Jump to content

Please help. Can't get Antivirus 2010 virus off of my computer


David Bryan
 Share

Recommended Posts

My neighbor got the newest Antivirus 2010 virus on his computer and called me to try and fix it. I've been working on it for a couple of days and haven't gotten very far. Originally, I got a red screen and it said something to the effect of "my computer has malfunctioned" and that it needs spyware to be removed before moving forward. The pc was running Windows Security Essentials, but it would not open after the virus infected the computer. AVG was on the computer, so I tried using it. It originally opened and said it found 903 viruses after the scan. It fixed 901, but then had to restart. The problem continued after restart.

I tried on youtube to find some videos that would help, but all of the antivirus 2010 videos were different the the virus I had. They told me to stop the application. The applications were different than the ones shown on the videos. When I would try and end them in tast manager, an error would come up saying something like "The system is shutting down. Please save all work in progress and log off. Initiated by NT Authority\System". It would shut down in 60 seconds. I also noticed that new processes were appearing faster than I could end them. Some of the processes that I suspect are avgcsrvs.exe, avgemc.exe, svchost.exe, avgrsx.exe, avgwdsvc.exe.

The virus allows me to download software, but not to run it. The exceptions are cccleaner, combofix, tdsskiller and avenger. None of these have worked totally, but the red screen no longer pops up. |Also, I am able to now use google and yahoo when on the internet. The virus did not allow this before. I am still unable to stop the processes or use antivirus programs or malwarebytes.

Here is my combofix log:

ComboFix 10-09-24.03 - Compaq_Administrator 09/24/2010 18:49:44.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1498 [GMT -5:00]

Running from: F:\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\All Users\Application Data\FL0821pU.exe

c:\documents and settings\All Users\Application Data\NUBMfm15E.exe

c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\NUBMfm15E.exe

c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll

c:\documents and settings\Compaq_Administrator\NUBMfm15E.com

c:\documents and settings\NetworkService\Local Settings\Application Data\NUBMfm15E.exe

c:\program files\HP\HP Software Update\HPWuSchd2 .exe

c:\program files\HP\HP Software Update\HPWuSchd2.exe

c:\windows\Fonts\NUBMfm15E.com

c:\windows\system32\config\systemprofile\NUBMfm15E.com

c:\windows\Tasks\At265.job

c:\windows\Tasks\At268.job

c:\windows\Tasks\At270.job

c:\windows\Tasks\At276.job

c:\windows\Tasks\At279.job

c:\windows\Tasks\At285.job

.

((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))

.

2010-09-24 22:22 . 2010-09-24 22:22 -------- d-----w- c:\program files\Mlalwarebytes' Anti-Malware

2010-09-24 22:15 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-09-24 22:15 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-09-24 20:44 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-09-23 17:18 . 2010-09-23 17:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2010-09-23 16:43 . 2010-09-23 16:43 -------- d-----w- c:\program files\Trend Micro

2010-09-23 14:03 . 2010-09-23 14:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PCHealth

2010-09-23 13:51 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2010-09-23 13:51 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2010-09-23 13:51 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-09-23 13:51 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2010-09-23 13:51 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2010-09-23 13:51 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\dllcache\hidusb.sys

2010-09-23 01:35 . 2010-09-22 20:17 94724 ----a-w- c:\windows\system32\NUBMfm15E.com

2010-09-23 01:28 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-09-23 01:28 . 2010-09-23 01:28 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-09-23 01:25 . 2010-09-23 01:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Sunbelt Software

2010-09-23 01:25 . 2010-09-23 01:25 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

2010-09-23 01:24 . 2010-09-23 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2010-09-23 01:24 . 2010-09-23 01:24 -------- d-----w- c:\program files\Lavasoft

2010-09-23 00:22 . 2010-09-23 00:22 -------- d-----w- c:\documents and settings\Compaq_Administrator\Logs

2010-09-22 23:42 . 2010-09-24 22:11 -------- d-----w- c:\program files\aMalwarebytes' Anti-Malware

2010-09-22 23:29 . 2010-09-23 00:41 -------- d-----w- c:\program files\sys5

2010-09-22 23:28 . 2010-09-23 00:41 -------- d-----w- c:\program files\sys4

2010-09-22 23:28 . 2010-09-24 21:22 -------- d-----w- c:\program files\Microsoft

2010-09-22 23:13 . 2010-09-22 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-09-22 20:04 . 2010-09-22 20:04 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-09-22 19:09 . 2010-09-22 19:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM

2010-09-22 19:08 . 2010-09-22 19:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-09-22 11:09 . 2010-09-23 14:06 0 ----a-w- c:\windows\Wsaxageqewipe.bin

2010-09-22 11:09 . 2010-09-23 01:08 120 ----a-w- c:\windows\Dqufini.dat

2010-09-22 11:08 . 2004-08-04 03:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys

2010-09-22 11:08 . 2004-08-04 03:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys

2010-09-22 11:07 . 2004-08-04 04:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys

2010-09-22 11:07 . 2004-08-04 04:00 8192 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys

2010-09-22 11:07 . 2004-08-04 04:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys

2010-09-22 11:07 . 2004-08-04 04:00 8192 ----a-w- c:\windows\system32\dllcache\changer.sys

2010-09-22 00:51 . 2010-09-23 00:52 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-09-14 23:22 . 2010-09-14 23:22 -------- d-----w- c:\windows\system32\wbem\mof

2010-09-14 23:20 . 2010-09-14 23:20 -------- d-----w- C:\found.000

2010-09-03 23:47 . 2010-09-03 23:51 19521 ----a-w- c:\windows\hpqins13.dat

1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-24 23:44 . 2010-09-22 20:19 112 ----a-w- c:\documents and settings\All Users\Application Data\Ahu00A5K.dat

2010-09-24 22:15 . 2009-11-03 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-24 21:06 . 2009-11-03 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-09-23 16:30 . 2010-09-23 13:55 42496 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Windows\shellSrv.exe

2010-09-23 16:19 . 2010-03-02 23:26 -------- d-----w- c:\program files\CCleaner

2010-09-23 14:07 . 2010-08-22 20:29 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-09-23 01:55 . 2010-09-22 23:29 142848 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Windows\shell.exe

2010-09-23 00:40 . 2006-08-26 03:37 -------- d-----w- c:\program files\Rhapsody

2010-09-23 00:39 . 2006-08-26 03:51 -------- d-----w- c:\program files\Quicken

2010-09-23 00:39 . 2006-08-26 04:01 -------- d-----w- c:\program files\PC-Doctor 5 for Windows

2010-09-23 00:20 . 2006-08-26 03:36 -------- d-----w- c:\program files\music_now

2010-09-23 00:20 . 2006-08-26 03:49 -------- d-----w- c:\program files\Microsoft Works

2010-09-23 00:00 . 2006-08-26 03:03 -------- d-----w- c:\program files\GemMaster

2010-09-22 23:59 . 2006-08-26 03:03 -------- d-----w- c:\program files\EnglishOtto

2010-09-22 23:59 . 2006-08-26 03:43 -------- d-----w- c:\program files\DISC

2010-09-22 23:59 . 2006-08-26 03:38 -------- d-----w- c:\program files\Common Files\SureThing Shared

2010-09-22 23:59 . 2006-08-26 03:32 -------- d-----w- c:\program files\Common Files\Sonic Shared

2010-09-22 23:58 . 2006-08-26 03:46 -------- d---a-w- c:\program files\Common Files\LightScribe

2010-08-24 08:01 . 2010-08-24 08:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2010-08-22 21:11 . 2010-08-22 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-08-22 20:01 . 2010-08-22 20:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\IObit

2010-08-22 20:01 . 2010-08-22 20:01 -------- d-----w- c:\program files\IObit

2010-08-12 12:16 . 2010-09-23 01:25 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe

2010-07-15 14:04 . 2009-11-03 16:34 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-07-15 14:04 . 2010-07-15 14:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-07-15 14:03 . 2009-11-03 16:34 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\Internet Explorer\svchost .exe
c:\program files\Microsoft Security Essentials\msseces .exe
c:\windows\ehome\ehtray .exe
c:\windows\SMINST\RECGUARD .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-10-16 18:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"nwiz"="nwiz.exe" [2006-05-09 1519616]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [N/A]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-8-25 36903]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-15 14:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

c:\program files\Messenger\msmsgs.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost]

c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\svchost.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/22/2010 8:28 PM 64288]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/3/2009 11:34 AM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/3/2009 11:34 AM 243024]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/15/2010 9:03 AM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:04 AM 308136]

R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/10/2004 6:00 AM 12800]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

2010-09-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 01:28]

2010-09-23 c:\windows\Tasks\At49.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At50.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At51.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At52.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At53.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At54.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At55.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At56.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At57.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At58.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At59.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At60.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At61.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At62.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At63.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At64.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At65.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At66.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-24 c:\windows\Tasks\At67.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At68.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At69.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At70.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At71.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-23 c:\windows\Tasks\At72.job

- c:\windows\system32\NUBMfm15E.com [2010-09-23 20:17]

2010-09-22 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 02:40]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uInternet Settings,ProxyServer = http=127.0.0.1:50370

Trusted Zone: trymedia.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-24 18:56

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqcxs08]

"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpqddsvc]

"ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]

"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]

"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]

"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSXHWBS2]

"ImagePath"="system32\DRIVERS\HSXHWBS2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSX_DP]

"ImagePath"="system32\DRIVERS\HSX_DP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]

"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]

"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Lavasoft Ad-Aware Service]

"ImagePath"="\"c:\program files\Lavasoft\Ad-Aware\AAWService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Lbd]

"ImagePath"="system32\DRIVERS\Lbd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]

"ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McrdSvc]

"ImagePath"="c:\windows\ehome\mcrdsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]

"ImagePath"="system32\DRIVERS\mdmxsdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHN]

"ServiceDll"="%SystemRoot%\System32\mhn.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHNDRV]

"ImagePath"="system32\DRIVERS\mhndrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpFilter]

"ImagePath"="system32\DRIVERS\MpFilter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsMpSvc]

"ImagePath"="\"c:\program files\Microsoft Security Essentials\MsMpEng.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net Driver HPZ12]

"ServiceDll"="c:\windows\system32\HPZinw12.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]

"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]

"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]

"ImagePath"="system32\DRIVERS\NVENETFD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]

"ImagePath"="system32\DRIVERS\nvnetbus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]

"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]

"ServiceDll"="c:\windows\system32\HPZipm12.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]

"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]

"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]

"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{8DA84759-6C62-4695-9DB6-4789D64FAF43}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]

"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsx]

"ImagePath"="system32\DRIVERS\HSX_CNXT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]

"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{892900FC-9814-4488-99C0-81491C1EE93D}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{AA7A78B9-BFEE-4F42-B323-FFED67AA600C}]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1512)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\RTHDCPL.EXE

c:\windows\arservice.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\system32\nvsvc32.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\dllhost.exe

c:\windows\eHome\ehmsas.exe

.

**************************************************************************

.

Completion time: 2010-09-24 19:02:25 - machine was rebooted

ComboFix-quarantined-files.txt 2010-09-25 00:02

ComboFix2.txt 2010-09-24 22:09

ComboFix3.txt 2010-09-24 21:32

Pre-Run: 95,140,368,384 bytes free

Post-Run: 95,132,585,984 bytes free

- - End Of File - - 6FD261BE0CAA25DB5B667F818627814E

Please help me. I am not sure what to try next. Thanks in advance!

Link to post
Share on other sites

Hi and Welcome -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.