Jump to content

MBAM and HJT won't run


Recommended Posts

Wife went looking for flash videos to watch some Smallville. Hit a nasty site, ended up with Antivirus Pro. I downloaded Malware Bytes to start the cleanup process and as soon as it starts running, it crashes. Following some basic steps after browsing steps here and in the MB forum, I ended up running ComboFix which got me from "completely screwed" to "just mostly screwed." Still can't run MB or HJT through to completion. Neither the ESET or TrendMicro online AV scans will work.

I should mention that HJT and MB are completely unusable after running them once. Errors popup when trying to run their executables. I've tried renaming the EXEs and it doesn't work. Tried Spybot and it crashes too.

Below is the ComboFix log. Help me, please.

ComboFix 09-08-01.02 - Drew 08/01/2009 17:37.1.2 - NTFSx86

Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.2047.1348 [GMT -7:00]

Running from: E:\Combo-Fix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-3257366770-3506612297-3206767975-1000

C:\phdtsk.exe

c:\program files\FunWebProducts

c:\program files\Internet Explorer\msimg32.dll

c:\program files\MyWebSearch

c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG

c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL

c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL

c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL

c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR

c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL

c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE

c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL

c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV

c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT

c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL

c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE

c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL

c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE

c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR

c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST

c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL

c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE

c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE

c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL

c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

c:\windows\Install.txt

c:\windows\system32\certstore.dat

c:\windows\system32\critical_warning.html

c:\windows\system32\drivers\ESQULspqfcpmbhxrsowtrrnptvumyksrieenx.sys

c:\windows\system32\ESQULqclqsjwpxdtkipaditqveofrvwvmgcgu.dll

c:\windows\system32\ESQULxrbkexfqqewrkiukwosiamdmierkaqwv.dll

c:\windows\system32\ESQULzcounter

c:\windows\system32\f3PSSavr.scr

c:\windows\system32\FInstall.sys

c:\windows\system32\ghaf8jkdfd.dll

c:\windows\system32\Iasex.dll

c:\windows\system32\Install.txt

c:\windows\system32\netcard.sys

c:\windows\system32\sopidkc.exe

c:\windows\system32\wiawow32.sys

c:\windows\system32\wiwow64.exe

c:\windows\TEMP\mpj24457.dll

c:\windows\TEMP\mta111342.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NETCARD

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_Ias

-------\Service_MyWebSearchService

-------\Service_netcard

-------\Service_sopidkc

-------\Service_ESQULserv.sys

((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))

.

2009-08-02 00:43 . 2009-08-02 00:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2009-08-02 00:43 . 2009-08-02 00:43 -------- d-----w- c:\users\Kati\AppData\Local\temp

2009-08-02 00:40 . 2009-08-02 00:40 44544 ----a-w- c:\windows\system32\_EvdoServer.dll_.vir

2009-08-02 00:08 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-02 00:08 . 2009-08-02 00:08 -------- d-----w- c:\progra~2\Malwarebytes

2009-08-02 00:08 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-02 00:08 . 2009-08-02 00:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-01 20:26 . 2009-08-01 20:26 36 ----a-w- c:\windows\system32\sysnet.dat

2009-08-01 08:12 . 2009-03-19 23:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2009-08-01 08:12 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2009-08-01 08:11 . 2009-08-01 08:11 -------- d-----w- c:\program files\iPod

2009-08-01 08:11 . 2009-08-01 08:11 -------- d-----w- c:\program files\iTunes

2009-08-01 08:11 . 2009-08-01 08:11 -------- d-----w- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-08-01 08:10 . 2009-08-01 08:10 -------- d-----w- c:\program files\QuickTime

2009-07-14 21:30 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll

2009-07-14 21:30 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll

2009-07-14 21:30 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll

2009-07-14 21:30 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-02 00:17 . 2007-09-07 01:48 81080 ----a-w- c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT

2009-08-01 08:22 . 2008-08-01 00:55 -------- d-----w- c:\program files\Safari

2009-08-01 08:11 . 2007-09-07 04:32 -------- d-----w- c:\program files\Common Files\Apple

2009-08-01 07:27 . 2009-05-11 17:44 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-18 16:06 . 2009-07-29 09:03 827904 ----a-w- c:\windows\system32\wininet.dll

2009-07-18 16:01 . 2009-07-29 09:03 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-07-18 09:46 . 2009-07-29 09:03 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-06-29 03:34 . 2009-06-29 03:34 -------- d-----w- c:\progra~2\FunGames

2009-07-04 16:58 . 2008-08-22 00:18 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

.

------- Sigcheck -------

[-] 2008-01-19 07:35 60416 !HASH: COULD NOT OPEN FILE !!!!! c:\windows\System32\netlogon.dll

[7] 2006-11-02 09:46 559616 889A2C9F2AACCD8F64EF50AC0B3D553B c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[7] 2008-01-19 07:35 592384 A8EFC0B6E75B789F7FD3BA5025D4E37F c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-08-16 5728112]

"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"CTHelper"="CTHELPER.EXE" - c:\windows\System32\CtHelper.exe [2007-02-13 19456]

"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\System32\Ctxfihlp.exe [2007-02-13 19968]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2007-03-10 598016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DevconDefaultDB"="c:\windows\system32\READREG" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk

backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3257366770-3506612297-3206767975-1001]

"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3257366770-3506612297-3206767975-500]

"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{0D066397-3784-4131-8479-A2EF52F586C2}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{2AAFB438-D80A-4FE8-B218-436AB947C4BF}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{3C739F0B-6BF0-4CF1-9089-109F7E9874E7}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{35A09A3D-4CA4-475E-BFAE-2FA8FCF267D0}"= UDP:c:\program files\Steam\Steam.exe:Steam Client

"{A19F0DEC-EB7E-4497-A069-6FC2A0F16631}"= TCP:c:\program files\Steam\Steam.exe:Steam Client

"TCP Query User{AE119F12-F688-4F4D-992D-F2A696C6D1C3}c:\\program files\\realvnc\\vnc4\\winvnc4.exe"= UDP:c:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Enterprise Edition for Win32

"UDP Query User{89BC363C-C4CF-4167-91CB-F1E0723772D8}c:\\program files\\realvnc\\vnc4\\winvnc4.exe"= TCP:c:\program files\realvnc\vnc4\winvnc4.exe:VNC Server Enterprise Edition for Win32

"{BD0C32D9-66C9-4ED0-B018-8C96F58E5637}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{D057A8ED-ED5C-44A0-BAF0-23546454D3AE}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger

"{F5EBC326-1264-4106-AEDD-8369D05BE533}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{1CA928B1-1B7A-489B-BB73-DBBFFACC0AD1}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server

"{33377A44-261F-445B-AD18-0422FD3E8839}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{6EB0368B-FA05-477B-B240-D03ABFE46828}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{BC786488-1C8A-4C7F-8410-EBC778128978}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{8667454D-7B03-40F9-B910-EE9C56CF357A}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb

"{22477E9E-52E9-48F0-806A-29F04FC4FA33}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb

"{11641D74-5A82-4062-A5C1-5F31FB1A1D73}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{1D1918C4-9AC7-4D69-85FE-9CE2A53E4389}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray

"{2BB876C5-56B2-4D08-8006-4C8FAD5FD509}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{26282A77-6F34-4F43-8FC0-4DA56E426A5C}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR

"{F313EF1D-92D1-4E79-8C15-C3A34FFEAC51}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{398C2F6D-03A4-402B-9EC3-ABB8C03777FA}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client

"{050B8555-F55B-4A4E-B4C3-BD847CBFF642}"= UDP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide

"{16369B38-9BF6-4DBE-85C2-D56981063878}"= TCP:c:\program files\Orb Networks\Orb\bin\xmltv.exe:OrbTVGuide

"{3B5757D7-7B2E-4E6F-B83D-D61EF4BC247C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{CA2FC7A0-FE08-4B44-93C4-96343544B30A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R2 EvdoServer;EvdoServer;c:\windows\system32\svchost.exe -k netsvcs [7/28/2008 1:16 PM 21504]

R3 ctgame;Game Port;c:\windows\System32\drivers\CTGAME.SYS [2/13/2007 4:46 PM 19128]

S2 DstRser;Distributed Transaction Servic;c:\windows\MSAgent\agentdpv.exe [8/1/2009 1:25 PM 361789]

S3 DMService;Whale Component Manager;c:\windows\DOWNLO~1\DMService.exe [1/11/2009 12:14 AM 423576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

HKCU-Run-Aim6 - (no file)

HKCU-Run-Steam - (no file)

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL

HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig

mStart Page = hxxp://www.google.com

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {DEA6994F-3ED5-40BC-B5E3-0FD02411B1B4} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_1/PhotoCenter_ActiveX_Control.cab?

DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?

FF - ProfilePath -

.

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]

"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]

"ServiceDll"="%systemroot%\system32\emdmgmt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\emupia]

"ImagePath"="system32\drivers\emupia2k.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EPSON_PM_RPCV4_01]

"ImagePath"="c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EvdoServer]

"ServiceDll"="c:\windows\system32\EvdoServer.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FastUserSwitchingCompatibility]

"ServiceDll"="c:\windows\system32\FastUv32.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FLEXnet Licensing Service]

"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]

"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gusvc]

"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ha10kx2k]

"ImagePath"="system32\drivers\ha10kx2k.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hap16v2k]

"ImagePath"="system32\drivers\hap16v2k.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hap17v2k]

"ImagePath"="system32\drivers\hap17v2k.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hcw89]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]

"ImagePath"="\SystemRoot\system32\drivers\hdaudbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]

"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]

"ServiceDll"="%SystemRoot%\system32\hidserv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]

"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]

"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ImapiHelper]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]

"ImagePath"="system32\DRIVERS\msiscsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]

"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]

"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L8042Kbd]

"ImagePath"="system32\DRIVERS\L8042Kbd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L8042mou]

"ImagePath"="system32\DRIVERS\L8042mou.Sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LHidFilt]

"ImagePath"="system32\DRIVERS\LHidFilt.Sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LHidKe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LMouFilt]

"ImagePath"="system32\DRIVERS\LMouFilt.Sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LMouKE]

"ImagePath"="system32\DRIVERS\LMouKE.Sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LUsbFilt]

"ImagePath"="System32\Drivers\LUsbFilt.Sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]

"ImagePath"="system32\drivers\modem.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]

"ImagePath"="System32\drivers\mountmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]

"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]

"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NMSAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NMSAccessU]

"ImagePath"="c:\program files\CDBurnerXP\NMSAccessU.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]

"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVENETFD]

"ImagePath"="system32\DRIVERS\nvmfdx32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ossrv]

"ImagePath"="system32\drivers\ctoss2k.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Outlook]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]

"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]

"ImagePath"="system32\DRIVERS\parvdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]

"ImagePath"="system32\drivers\pci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]

"ImagePath"="system32\drivers\pciide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolarUSB]

"ImagePath"="system32\DRIVERS\PolarUSB.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\pacer.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]

"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]

"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]

"ImagePath"="%SystemRoot%\system32\SLsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]

"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd]

"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Steam Client Service]

"ImagePath"="c:\program files\Common Files\Steam\SteamService.exe /RunAsService"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]

"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]

"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]

"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]

"ImagePath"="system32\DRIVERS\tunmp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]

"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]

"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]

"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UMPass]

"ImagePath"="system32\DRIVERS\umpass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL]

"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usnjsvc]

"ImagePath"="\"c:\program files\Windows Live\Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]

"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]

"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vncmirror]

"ImagePath"="system32\DRIVERS\vncmirror.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]

"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]

"ImagePath"="\SystemRoot\system32\drivers\wd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WimFltr]

"ImagePath"="system32\DRIVERS\wimfltr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinVNC4]

"ImagePath"="\"c:\program files\RealVNC\VNC4\WinVNC4.exe\" -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WLSetupSvc]

"ImagePath"="\"c:\program files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]

"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{30F95CF8-6059-4204-9045-389FF97743D7}]

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(528)

c:\windows\System32\ctagent.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\System32\audiodg.exe

c:\windows\System32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\program files\RealVNC\VNC4\winvnc4.exe

c:\windows\System32\WUDFHost.exe

c:\windows\ehome\ehmsas.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Completion time: 2009-08-02 17:52 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-02 00:51

Pre-Run: 151,487,410,176 bytes free

Post-Run: 151,757,574,144 bytes free

924 --- E O F --- 2009-07-31 11:15

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.