Jump to content

Infection prevention anti-virus and anti-spyware scanners from running correctly.


FleabagF7

Recommended Posts

The problem I'm experiencing is that whatever the infection might be, it's preventing any tools that would be used to remove it from running. Malwarebytes Anti-Malware, SuperAntiSpyware, Ad-Aware, Spybot: Search and Destroy, even HijackThis; I've tried them all.

The application will run once and usually work fine, even fully updating until the actual scan itself starts. At this point, the application closes without any error message. Attempting to run the application again results in the following error dialogue.

"Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access the item."

I've tried running the applications as Administrator and in safe mode, however the same error occurs even on a fresh install of that application. I've tried renaming the exe of all the above listed applications with no results. The same thing occurs. In addition, I've tried generating a log using GMER Rootkit Scanner as stated in one of the stickies here, but that has resulted in a blue-screen a couples minutes into the scan.

The following is a ComboFix log from a scan performed just a few minutes ago.

ComboFix 10-09-23.01 - Louise 23/09/2010 23:47:01.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1919.1235 [GMT -6:00]

Running from: c:\users\Louise\Desktop\Combo-Fix.exe

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe . . . . Failed to delete

c:\program files\Alwil Software\Avast5\avastUI.exe . . . . Failed to delete

.

((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))

.

2010-09-24 06:02 . 2010-09-24 06:04 -------- d-----w- c:\users\Louise\AppData\Local\temp

2010-09-24 06:02 . 2010-09-24 06:02 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-24 06:02 . 2010-09-24 06:02 -------- d-----w- c:\users\Guest\AppData\Local\temp

2010-09-24 06:02 . 2010-09-24 06:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-24 06:02 . 2010-09-24 06:02 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2010-09-24 05:44 . 2010-09-24 05:45 -------- d-----w- C:\32788R22FWJFW

2010-09-24 05:21 . 2010-09-24 05:21 -------- d-----w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com

2010-09-24 05:21 . 2010-09-24 05:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-09-24 05:21 . 2010-09-24 06:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-09-24 04:49 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-24 04:49 . 2010-09-24 04:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-24 04:49 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-24 04:36 . 2010-09-24 04:36 -------- d-----w- c:\programdata\Malwarebytes

2010-09-24 03:58 . 2010-09-24 03:58 -------- d-----w- c:\windows\Sun

2010-09-23 23:46 . 2009-11-25 18:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2010-09-23 23:46 . 2009-11-25 18:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2010-09-23 23:46 . 2009-11-25 18:47 49472 ----a-w- c:\windows\system32\netfxperf.dll

2010-09-23 23:46 . 2009-11-25 18:47 297808 ----a-w- c:\windows\system32\mscoree.dll

2010-09-23 23:46 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\system32\dfshim.dll

2010-09-23 23:40 . 2010-09-23 23:40 -------- d-----w- c:\windows\PCHEALTH

2010-09-23 23:29 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2010-09-23 23:29 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys

2010-09-23 23:26 . 2010-06-19 06:23 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-09-23 23:26 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll

2010-09-23 23:26 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-09-23 23:26 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll

2010-09-23 23:24 . 2010-06-19 06:33 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-09-23 23:24 . 2010-06-19 06:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-09-23 23:23 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-09-23 23:23 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-09-23 23:18 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-09-23 23:18 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-09-23 22:58 . 2010-09-23 23:56 -------- d-----w- c:\program files\MyDefrag v4.3.1

2010-09-23 22:42 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-09-23 22:42 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-09-23 22:42 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-09-23 22:42 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-09-23 22:42 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-09-23 22:41 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr

2010-09-23 22:41 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe

2010-09-23 21:06 . 2010-09-23 21:06 -------- d-----w- c:\users\Louise\AppData\Roaming\Malwarebytes

2010-09-23 21:04 . 2010-09-23 21:04 -------- d-----w- c:\programdata\Alwil Software

2010-09-23 21:04 . 2010-09-23 21:04 -------- d-----w- c:\program files\Alwil Software

2010-09-23 21:04 . 2010-09-23 21:10 -------- d-----w- c:\program files\CCleaner

2010-09-23 21:03 . 2010-09-23 22:30 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-09-23 21:03 . 2010-09-23 22:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-09-16 05:28 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-24 05:22 . 2010-09-24 05:22 63488 ----a-w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-09-24 05:22 . 2010-09-24 05:22 52224 ----a-w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-09-24 05:22 . 2010-09-24 05:22 117760 ----a-w- c:\users\Louise\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-09-24 00:11 . 2008-12-24 12:10 -------- d-----w- c:\programdata\Google Updater

2010-09-23 23:58 . 2009-01-12 03:24 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-23 23:56 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail

2010-09-23 23:46 . 2007-01-10 20:03 -------- d-----w- c:\programdata\Microsoft Help

2010-09-23 23:34 . 2008-12-21 02:07 -------- d-----w- c:\program files\Microsoft

2010-09-23 21:43 . 2009-01-03 22:40 -------- d-----w- c:\programdata\WinZip

2010-09-23 21:35 . 2008-12-09 02:01 -------- d-----w- c:\programdata\Norton

2010-09-23 21:33 . 2007-01-10 19:48 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-09-23 21:30 . 2009-11-22 02:37 -------- d-----w- c:\program files\WinZip Self-Extractor

2010-09-23 21:30 . 2008-12-24 12:10 -------- d-----w- c:\program files\Google

2010-09-23 21:27 . 2007-01-10 20:15 -------- d-----w- c:\program files\Yahoo!

2010-09-23 21:27 . 2008-12-22 02:13 -------- d-----w- c:\program files\MSN Games

2010-09-23 21:27 . 2008-12-22 02:13 -------- d-----w- c:\program files\Oberon Media

2010-09-23 21:16 . 2009-05-02 03:16 -------- d-----w- c:\programdata\iolo

2010-09-23 21:13 . 2010-04-25 18:32 -------- d-----w- c:\programdata\WildTangent

2010-09-23 21:10 . 2010-04-04 05:52 -------- d-----w- c:\program files\RealArcade

2010-09-23 18:08 . 2008-10-04 03:36 -------- d-----w- c:\users\Louise\AppData\Roaming\LimeWire

2010-09-09 17:23 . 2009-05-02 03:35 1303 ----a-w- c:\users\Louise\AppData\Roaming\iolo\restore.bat

2010-08-23 08:15 . 2010-08-23 03:16 -------- d-----w- c:\programdata\DivX

2010-08-21 05:32 . 2010-09-23 23:25 316928 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-15 19:55 . 2008-10-04 03:35 -------- d-----w- c:\program files\LimeWire

2010-07-31 04:54 . 2008-08-29 12:38 -------- d-----w- c:\program files\Windows Live

2010-07-29 06:30 . 2010-09-23 23:25 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-09-23 23:25 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-06-30 06:25 . 2010-09-23 23:25 978432 ----a-w- c:\windows\system32\wininet.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2008-08-22 06:15 . 2008-08-22 06:15 22 --sha-w- c:\windows\SMINST\HPCD.sys

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-24 2838912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKLM\~\startupfolder\C:^Users^Louise^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\users\Louise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-03 01:33 135664 ----atw- c:\users\Louise\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]

2010-05-17 20:32 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-12-24 12:10 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-10 1343400]

R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]

S1 aswSP;aswSP; [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 20392]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S3 mvb35316;mvb35316; [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - eeCtrl

*Deregistered* - EraserUtilRebootDrv

*Deregistered* - SYMFW

*Deregistered* - SYMNDISV

.

Contents of the 'Scheduled Tasks' folder

2010-09-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 20:38]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 03:48]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 03:48]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2483525584-3372220188-1659079186-1000Core.job

- c:\users\Louise\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-03 01:33]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2483525584-3372220188-1659079186-1000UA.job

- c:\users\Louise\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-03 01:33]

2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{4301A703-2606-421C-B891-56156C7B79DF}.job

- c:\windows\system32\msfeedssync.exe [2010-09-23 06:19]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.imesh.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=71&bd=Pavilion&pf=laptop

IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Louise\AppData\Roaming\Mozilla\Firefox\Profiles\rpolecrn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=

FF - prefs.js: browser.search.selectedEngine - SweetIM Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLCapSvc]

"ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]

"ImagePath"="System32\CLFS.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLSched]

"ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]

"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]

"ImagePath"="\SystemRoot\system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]

"ImagePath"="System32\Drivers\cng.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CnxtHdAudService]

"ImagePath"="system32\drivers\CHDRT32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]

"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]

"ImagePath"="system32\DRIVERS\CompositeBus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dc3d]

"ImagePath"="system32\DRIVERS\dc3d.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]

"ServiceDll"="%Systemroot%\System32\defragsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DFSR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]

"ImagePath"="System32\drivers\discache.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eabfiltr]

"ImagePath"="system32\DRIVERS\eabfiltr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]

"ImagePath"="\SystemRoot\system32\DRIVERS\evbdx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ElRawDisk]

"ImagePath"="\??\c:\windows\system32\drivers\elrawdsk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]

"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]

"ImagePath"="\SystemRoot\system32\DRIVERS\errdev.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]

"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]

"ImagePath"="\SystemRoot\system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]

"ImagePath"="System32\drivers\FsDepends.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fssfltr]

"ImagePath"="system32\DRIVERS\fssfltr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fsssvc]

"ImagePath"="\"c:\program files\Windows Live\Family Safety\fsssvc.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]

"ImagePath"="System32\DRIVERS\fvevol.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]

"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]

"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gusvc]

"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HBtnKey]

"ImagePath"="system32\DRIVERS\cpqbttn.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]

"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]

"ImagePath"="system32\drivers\CHDART.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]

"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]

"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]

"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]

"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]

"ServiceDll"="%SystemRoot%\system32\provsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HP Health Check Service]

"ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hpqwmiex]

"ImagePath"="c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]

"ImagePath"="\SystemRoot\system32\DRIVERS\HpSAMD.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HSF_DPV]

"ImagePath"="system32\DRIVERS\HSX_DPV.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HSXHWAZL]

"ImagePath"="system32\DRIVERS\HSXHWAZL.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]

"ImagePath"="System32\drivers\hwpolicy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]

"ImagePath"="\SystemRoot\system32\DRIVERS\iaStorV.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IDriverT]

"ImagePath"="\"c:\program files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]

"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]

"ImagePath"="\SystemRoot\system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]

"ImagePath"="\SystemRoot\system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ioloFileInfoList]

"ImagePath"="c:\program files\iolo\Common\Lib\ioloServiceManager.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ioloSystemService]

"ImagePath"="c:\program files\iolo\Common\Lib\ioloServiceManager.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\DRIVERS\IPMIDrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]

"ImagePath"="System32\drivers\ipnat.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]

"ImagePath"="\SystemRoot\system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]

"ImagePath"="system32\DRIVERS\msiscsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]

"ImagePath"="System32\Drivers\ksecpkg.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LightScribeService]

"ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mdmxsdk]

"ImagePath"="system32\DRIVERS\mdmxsdk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]

"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]

"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]

"ImagePath"="system32\drivers\modem.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]

"ImagePath"="System32\drivers\mountmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]

"ImagePath"="\SystemRoot\system32\DRIVERS\mpio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]

"ImagePath"="\SystemRoot\system32\DRIVERS\msahci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]

"ImagePath"="\SystemRoot\system32\DRIVERS\msdsm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]

"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]

"ImagePath"="system32\DRIVERS\msisadrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]

"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mvb35316]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]

"ImagePath"="system32\DRIVERS\ndiscap.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]

"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NuidFltr]

"ImagePath"="system32\DRIVERS\NuidFltr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NVENETFD]

"ImagePath"="system32\DRIVERS\nvm62x32.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvlddmkm]

"ImagePath"="system32\DRIVERS\nvlddmkm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]

"ImagePath"="\SystemRoot\system32\DRIVERS\nvraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvsmu]

"ImagePath"="system32\DRIVERS\nvsmu.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]

"ImagePath"="system32\DRIVERS\nvstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvsvc]

"ImagePath"="%SystemRoot%\system32\nvvsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]

"ImagePath"="\SystemRoot\system32\DRIVERS\nv_agp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\odserv]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]

"ImagePath"="\SystemRoot\system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ose]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]

"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parvdm]

"ImagePath"="\SystemRoot\system32\DRIVERS\parvdm.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]

"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]

"ImagePath"="System32\drivers\pcw.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]

"ServiceDll"="%SystemRoot%\system32\umpo.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]

"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]

"ImagePath"="system32\DRIVERS\pacer.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]

"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]

"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]

"ImagePath"="system32\DRIVERS\AgileVpn.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]

"ImagePath"="\SystemRoot\system32\DRIVERS\rdpbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]

"ImagePath"="system32\drivers\rdprefmp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]

"ImagePath"="System32\drivers\rdyboost.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rimmptsk]

"ImagePath"="system32\DRIVERS\rimmptsk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rimsptsk]

"ImagePath"="system32\DRIVERS\rimsptsk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rismxdp]

"ImagePath"="system32\DRIVERS\rixdptsk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]

"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASDIFSV]

"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SASKUTIL]

"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]

"ImagePath"="\SystemRoot\system32\DRIVERS\sbp2port.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]

"ImagePath"="System32\DRIVERS\scfilter.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sdbus]

"ImagePath"="\SystemRoot\system32\DRIVERS\sdbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SeaPort]

"ImagePath"="\"c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]

"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]

"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]

"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]

"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]

"ImagePath"="\SystemRoot\system32\DRIVERS\sffdisk.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\DRIVERS\sffp_mmc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]

"ImagePath"="\SystemRoot\system32\DRIVERS\sffp_sd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]

"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sisagp]

"ImagePath"="\SystemRoot\system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNP2UVC]

"ImagePath"="system32\DRIVERS\snp2uvc.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]

"ImagePath"="%SystemRoot%\system32\sppsvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]

"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]

"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\StiSvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stllssvr]

"ImagePath"="\"c:\program files\Common Files\SureThing Shared\stllssvr.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SynTP]

"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]

"ServiceDll"="%SystemRoot%\system32\themeservice.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]

"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]

"ImagePath"="\SystemRoot\system32\DRIVERS\uliagpkx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]

"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Usb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBAAPL]

"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbcir.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]

"ImagePath"="\SystemRoot\system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]

"ImagePath"="system32\DRIVERS\vdrvroot.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]

"ImagePath"="\SystemRoot\system32\DRIVERS\vhdmp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaagp]

"ImagePath"="\SystemRoot\system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ViaC7]

"ImagePath"="\SystemRoot\system32\DRIVERS\viac7.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]

"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]

"ImagePath"="system32\DRIVERS\volmgr.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]

"ImagePath"="system32\DRIVERS\volsnap.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]

"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]

"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VWiFiFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]

"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]

"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]

"ImagePath"="\"%systemroot%\system32\wbengine.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]

"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]

"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]

"ImagePath"="system32\DRIVERS\wfplwf.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]

"ImagePath"="system32\drivers\wimmount.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\winachsf]

"ImagePath"="system32\DRIVERS\HSX_CNXT.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUsb]

"ImagePath"="system32\DRIVERS\WinUsb.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]

"ImagePath"="system32\DRIVERS\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]

"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]

"ImagePath"="system32\drivers\WudfPf.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]

"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\XAudio]

"ImagePath"="system32\DRIVERS\xaudio.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\XAudioService]

"ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{7ED8624C-80EE-4551-8E87-6145BF42FE0B}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{C57D2695-FA1A-4763-B1FF-955D5BC80272}]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\WLANExt.exe

c:\windows\system32\conhost.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Completion time: 2010-09-24 00:11:22 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-24 06:11

ComboFix2.txt 2010-09-24 04:30

Pre-Run: 59,062,407,168 bytes free

Post-Run: 59,029,594,112 bytes free

- - End Of File - - 2D9F03307B24B72137E40C9F81BBAD81

Again, I am unable to run HiJackThis, so a log from that can not be provided.

Link to post
Share on other sites

I understand the rules say not to post in your own thread until 48 hours have passed but I've managed to get a few more logs that may aid in solving this issue.

DDS Log

http://pastebin.com/26fEGShY

GMER Log

http://pastebin.com/3KqvPck3

Combo Fix Log

http://pastebin.com/3E3L7C1T

Attached to this post is all three logs in addition to Attach.txt that was generated with DDS.

Archive.zip

Link to post
Share on other sites

Hi,

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert". It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

First delete you copy of ComboFix.exe from the desktop. Then download the latest version of ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.