954 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3160u3158pn.bin
2010-09-26 05:29 . 2010-09-26 17:52 1131 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_354d3539a.bin
2010-09-25 06:44 . 2010-09-25 14:06 213401 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3158u3148el.bin
2010-09-24 05:00 . 2010-09-25 14:06 234571 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_353f.bin
2010-09-22 13:57 . 2010-09-25 14:06 7542 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_241d2397a.bin
2010-09-21 06:47 . 2010-09-21 16:29 530582 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3149u3129hh.bin
2010-09-21 05:00 . 2010-09-21 16:29 233605 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_348ob.bin
2010-09-21 05:00 . 2010-09-21 16:29 32271 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_239d236ob.bin
2010-09-16 06:45 . 2010-09-16 13:08 358681 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3138u3117lm.bin
2010-09-15 05:01 . 2010-09-16 13:08 1343 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_343d3396.bin
2010-09-15 05:00 . 2010-09-16 13:08 383121 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_236d2345.bin
2010-09-09 06:44 . 2010-09-09 18:51 122415 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3124u3118hj.bin
2010-09-09 05:00 . 2010-09-09 18:51 2247 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_339d337by.bin
2010-09-09 05:00 . 2010-09-09 18:51 18992 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_234d233by.bin
2010-09-07 17:33 . 2010-09-07 17:33 -------- d-----w- C:\spoolerlogs
2010-09-07 06:43 . 2010-09-07 17:25 198087 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3119u3108bz.bin
2010-09-07 05:00 . 2010-09-07 17:25 863 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_337d3333w.bin
2010-09-05 05:20 . 2010-09-07 17:25 413430 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_233d232wd.bin
2010-09-03 06:43 . 2010-09-03 17:24 250379 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3111u3100qz.bin
2010-09-03 05:00 . 2010-09-03 17:24 1591 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_333d329nr.bin
2010-09-02 05:53 . 2010-09-03 17:24 21194 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_232d230l7.bin
2010-09-01 14:02 . 2010-09-09 18:51 215632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\w9fc57bv.bin
2010-08-31 19:36 . 2010-08-31 19:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-31 06:43 . 2010-08-31 18:20 121934 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\u9iavi3104u3099hd.bin
2010-08-31 05:00 . 2010-08-31 18:20 698 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsc_329d327sm.bin
2010-08-31 05:00 . 2010-08-31 18:20 44428 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\download\x8xplsb_230d229sm.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 22:17 . 2009-11-10 17:22 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-09-28 21:34 . 2006-04-17 08:32 -------- d-----w- c:\documents and settings\KELLEY\Application Data\Lavasoft
2010-09-28 20:02 . 2006-02-06 19:01 -------- d-----w- c:\documents and settings\KELLEY\Application Data\Yahoo!
2010-08-31 19:25 . 2009-02-21 16:53 0 -c--a-w- c:\documents and settings\KELLEY\Local Settings\Application Data\prvlcl.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"="VTtrayp.exe" [2005-01-11 143360]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-11-25 180269]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 688218]
"STDSB"="c:\windows\system32\drivers\STDSB.exe" [2003-12-17 28672]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"Motive SmartBridge"="c:\progra~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe" [2005-06-22 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"Icon"="c:\windows\system32\drivers\Icon.exe" [2005-08-23 221184]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-21 2065760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2007-4-22 29696]
Broadband Desktop Help.lnk - c:\program files\BT Broadband 2091\Help\bin\matcli.exe [2006-2-6 217088]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-21 19:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/12/2008 18:29 52872]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/12/2008 18:29 243024]
R2 MTC0007_STDSB;Scroll Bar Driver;c:\windows\system32\drivers\STDSB.sys [25/11/2005 19:57 11279]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [10/08/2004 17:38 12800]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/12/2008 18:29 216400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/09/2010 23:23 135336]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [04/03/2010 21:42 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [04/03/2010 21:44 308136]
S2 STDSB;STDSB;c:\windows\system32\drivers\STDSB.sys [25/11/2005 19:57 11279]
.
Contents of the 'Scheduled Tasks' folder

2008-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2006-01-24 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf]
"ImagePath"="system32\DRIVERS\cbidf2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cd20xrnt]
"ImagePath"="system32\DRIVERS\cd20xrnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CLCapSvc]
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CLSched]
"ImagePath"="\"c:\apps\Powercinema\Kernel\TV\CLSched.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmdIde]
"ImagePath"="system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cpqarray]
"ImagePath"="system32\DRIVERS\cpqarray.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CyberLink Media Library Service]
"ImagePath"="\"c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac2w2k]
"ImagePath"="system32\DRIVERS\dac2w2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac960nt]
"ImagePath"="system32\DRIVERS\dac960nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dpti2o]
"ImagePath"="system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FETND5BV]
"ImagePath"="system32\DRIVERS\fetnd5bv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GenericHidService]
"ImagePath"="c:\apps\HIDSERVICE\HIDSERVICE.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MDM]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MTC0007_STDSB]
"ImagePath"="system32\drivers\STDSB.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mtlmnt5]
"ImagePath"="system32\DRIVERS\SLDRV\Mtlmnt5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mtlstrm]
"ImagePath"="system32\DRIVERS\SLDRV\Mtlstrm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Outlook]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RecAgent]
"ImagePath"="system32\DRIVERS\SLDRV\RecAgent.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RT2500]
"ImagePath"="system32\DRIVERS\RT2500.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sfloppy]
"ImagePath"="system32\DRIVERS\sfloppy.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Slntamr]
"ImagePath"="system32\DRIVERS\SLDRV\slntamr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SlNtHal]
"ImagePath"="system32\DRIVERS\SLDRV\Slnthal.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SLService]
"ImagePath"="slmdmsr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SlWdmSup]
"ImagePath"="system32\DRIVERS\SLDRV\SlWdmSup.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SONYPVU1]
"ImagePath"="system32\DRIVERS\SONYPVU1.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\StarOpen]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\STDSB]
"ImagePath"="System32\DRIVERS\STDSB.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{1BA226F2-D25B-4D4F-B468-294D612DFFF1}"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TlntSvr]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\uagp35]
"ImagePath"="system32\DRIVERS\uagp35.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\USB]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\USB_RNDIS]
"ImagePath"="system32\DRIVERS\usb8023.sys"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\viagfx]
"ImagePath"="system32\DRIVERS\vtmini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VXD]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{0E3E0888-590A-45EC-8F6B-F801794D15A0}]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{9FFB6CA4-4DE1-48E2-A8F7-F4BC6D98FF91}]

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{D1D7C17C-8878-4E37-9F03-A55E87B579AE}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1871267069-3282157990-2124387187-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,8b,d9,d3,95,e1,e9,40,b3,1c,80,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f8,8b,d9,d3,95,e1,e9,40,b3,1c,80,\
.
Completion time: 2010-09-29 20:06:04
ComboFix-quarantined-files.txt 2010-09-29 19:06

Pre-Run: 12,384,579,584 bytes free
Post-Run: 12,390,662,144 bytes free

- - End Of File - - 56A412AA26BC3797EC22052D407959C5


Any advice will be gratefully received - Can anybody help me?!!

Thanks, Lisa
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP