[Active] No Scans Work and Google Links Redirected

  1. 30-08-2009  #1
    ihui
    ihui is offline Newbie

    Unhappy [Active] No Scans Work and Google Links Redirected

    Hi, I've been experiencing a similar problem to other threads that I've seen on this board and I don't want to take any wrong steps by blindly following the advice that has been given so here's my personal problem.

    Google links are being redirected to other sites that seem to contain the words I've searched.
    Avira AntiVir scans stopped working at one point about a week ago. It seemed to freeze around
    C:\Windows\System32\config\SYSTEM
    and I couldn't stop it or close it. I ended it with Task Manager.
    The scan worked in Safe Mode and I've posted the log from that scan below.
    However, in normal mode, the scans still didn't run properly and the scan kept stopping at a certain point.
    I uninstalled Avira and tried installing Norton Internet Security 09. Everything was going smoothly (the pre-installation scan was fine) and toward the end of the installation process, it seemed to get stuck again during a "scanning" phase. I let Norton keep scanning for a few hours more but finally closed it.
    When I tried to open the Norton program, it said that it hadn't been installed properly and I went ahead and let it do a cleanup so that I could try installing it again later.

    I've tried to run Malwarebytes but the program didn't open.
    I've also tried HijackThis to get a log to post here to help speed things up, but again, that program doesn't seem to open.

    Thanks very much for any help, and I hope this problem isn't too serious to solve!

    Here is the Avira scan log that I ran in Safe Mode:
    Avira AntiVir Personal
    Report file date: August-22-09 09:31

    Scanning for 1651917 virus strains and unwanted programs.

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 1) [6.0.6001]
    Boot mode : Save mode
    Username : Ivan
    Computer name : IVAN-PC

    Version information:
    BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
    AVSCAN.EXE : 9.0.3.7 466689 Bytes 05/08/2009 14:53:43
    AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 15:58:24
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 16:35:49
    LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 15:58:52
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 22:15:30
    ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 05:33:15
    ANTIVIR3.VDF : 7.1.5.149 9728 Bytes 21/08/2009 05:33:15
    Engineversion : 8.2.1.3
    AEVDF.DLL : 8.1.1.1 106868 Bytes 18/06/2009 12:51:13
    AESCRIPT.DLL : 8.1.2.25 459130 Bytes 12/08/2009 19:00:48
    AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 17:40:32
    AERDL.DLL : 8.1.2.4 430452 Bytes 14/07/2009 20:56:31
    AEPACK.DLL : 8.1.3.18 401783 Bytes 18/06/2009 12:51:13
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 12:51:13
    AEHEUR.DLL : 8.1.0.155 1921400 Bytes 20/08/2009 21:44:23
    AEHELP.DLL : 8.1.6.0 233846 Bytes 20/08/2009 21:44:21
    AEGEN.DLL : 8.1.1.57 356725 Bytes 20/08/2009 21:44:18
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 19:32:40
    AECORE.DLL : 8.1.7.6 184694 Bytes 23/07/2009 17:40:29
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 19:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
    AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 15:32:15
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 19:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 15:32:09
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 20:05:41
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 15:37:08
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 20:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 13:21:33
    NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 15:32:10
    RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 18/06/2009 12:51:13
    RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 15:19:48

    Configuration settings for the scan:
    Jobname.............................: ShlExt
    Configuration file..................: C:\Users\Ivan\AppData\Local\Temp\665ce34a.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: off
    Scan registry.......................: off
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: August-22-09 09:31

    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    [NOTE] This file is a Windows system file.
    [NOTE] This file cannot be opened for scanning.
    C:\Users\Ivan\AppData\Local\Temp\a.exe
    [DETECTION] Is the TR/Crot.V.1 Trojan
    C:\Users\Ivan\AppData\Local\Temp\b.exe
    [DETECTION] Is the TR/Crot.V.1 Trojan
    C:\Users\Ivan\AppData\Local\Temp\d.exe
    [DETECTION] Is the TR/Fakealert.GV.10 Trojan
    C:\Users\Ivan\AppData\Local\Temp\e.exe
    [DETECTION] Is the TR/FraudPack.qvn.3 Trojan
    C:\Users\Ivan\AppData\Local\Temp\f.exe
    [DETECTION] Is the TR/FraudPack.qvn.3 Trojan
    C:\Users\Ivan\AppData\Local\Temp\prun.tmp
    [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
    C:\Windows\msa.exe
    [DETECTION] Is the TR/FraudPack.qvn.3 Trojan
    C:\Windows\System32\cngaudit.dll
    [WARNING] The file could not be opened!
    C:\Windows\System32\WerFault.exe
    [WARNING] The file could not be opened!
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.180 00_none_70071ca23cc95139\WerFault.exe
    [WARNING] The file could not be opened!
    C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.181 45_none_6fe0e04a3ce53cd7\WerFault.exe
    [WARNING] The file could not be opened!

    Beginning disinfection:
    C:\Users\Ivan\AppData\Local\Temp\a.exe
    [DETECTION] Is the TR/Crot.V.1 Trojan
    [NOTE] The file was moved to '4af5021f.qua'!
    C:\Users\Ivan\AppData\Local\Temp\b.exe
    [DETECTION] Is the TR/Crot.V.1 Trojan
    [NOTE] The file was moved to '492e6850.qua'!
    C:\Users\Ivan\AppData\Local\Temp\d.exe
    [DETECTION] Is the TR/Fakealert.GV.10 Trojan
    [NOTE] TR/Fakealert.GV.10:[HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRE NTVERSION\RUN]:<DellSupportCenter>=sz:d.exe
    [NOTE] The file was moved to '49297018.qua'!
    C:\Users\Ivan\AppData\Local\Temp\e.exe
    [DETECTION] Is the TR/FraudPack.qvn.3 Trojan
    [NOTE] The file was moved to '49288080.qua'!
    C:\Users\Ivan\AppData\Local\Temp\f.exe
    [DETECTION] Is the TR/FraudPack.qvn.3 Trojan
    [NOTE] The file was moved to '492a8858.qua'!
    C:\Users\Ivan\AppData\Local\Temp\prun.tmp
    [DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
    [NOTE] The file was moved to '4b050263.qua'!
    C:\Windows\msa.exe
    [DETECTION] Is the TR/FraudPack.qvn.3 Trojan
    [NOTE] The file was moved to '4af10264.qua'!


    End of the scan: August-22-09 10:34
    Used time: 21:09 Minute(s)

    The scan has been done completely.

    14953 Scanned directories
    185173 Files were scanned
    7 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    7 Files were moved to quarantine
    0 Files were renamed
    6 Files cannot be scanned
    185160 Files not concerned
    975 Archives were scanned
    6 Warnings
    8 Notes
    Last edited by ihui; 30-08-2009 at 08:27 PM.

  3. 31-08-2009  #2
    broni
    broni is offline Senior Member
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  4. 31-08-2009  #3
    ihui
    ihui is offline Newbie
    First off, thanks a lot for helping me out.
    When I ran Combofix, it detected that AVG was running. I had uninstalled AVG8 months ago and did not know that stuff had been left behind. I let Combofix continue and during the scan it suddenly restarted. No log was produced and I'm guessing things somehow went wrong.
    I then went to my Program Files and into the AVG folder where I deleted as many files as I could (it wouldn't let me delete some .dll files and 2 others). And then in Task Manager I saw that two AVG processes were still running. I ended one of them, but when I tried to end the other, nothing happened.
    I went ahead with Combofix again and this time things seemed to go a lot better.
    Here's the log:

    ComboFix 09-08-30.01 - Ivan 30/08/2009 23:14.1.2 - NTFSx86
    Running from: c:\users\Ivan\Desktop\ComboFix.exe
    AV: AVG *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: AVG *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
    c:\$recycle.bin\S-1-5-21-3981050607-646183067-187781789-500
    c:\windows\system32\drivers\kbiwkmxnvfnbuv.sys
    c:\windows\system32\kbiwkmcuymqred.dat
    c:\windows\system32\kbiwkmfexgefoo.dll
    c:\windows\system32\kbiwkmoqdtopxu.dat
    c:\windows\system32\kbiwkmpkisbvqn.dat
    c:\windows\system32\kbiwkmrlirhpxb.dll
    c:\windows\system32\oem8.inf


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
    -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
    -------\Service_kbiwkmixitsepc


    ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
    .

    2009-08-31 03:19 . 2009-08-31 03:22 -------- d-----w- c:\users\Ivan\AppData\Local\temp
    2009-08-31 03:19 . 2009-08-31 03:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-29 16:32 . 2009-08-29 16:32 -------- d--h--w- c:\windows\PIF
    2009-08-29 16:14 . 2009-08-29 16:14 -------- d-----w- c:\users\Ivan\AppData\Roaming\Malwarebytes
    2009-08-29 16:14 . 2009-08-29 16:14 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-29 15:46 . 2009-08-29 15:45 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2009-08-29 15:45 . 2009-08-29 15:46 -------- d-----w- c:\users\Ivan\.housecall6.6
    2009-08-28 01:11 . 2009-08-28 01:11 -------- d-----w- c:\users\Ivan\AppData\Local\Symantec
    2009-08-28 00:46 . 2009-08-28 00:46 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
    2009-08-28 00:46 . 2009-08-28 00:46 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
    2009-08-28 00:46 . 2009-08-30 18:03 -------- d-----w- c:\users\Ivan\AppData\Roaming\Spyware Terminator
    2009-08-28 00:46 . 2009-08-30 18:03 -------- d-----w- c:\programdata\Spyware Terminator
    2009-08-28 00:46 . 2009-08-28 00:46 141312 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2009-08-28 00:46 . 2009-08-30 18:03 -------- d-----w- c:\program files\Spyware Terminator
    2009-08-27 19:40 . 2009-08-30 23:40 -------- d-----w- c:\windows\Installer
    2009-08-27 19:07 . 2009-08-29 17:05 -------- d-----w- c:\programdata\Norton
    2009-08-27 19:05 . 2009-08-29 17:05 -------- d-----w- c:\program files\NortonInstaller
    2009-08-27 19:05 . 2009-08-29 17:05 -------- d-----w- c:\programdata\NortonInstaller
    2009-08-23 16:20 . 2009-08-29 17:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-08-20 03:40 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2009-08-20 03:40 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
    2009-08-20 03:40 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
    2009-08-20 03:40 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-08-20 03:40 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-08-20 03:39 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-08-20 03:39 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-08-20 03:39 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-08-20 03:39 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-08-20 03:39 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-08-20 03:38 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-08-20 03:38 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-08-20 03:38 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
    2009-08-20 03:38 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-08-20 03:38 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-08-20 03:38 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-08-20 03:38 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-08-20 03:38 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-08-04 03:55 . 2009-08-10 20:11 -------- d-----w- c:\users\Ivan\AppData\Roaming\DivX
    2009-08-04 03:52 . 2009-08-04 03:59 -------- d-----w- c:\program files\DivX
    2009-08-04 03:52 . 2009-08-04 03:52 -------- d-----w- c:\program files\Common Files\DivX Shared

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2009-08-31 02:49 . 2008-08-16 05:37 257879374 ----a-w- c:\windows\DUMP4c5a.tmp
    2009-08-23 16:21 . 2009-08-23 16:21 -------- d-----w- c:\programdata\Symantec
    2009-08-20 03:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-05 14:53 . 2009-06-02 01:37 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-08-04 03:53 . 2008-08-16 03:24 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2009-07-18 16:06 . 2009-07-29 23:34 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-07-29 23:34 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-07-29 23:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\users\Ivan\AppData\Roaming\Mozilla\plugins\npgo ogletalk.dll
    2009-06-15 15:24 . 2009-07-29 23:34 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 15:20 . 2009-07-29 23:34 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 15:20 . 2009-07-29 23:34 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-06-15 12:52 . 2009-07-29 23:34 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2008-08-16 05:49 . 2008-08-16 05:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]

    c:\users\Ivan\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-15 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-08-16 03:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dl l

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3981050607-646183067-187781789-1000]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
    "{4979BF73-A1F4-41A3-AF82-9B65523C71EF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{09E678CB-1236-4747-8933-2A432611EFE8}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{509E118E-7BF8-437E-8D94-67EA0CC0441D}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
    "{3E4178C3-5E6E-48EF-8CD8-0F05780A0345}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "TCP Query User{BC961993-141E-490B-AA7F-BAB031EC8BD9}c:\\program files\\dc++\\dcplusplus.exe"= UDP:c:\program files\dc++\dcplusplus.exe:DC++
    "UDP Query User{2A09053B-CCAC-42DA-84D0-D121AA623A0C}c:\\program files\\dc++\\dcplusplus.exe"= TCP:c:\program files\dc++\dcplusplus.exe:DC++
    "{DA28A3A7-0CD9-4C96-A67E-393A2A95F78A}"= UDP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
    "{06BD63AB-6459-4D47-8AA5-C83D47BD0A58}"= TCP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
    "{1C4BBCD4-D662-4A6C-9B9B-D44ED4FFF45A}"= UDP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
    "{B4C911C9-5DF0-4E3B-BEBF-F053991DE082}"= TCP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
    "{FE9ABECA-4AB1-4727-B349-8F67EBA8D1B3}"= UDP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
    "{D21617FE-AC99-4C57-A7AD-15F72DBF55E2}"= TCP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
    "{5553B46D-7A46-46C3-A9AE-B1982AC9EEA2}"= UDP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
    "{6A469556-5B5D-46AE-88DB-C48EB56D6F51}"= TCP:c:\users\Ivan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
    "{21703D85-D52A-4B9E-9E52-3D44687330CA}"= Disabled:UDP:c:\users\Ivan\AppData\Local\Temp\7zSD D5F.tmp\setup\HPZnui01.exe:hpznui01.exe
    "{FE0C2E3D-4675-4CE2-B79E-EC3E83C1602D}"= Disabled:TCP:c:\users\Ivan\AppData\Local\Temp\7zSD D5F.tmp\setup\HPZnui01.exe:hpznui01.exe
    "TCP Query User{0C5359BC-BD6B-4BE8-8D28-DC1882DBCA3D}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{6740AE94-15C7-4443-8FE6-698C4DDCBD47}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox

    [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [x]
    R3 PCD5SRVC{3F6A8B78-EC003E00-05040000};PCD5SRVC{3F6A8B78-EC003E00-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pk ms [2007-12-05 20640]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-08-31 97928]
    S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-29 76040]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 231704]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
    S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
    S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
    *NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}
    *Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
    *Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981050607-646183067-187781789-1000Core.job
    - c:\users\Ivan\AppData\Local\Google\Update\GoogleUp date.exe [2008-11-23 03:12]

    2009-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3981050607-646183067-187781789-1000UA.job
    - c:\users\Ivan\AppData\Local\Google\Update\GoogleUp date.exe [2008-11-23 03:12]
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-Wdf01000.sys


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=1080816
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Ivan\AppData\Roaming\Mozilla\Firefox\Prof iles\4mjpm564.default\
    FF - prefs.js: browser.startup.homepage - hxxps://ce.uwo.ca/uwc/auth
    FF - plugin: c:\users\Ivan\AppData\Local\Google\Update\1.2.183. 7\npGoogleOneClick8.dll
    FF - plugin: c:\users\Ivan\AppData\Roaming\Mozilla\plugins\npgo ogletalk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    ************************************************** ************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    ************************************************** ************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P CD5SRVC{3F6A8B78-EC003E00-05040000}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\P CD5SRVC.pkms"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\c lr_optimization_v2.0.50727_32]
    "ImagePath"="%systemroot%\Microsoft.NET\Framework\ v2.0.50727\mscorsvw.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C mBatt]
    "ImagePath"="system32\DRIVERS\CmBatt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\c mdide]
    "ImagePath"="\SystemRoot\system32\drivers\cmdide.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C ompbatt]
    "ImagePath"="system32\DRIVERS\compbatt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C OMSysApp]
    "ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\c rcdisk]
    "ImagePath"="system32\drivers\crcdisk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C rusoe]
    "ImagePath"="\SystemRoot\system32\drivers\crusoe.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\c rypt32]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\C ryptSvc]
    "ServiceDll"="%SystemRoot%\system32\cryptsvc.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D CLocator]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D comLaunch]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D fsC]
    "ImagePath"="System32\Drivers\dfsc.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D FSR]
    "ImagePath"="%SystemRoot%\system32\DFSR.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D hcp]
    "ServiceDll"="%SystemRoot%\system32\dhcpcsvc.d ll"
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d isk]
    "ImagePath"="system32\drivers\disk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D nscache]
    "ServiceDll"="%SystemRoot%\System32\dnsrslvr.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D ockLoginService]
    "ImagePath"="c:\program files\Dell\DellDock\DockLogin.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d ot3svc]
    "ServiceDll"="%SystemRoot%\System32\dot3svc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D ot4]
    "ImagePath"="system32\DRIVERS\Dot4.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D ot4Print]
    "ImagePath"="system32\DRIVERS\Dot4Prt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d ot4usb]
    "ImagePath"="system32\DRIVERS\dot4usb.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D PS]
    "ServiceDll"="%SystemRoot%\system32\dps.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\d rmkaud]
    "ImagePath"="system32\drivers\drmkaud.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\D XGKrnl]
    "ImagePath"="\SystemRoot\System32\drivers\dxgkrnl. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e 1express]
    "ImagePath"="system32\DRIVERS\e1e6032.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E 1G60]
    "ImagePath"="system32\DRIVERS\E1G60I32.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E apHost]
    "ServiceDll"="%SystemRoot%\System32\eapsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E cache]
    "ImagePath"="System32\drivers\ecache.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e hRecvr]
    "ImagePath"="%systemroot%\ehome\ehRecvr.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e hSched]
    "ImagePath"="%systemroot%\ehome\ehsched.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e hstart]
    "ServiceDll"="%SystemRoot%\ehome\ehstart.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e lxstor]
    "ImagePath"="\SystemRoot\system32\drivers\elxstor. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E mdCache]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E MDMgmt]
    "ServiceDll"="%systemroot%\system32\emdmgmt.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E rrDev]
    "ImagePath"="\SystemRoot\system32\drivers\errdev.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E SENT]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventlog]
    "ServiceDll"="%SystemRoot%\System32\wevtsvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E ventSystem]
    "ServiceDll"="%systemroot%\system32\es.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e xfat]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f astfat]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f dc]
    "ImagePath"="system32\DRIVERS\fdc.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f dPHost]
    "ServiceDll"="%SystemRoot%\system32\fdPHost.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F DResPub]
    "ServiceDll"="%SystemRoot%\system32\fdrespub.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F ileInfo]
    "ImagePath"="system32\drivers\fileinfo.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F iletrace]
    "ImagePath"="system32\drivers\filetrace.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\f lpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F ltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F ontCache3.0.0.0]
    "ImagePath"="%systemroot%\Microsoft.Net\Framework\ v3.0\WPF\PresentationFontCache.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F s_Rec]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\g agp30kx]
    "ImagePath"="\SystemRoot\system32\drivers\gagp30kx .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\G oToAssist]
    "ImagePath"="\"c:\program files\Citrix\GoToAssist\514\g2aservice.exe\" Start=service"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\g psvc]
    "ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H DAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H idBth]
    "ImagePath"="\SystemRoot\system32\drivers\hidbth.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H idIr]
    "ImagePath"="\SystemRoot\system32\drivers\hidir.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\h idserv]
    "ServiceDll"="%SystemRoot%\system32\hidserv.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H idUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\h kmsvc]
    "ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H pCISSs]
    "ImagePath"="\SystemRoot\system32\drivers\hpcisss. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\h pqcxs08]
    "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqcxs08.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\h pqddsvc]
    "ServiceDll"="c:\program files\HP\Digital Imaging\bin\hpqddsvc.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H PSLPSVC]
    "ServiceDll"="c:\program files\HP\Digital Imaging\bin\HPSLPSVC32.DLL"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H SF_DPV]
    "ImagePath"="system32\DRIVERS\HSX_DPV.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H SXHWAZL]
    "ImagePath"="system32\DRIVERS\HSXHWAZL.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\H TTP]
    "ImagePath"="system32\drivers\HTTP.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i 2omp]
    "ImagePath"="\SystemRoot\system32\drivers\i2omp.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i 8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I AANTMON]
    "ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i aStor]
    "ImagePath"="system32\drivers\iastor.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i aStorV]
    "ImagePath"="\SystemRoot\system32\drivers\iastorv. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i dsvc]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framewor k\v3.0\Windows Communication Foundation\infocard.exe\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i gfx]
    "ImagePath"="system32\DRIVERS\igdkmd32.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i irsp]
    "ImagePath"="\SystemRoot\system32\drivers\iirsp.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I KEEXT]
    "ServiceDll"="%SystemRoot%\System32\ikeext.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i netaccs]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I nspect]
    "ImagePath"="system32\DRIVERS\inspect.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I ntcHdmiAddService]
    "ImagePath"="system32\drivers\IntcHdmi.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i ntelide]
    "ImagePath"="system32\DRIVERS\intelide.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i ntelppm]
    "ImagePath"="system32\DRIVERS\intelppm.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I PBusEnum]
    "ServiceDll"="%SystemRoot%\system32\ipbusenum. dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I pFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i phlpsvc]
    "ServiceDll"="%SystemRoot%\System32\iphlpsvc.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I pInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I PMIDRV]
    "ImagePath"="\SystemRoot\system32\drivers\ipmidrv. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I PNAT]
    "ImagePath"="system32\DRIVERS\ipnat.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\I RENUM]
    "ImagePath"="system32\drivers\irenum.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i sapnp]
    "ImagePath"="\SystemRoot\system32\drivers\isapnp.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i ScsiPrt]
    "ImagePath"="system32\DRIVERS\msiscsi.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i teatapi]
    "ImagePath"="\SystemRoot\system32\drivers\iteatapi .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i teraid]
    "ImagePath"="\SystemRoot\system32\drivers\iteraid. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k bdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k bdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k biwkmixitsepc]
    "imagepath"="\systemroot\system32\drivers\kbiwkmxn vfnbuv.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\K eyIso]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\K SecDD]
    "ImagePath"="System32\Drivers\ksecdd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\K tmRm]
    "ServiceDll"="%systemroot%\system32\msdtckrm.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L anmanServer]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L anmanWorkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\l dap]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\l ltdio]
    "ImagePath"="system32\DRIVERS\lltdio.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\l ltdsvc]
    "ServiceDll"="%SystemRoot%\System32\lltdsvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\l mhosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L sa]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L SI_FC]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_fc.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L SI_SAS]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_sas. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\L SI_SCSI]
    "ImagePath"="\SystemRoot\system32\drivers\lsi_scsi .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\l uafv]
    "ImagePath"="\SystemRoot\system32\drivers\luafv.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M cx2Svc]
    "ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m dmxsdk]
    "ImagePath"="system32\DRIVERS\mdmxsdk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m egasas]
    "ImagePath"="\SystemRoot\system32\drivers\megasas. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M egaSR]
    "ImagePath"="\SystemRoot\system32\drivers\megasr.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M MCSS]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M odem]
    "ImagePath"="system32\drivers\modem.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m onitor]
    "ImagePath"="system32\DRIVERS\monitor.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m ouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m ouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M ountMgr]
    "ImagePath"="System32\drivers\mountmgr.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m pio]
    "ImagePath"="\SystemRoot\system32\drivers\mpio.sys "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m psdrv]
    "ImagePath"="System32\drivers\mpsdrv.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M psSvc]
    "ServiceDll"="%SystemRoot%\system32\mpssvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M raid35x]
    "ImagePath"="\SystemRoot\system32\drivers\mraid35x .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M RxDAV]
    "ImagePath"="\SystemRoot\system32\drivers\mrxdav.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m rxsmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m rxsmb10]
    "ImagePath"="system32\DRIVERS\mrxsmb10.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m rxsmb20]
    "ImagePath"="system32\DRIVERS\mrxsmb20.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m sahci]
    "ImagePath"="\SystemRoot\system32\drivers\msahci.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m sdsm]
    "ImagePath"="\SystemRoot\system32\drivers\msdsm.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SDTC]
    "ImagePath"="%SystemRoot%\System32\msdtc.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SDTC Bridge 3.0.0.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M sfs]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m sisadrv]
    "ImagePath"="system32\drivers\msisadrv.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SiSCSI]
    "ServiceDll"="%systemroot%\system32\iscsiexe.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m siserver]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M sRPC]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M SSCNTRS]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\m ssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M STEE]
    "ImagePath"="system32\drivers\MSTEE.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\M up]
    "ImagePath"="System32\Drivers\mup.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n apagent]
    "ServiceDLL"="%SystemRoot%\system32\qagentRT.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N ativeWifiP]
    "ImagePath"="system32\DRIVERS\nwifi.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N DIS]
    "ImagePath"="system32\drivers\ndis.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N disTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N disuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N disWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N DProxy]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N et Driver HPZ12]
    "ServiceDll"="c:\windows\system32\HPZinw12.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N etBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n etbt]
    "ImagePath"="System32\DRIVERS\netbt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N etlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N etman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n etprofm]
    "ServiceDll"="%SystemRoot%\System32\netprofm.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N etTcpPortSharing]
    "ImagePath"="\"%systemroot%\Microsoft.NET\Framewor k\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n frd960]
    "ImagePath"="\SystemRoot\system32\drivers\nfrd960. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N laSvc]
    "ServiceDll"="%SystemRoot%\System32\nlasvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N pfs]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n si]
    "ServiceDll"="%systemroot%\system32\nsisvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n siproxy]
    "ImagePath"="system32\drivers\nsiproxy.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N TDS]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N tfs]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n trigdigi]
    "ImagePath"="\SystemRoot\system32\drivers\ntrigdig i.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N ull]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n vraid]
    "ImagePath"="\SystemRoot\system32\drivers\nvraid.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n vstor]
    "ImagePath"="\SystemRoot\system32\drivers\nvstor.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\n v_agp]
    "ImagePath"="\SystemRoot\system32\drivers\nv_agp.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N wlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N wlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\o dserv]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O EM02Dev]
    "ImagePath"="system32\DRIVERS\OEM02Dev.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\O EM02Vfx]
    "ImagePath"="system32\DRIVERS\OEM02Vfx.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\o hci1394]
    "ImagePath"="system32\DRIVERS\ohci1394.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\o se]
    "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p 2pimsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p 2psvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P arport]
    "ImagePath"="\SystemRoot\system32\drivers\parport. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p artmgr]
    "ImagePath"="System32\drivers\partmgr.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P arvdm]
    "ImagePath"="\SystemRoot\system32\drivers\parvdm.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P caSvc]
    "ServiceDll"="%SystemRoot%\System32\pcasvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P CD5SRVC{3F6A8B78-EC003E00-05040000}]
    "ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\P CD5SRVC.pkms"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p ci]
    "ImagePath"="system32\drivers\pci.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p ciide]
    "ImagePath"="system32\drivers\pciide.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p cmcia]
    "ImagePath"="\SystemRoot\system32\drivers\pcmcia.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P EAUTH]
    "ImagePath"="system32\drivers\peauth.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P erfDisk]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P erfNet]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P erfOS]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P erfProc]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p la]
    "ServiceDll"="%systemroot%\system32\pla.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P lugPlay]
    "ServiceDll"="%SystemRoot%\system32\umpnpmgr.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P ml Driver HPZ12]
    "ServiceDll"="c:\windows\system32\HPZipm12.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P NRPAutoReg]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P NRPsvc]
    "ServiceDll"="%SystemRoot%\system32\p2psvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P olicyAgent]
    "ServiceDll"="%SystemRoot%\System32\ipsecsvc.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P ortProxy]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P ptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P rocessor]
    "ImagePath"="\SystemRoot\system32\drivers\processr .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P rofSvc]
    "ServiceDll"="%systemroot%\system32\profsvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P rotectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P Sched]
    "ImagePath"="system32\DRIVERS\pacer.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\P xHelp20]
    "ImagePath"="System32\Drivers\PxHelp20.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\q l2300]
    "ImagePath"="\SystemRoot\system32\drivers\ql2300.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\q l40xx]
    "ImagePath"="\SystemRoot\system32\drivers\ql40xx.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Q WAVE]
    "ServiceDll"="%windir%\system32\qwave.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Q WAVEdrv]
    "ImagePath"="\SystemRoot\system32\drivers\qwavedrv .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R 300]
    "ImagePath"="system32\DRIVERS\atikmdag.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R asAcd]
    "ImagePath"="System32\DRIVERS\rasacd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R asAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R asl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R asMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R asPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R asSstp]
    "ImagePath"="system32\DRIVERS\rassstp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r dbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R DPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R DPDD]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r dpdr]
    "ImagePath"="\SystemRoot\system32\drivers\rdpdr.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R DPENCDD]
    "ImagePath"="system32\drivers\rdpencdd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R DPNP]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R DPWD]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R emoteAccess]
    "ServiceDLL"="%SystemRoot%\System32\mprdim.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R emoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r immptsk]
    "ImagePath"="system32\DRIVERS\rimmptsk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r imsptsk]
    "ImagePath"="system32\DRIVERS\rimsptsk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r ismxdp]
    "ImagePath"="system32\DRIVERS\rixdptsk.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\R pcSs]
    "ServiceDll"="%SystemRoot%\system32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r spndr]
    "ImagePath"="system32\DRIVERS\rspndr.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S amSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s bp2port]
    "ImagePath"="\SystemRoot\system32\drivers\sbp2port .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S CardSvr]
    "ServiceDll"="%SystemRoot%\System32\SCardSvr.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S chedule]
    "ServiceDll"="%systemroot%\system32\schedsvc.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S CPolicySvc]
    "ServiceDll"="%SystemRoot%\System32\certprop.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s dbus]
    "ImagePath"="system32\DRIVERS\sdbus.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S DRSVC]
    "ServiceDll"="%Systemroot%\System32\SDRSVC.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ecdrv]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s eclogon]
    "ServiceDll"="%windir%\system32\seclogon.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S erenum]
    "ImagePath"="\SystemRoot\system32\drivers\serenum. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S erial]
    "ImagePath"="\SystemRoot\system32\drivers\serial.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ermouse]
    "ImagePath"="\SystemRoot\system32\drivers\sermouse .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S erviceModelEndpoint 3.0.0.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S erviceModelOperation 3.0.0.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S erviceModelService 3.0.0.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S essionEnv]
    "ServiceDLL"="%SystemRoot%\system32\sessenv.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ffdisk]
    "ImagePath"="\SystemRoot\system32\drivers\sffdisk. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ffp_mmc]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_mmc .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ffp_sd]
    "ImagePath"="\SystemRoot\system32\drivers\sffp_sd. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s floppy]
    "ImagePath"="\SystemRoot\system32\drivers\sfloppy. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S haredAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S hellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s isagp]
    "ImagePath"="\SystemRoot\system32\drivers\sisagp.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S iSRaid2]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid2 .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S iSRaid4]
    "ImagePath"="\SystemRoot\system32\drivers\sisraid4 .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s lsvc]
    "ImagePath"="%SystemRoot%\system32\SLsvc.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S LUINotify]
    "ServiceDll"="%SystemRoot%\system32\SLUINotify.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S mb]
    "ImagePath"="system32\DRIVERS\smb.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S MSvcHost 3.0.0.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S NMPTRAP]
    "ImagePath"="%SystemRoot%\System32\snmptrap.ex e"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s pldr]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S pooler]
    "ImagePath"="%SystemRoot%\System32\spoolsv.exe "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s prtsvc_dellsupportcenter]
    "ImagePath"="c:\program files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s ptd]
    "ImagePath"="System32\Drivers\sptd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s p_rssrv]
    "ImagePath"="\"c:\program files\Spyware Terminator\sp_rsser.exe\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s rv]
    "ImagePath"="System32\DRIVERS\srv.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s rv2]
    "ImagePath"="System32\DRIVERS\srv2.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s rvnet]
    "ImagePath"="System32\DRIVERS\srvnet.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S SDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S stpSvc]
    "ServiceDll"="%SystemRoot%\system32\sstpsvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S TacSV]
    "ImagePath"="c:\windows\system32\STacSV.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S THDA]
    "ImagePath"="system32\drivers\stwrt.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S tillCam]
    "ImagePath"="system32\DRIVERS\serscan.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s tisvc]
    "ServiceDll"="%SystemRoot%\System32\wiaservc.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s tllssvr]
    "ImagePath"="\"c:\program files\Common Files\SureThing Shared\stllssvr.exe\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s wenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\s wprv]
    "ServiceDll"="%Systemroot%\System32\swprv.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ymc8xx]
    "ImagePath"="\SystemRoot\system32\drivers\symc8xx. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ym_hi]
    "ImagePath"="\SystemRoot\system32\drivers\sym_hi.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ym_u3]
    "ImagePath"="\SystemRoot\system32\drivers\sym_u3.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\S ysMain]
    "ServiceDll"="%systemroot%\system32\sysmain.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T abletInputService]
    "ServiceDll"="%SystemRoot%\System32\TabSvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T apiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T BS]
    "ServiceDll"="%SystemRoot%\System32\tbssvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip]
    "ImagePath"="System32\drivers\tcpip.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T cpip6]
    "ImagePath"="system32\DRIVERS\tcpip.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\t cpipreg]
    "ImagePath"="System32\drivers\tcpipreg.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T DPIPE]
    "ImagePath"="system32\drivers\tdpipe.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T DTCP]
    "ImagePath"="system32\drivers\tdtcp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\t dx]
    "ImagePath"="system32\DRIVERS\tdx.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T ermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T ermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T hemes]
    "ServiceDll"="%SystemRoot%\system32\shsvcs.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T HREADORDER]
    "ServiceDll"="%SystemRoot%\system32\mmcss.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T rkWks]
    "ServiceDll"="%SystemRoot%\System32\trkwks.dll "
    --

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T rustedInstaller]
    "ImagePath"="%SystemRoot%\servicing\TrustedInstall er.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\T SDDD]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\t ssecsrv]
    "ImagePath"="System32\DRIVERS\tssecsrv.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\t unmp]
    "ImagePath"="system32\DRIVERS\tunmp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\t unnel]
    "ImagePath"="system32\DRIVERS\tunnel.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u agp35]
    "ImagePath"="\SystemRoot\system32\drivers\uagp35.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u dfs]
    "ImagePath"="system32\DRIVERS\udfs.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U Gatherer]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U GTHRSVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U I0Detect]
    "ImagePath"="%SystemRoot%\system32\UI0Detect.e xe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u liagpkx]
    "ImagePath"="\SystemRoot\system32\drivers\uliagpkx .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u liahci]
    "ImagePath"="\SystemRoot\system32\drivers\uliahci. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U lSata]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u lsata2]
    "ImagePath"="\SystemRoot\system32\drivers\ulsata2. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u mbus]
    "ImagePath"="system32\DRIVERS\umbus.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u pnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.d ll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sb]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbcir]
    "ImagePath"="\SystemRoot\system32\drivers\usbcir.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbohci]
    "ImagePath"="\SystemRoot\system32\drivers\usbohci. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbprint]
    "ImagePath"="system32\DRIVERS\usbprint.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U SBSTOR]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\u sbuhci]
    "ImagePath"="system32\DRIVERS\usbuhci.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\U xSms]
    "ServiceDll"="%SystemRoot%\System32\uxsms.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v ds]
    "ImagePath"="%SystemRoot%\System32\vds.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v ga]
    "ImagePath"="system32\DRIVERS\vgapnp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\V gaSave]
    "ImagePath"="\SystemRoot\System32\drivers\vga. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v iaagp]
    "ImagePath"="\SystemRoot\system32\drivers\viaagp.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\V iaC7]
    "ImagePath"="\SystemRoot\system32\drivers\viac7.sy s"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v iaide]
    "ImagePath"="\SystemRoot\system32\drivers\viaide.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v olmgr]
    "ImagePath"="system32\drivers\volmgr.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v olmgrx]
    "ImagePath"="System32\drivers\volmgrx.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v olsnap]
    "ImagePath"="system32\drivers\volsnap.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\v smraid]
    "ImagePath"="\SystemRoot\system32\drivers\vsmraid. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\V SS]
    "ImagePath"="%systemroot%\system32\vssvc.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W 32Time]
    "ServiceDll"="%systemroot%\system32\w32time.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W 3SVC]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W acomPen]
    "ImagePath"="\SystemRoot\system32\drivers\wacompen .sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W anarp]
    "ImagePath"="system32\DRIVERS\wanarp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W anarpv6]
    "ImagePath"="system32\DRIVERS\wanarp.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w cncsvc]
    "ServiceDll"="%SystemRoot%\System32\wcncsvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W csPlugInService]
    "ServiceDll"="%SystemRoot%\System32\WcsPlugInServi ce.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W d]
    "ImagePath"="\SystemRoot\system32\drivers\wd.s ys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W df01000]
    "ImagePath"="system32\drivers\Wdf01000.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W diServiceHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W diSystemHost]
    "ServiceDll"="%SystemRoot%\system32\wdi.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W ebClient]
    "ServiceDll"="%SystemRoot%\System32\webclnt.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W ecsvc]
    "ServiceDll"="%SystemRoot%\system32\wecsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w ercplsupport]
    "ServiceDll"="%SystemRoot%\System32\wercplsupport. dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W erSvc]
    "ServiceDll"="%SystemRoot%\System32\WerSvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w inachsf]
    "ImagePath"="system32\DRIVERS\HSX_CNXT.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W inDefend]
    "ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W indows Workflow Foundation 3.0.0.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W inHttpAutoProxySvc]
    "ServiceDll"="winhttp.dll"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W inmgmt]
    "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W inRM]
    "ServiceDll"="%SystemRoot%\system32\WsmSvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W insock]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W inSock2]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W lansvc]
    "ServiceDll"="%SystemRoot%\System32\wlansvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w ltrysvc]
    "ImagePath"="%SystemRoot%\System32\WLTRYSVC.EX E %SystemRoot%\System32\bcmwltry.exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W miAcpi]
    "ImagePath"="system32\DRIVERS\wmiacpi.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W miApRpl]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w miApSrv]
    "ImagePath"="%systemroot%\system32\wbem\WmiApSrv.e xe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W MPNetworkSvc]
    "ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W PCSvc]
    "ServiceDll"="%SystemRoot%\System32\wpcsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W PDBusEnum]
    "ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W pdUsb]
    "ImagePath"="system32\DRIVERS\wpdusb.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w s2ifsl]
    "ImagePath"="\SystemRoot\system32\drivers\ws2ifsl. sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w scsvc]
    "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll "

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W Search]
    "ImagePath"="%systemroot%\system32\SearchIndexer.e xe /Embedding"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W SearchIdxPi]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w uauserv]
    "ServiceDll"="%systemroot%\system32\wuaueng.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W UDFRd]
    "ImagePath"="system32\DRIVERS\WUDFRd.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\w udfsvc]
    "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dl l"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X Audio]
    "ImagePath"="system32\DRIVERS\xaudio.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X AudioService]
    "ImagePath"="%SystemRoot%\system32\DRIVERS\xaudio. exe"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\x mlprov]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\y ukonwlh]
    "ImagePath"="system32\DRIVERS\yk60x86.sys"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ 84FC5C4D-49B0-433A-9B7A-C2DD0E6C2161}]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{ E82AFCB5-362C-4003-A239-B67FDA59EB79}]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3981050607-646183067-187781789-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{439E00D8-2CAE-6BA8-AFDC-D287C38DFD11}*]
    "jaadekmimlepanoekbjj"=hex:62,61,62,6e,00,00
    "iaacggigcndaecdbla"=hex:6b,61,64,65,6a,6a,6a,64,6 a,6c,6f,6d,69,62,6f,62,66,6f,
    61,63,6b,70,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\k biwkmixitsepc]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\driver s\\kbiwkmxnvfnbuv.sys"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3772)
    c:\windows\system32\ieframe.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\windows\System32\WLTRYSVC.EXE
    c:\windows\System32\BCMWLTRY.EXE
    c:\windows\System32\wlanext.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\System32\drivers\XAudio.exe
    c:\windows\System32\wbem\WMIADAP.exe
    .
    ************************************************** ************************
    .
    Completion time: 2009-08-31 23:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-08-31 03:25

    Pre-Run: 64,454,746,112 bytes free
    Post-Run: 64,273,260,544 bytes free

    990 --- E O F --- 2009-08-29 21:32
  5. 31-08-2009  #4
    ihui
    ihui is offline Newbie
    When I try to run HijackThis, it says:
    Windows cannot access the specified device, path or file. You may not have the appropriate actions to access the item.

    Would uninstalling this and reinstalling it again solve the problem?

    Thanks
  6. 31-08-2009  #5
    broni
    broni is offline Senior Member
    You did well, regarding AVG.
    Let's get its leftovers out.
    Download and run AVG Remover: AVG Antivirus and Security Software - Tools download

    As for HJT...
    Since you're running Vista, right click on HijackThis, and click Run as Administrator
    If that doesn't work, uninstall/reinstall.

    You do the above, and I'll take a look at your Combofix log.
  7. 31-08-2009  #6
    broni
    broni is offline Senior Member
    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.


    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
c:\windows\DUMP4c5a.tmp
c:\windows\System32\Drivers\avgldx86.sys
c:\windows\System32\Drivers\avgtdix.sys


Folder::
c:\users\Ivan\AppData\Local\Symantec
c:\programdata\Norton
c:\program files\NortonInstaller
c:\programdata\NortonInstaller
c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec
c:\progra~1\AVG


Driver::
avg8emc
AvgLdx86
AvgTdiX
avg8wd

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{509E118E-7BF8-437E-8D94-67EA0CC0441D}"=-
"{3E4178C3-5E6E-48EF-8CD8-0F05780A0345}"=-

RegLockDel::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbiwkmixitsepc]

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
  8. 31-08-2009  #7
    ihui
    ihui is offline Newbie
    Trying to run the 32bit AVG remover gets me a message saying that an illegal operation is being attempted on a registry key marked for deletion.
    The 64bit one says it isn't compatible with my windows.

    Running HijackThis as Administrator gives me the same message as before and I tried to uninstall it but a message says that I don't have sufficient access to do so and that I should contact my system administrator..

    That's strange.. I guess something is messing with administrator powers.

    Thanks again for your trouble, I just hope it isn't TOO much trouble.
  9. 31-08-2009  #8
    ihui
    ihui is offline Newbie
    Now this scares me the most out of all that's happened so far.

    I tried to open Notepad and the same "Illegal operation operated on registry key marked for deletion" message came up.

    I am able to open my microsoft word, though. So should I proceed with saving a .txt file from there?
  10. 31-08-2009  #9
    broni
    broni is offline Senior Member
    Restart computer.
  11. 31-08-2009  #10
    ihui
    ihui is offline Newbie
    Save 20% on AVG Internet Security 2012 Suite!
    Restarted and Notepad opened so I was able to copy and save the code.
    Dragged the txt onto Combofix but after the prompts saying that AVG was still running, Combofix seemed to close and nothing happened.

    Still no luck with HijackThis.
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« Links Redirected! Help Please! | [Active] Recycler Virus Help! »