Anti Virus 2010 Plus more and mbam starts.....

How is the machine running now?

its running smoother i made another user account and am useing that 1 but i still cannot run mbam or spyware doctor they both shut off

I cannot run any maleware removal programs they all close after the first few seconds of running them and I dont even wanna check what my other user profile does when I log onto it any reason why?

Hello.

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  
• It will show a Black screen with some data on it.
  
• Right click on the screen and click Select All.
  
• Press CTRL C
  
• Open a Notepad and press CTRL V
  
• Post the output back here.
  

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...



i am now useing on screen keyboard cause regular ones wont work help also had to make another user acct do you think you could maybe use crossloop to help?

also noticed inefolif.dll is in my startup everyime i uncheck it rechecks on startup

Got my keyboard working!!! WooHooo!!! But still alot of messed up things so you helping me is awsome

Please run Combofix one more time and post the new log.

ComboFix 10-10-06.02 - ackkkkkk 10/06/2010 18:29:25.6.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.367.160 [GMT -5:00]
Running from: c:\documents and settings\ackkkkkk\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ackkkkkk\LOCALS~1\Temp\SAS9.tmp
c:\documents and settings\ackkkkkk\Local Settings\Temp\SAS9.tmp
c:\documents and settings\Main\Application Data\hotfix.exe
c:\documents and settings\Main\Application Data\inst.exe
c:\documents and settings\Main\Application Data\srsf.bat
c:\documents and settings\Main\g2mdlhlpx.exe
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\chrome.manifest
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\chrome\content\_cfg.js
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\chrome\content\overlay.xul
c:\documents and settings\Main\Local Settings\Application Data\{4DA1D09F-6FF4-4024-AE2F-7BE883EE0890}\install.rdf
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\windows\system32\spool\prtprocs\w32x86\MY555.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

-- Previous Run --

Infected copy of c:\windows\system32\DRIVERS\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

Infected copy of c:\windows\system32\DRIVERS\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\system32\DRIVERS\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\winlogon.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

--------

c:\windows\system32\userinit.exe . . . is infected!!

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\winlogon.exe

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-06 to 2010-10-06 )))))))))))))))))))))))))))))))
.

2010-10-06 03:27 . 2010-10-06 03:39 63488 ----a-w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-06 03:26 . 2010-10-06 03:26 52224 ----a-w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-10-06 03:25 . 2010-10-06 03:39 117760 ----a-w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-06 03:25 . 2010-10-06 03:25 -------- d-----w- c:\documents and settings\ackkkkkk\Application Data\SUPERAntiSpyware.com
2010-10-06 03:08 . 2010-10-06 03:08 0 ----a-w- c:\windows\nsreg.dat
2010-10-06 03:08 . 2010-10-06 03:08 -------- d-----w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\Mozilla
2010-10-06 03:00 . 2010-10-06 03:00 -------- d-----w- c:\documents and settings\ackkkkkk\Application Data\Malwarebytes
2010-10-06 02:32 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-10-06 02:32 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-10-06 02:14 . 2010-10-06 02:14 -------- d-----w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\Adobe
2010-10-06 01:29 . 2010-10-06 01:30 16992 ----a-w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-10-06 01:08 . 2010-10-06 01:08 -------- d-sh--w- c:\documents and settings\ackkkkkk\IETldCache
2010-10-06 01:07 . 2010-10-06 01:07 -------- d-sh--w- c:\documents and settings\ackkkkkk\PrivacIE
2010-10-06 00:38 . 2010-10-06 00:38 -------- d-----w- c:\documents and settings\ackkkkkk\Local Settings\Application Data\{0968B9C0-3720-47AA-AE07-DCE21C191A09}
2010-10-06 00:36 . 2010-10-06 00:36 -------- d-----w- C:\FOUND.006
2010-10-06 00:31 . 2010-10-06 00:31 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-10-06 00:30 . 2010-10-06 00:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-10-06 00:29 . 2010-10-06 00:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2010-10-06 00:29 . 2010-10-06 00:29 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-10-06 00:28 . 2010-10-06 00:28 -------- d-----w- C:\FOUND.005
2010-10-06 00:10 . 2010-10-06 00:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2010-10-06 00:09 . 2010-10-06 00:09 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\{B287F30E-08D9-41E6-A0A2-EA296289C4ED}
2010-10-06 00:05 . 2010-10-06 00:05 -------- d-----w- C:\FOUND.004
2010-10-06 00:02 . 2010-10-06 00:02 120 ----a-w- c:\windows\Ydosivaf.dat
2010-10-06 00:02 . 2010-10-06 00:02 0 ----a-w- c:\windows\Fnejogavimov.bin
2010-10-06 00:00 . 2010-10-06 00:01 45056 ----a-w- c:\documents and settings\NetworkService\Application Data\n2ivc.exe
2010-10-06 00:00 . 2010-10-06 00:00 38252 ----a-w- c:\documents and settings\Main\Application Data\Genieo\Application\Partner\uninstall\myHomey\partner_uninstall.exe
2010-10-06 00:00 . 2010-10-06 00:00 -------- d-----w- c:\documents and settings\Main\Application Data\Genieo
2010-10-06 00:00 . 2010-10-06 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-10-05 02:58 . 2010-10-05 02:58 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-05 02:46 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-10-04 21:29 . 2010-10-04 21:29 -------- d-----w- c:\documents and settings\Main\Application Data\ImgBurn
2010-10-04 21:00 . 2010-10-04 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2010-10-04 19:05 . 2010-10-04 19:05 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-10-04 19:05 . 2010-10-04 19:05 47360 ----a-w- c:\documents and settings\Main\Application Data\pcouffin.sys
2010-10-04 19:05 . 2010-10-04 19:05 -------- d-----w- c:\documents and settings\Main\Application Data\Vso
2010-10-04 19:05 . 2010-02-09 20:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-10-04 19:05 . 2010-02-09 20:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-10-04 19:05 . 2010-02-09 20:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-10-04 19:05 . 2010-02-09 20:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-10-04 19:05 . 2010-02-09 20:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-10-04 19:05 . 2010-02-09 20:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-10-04 19:05 . 2010-02-09 20:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-10-04 19:05 . 2010-10-04 19:05 -------- d-----w- c:\program files\VSO
2010-10-04 18:42 . 2010-10-04 18:42 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\AskToolbar
2010-10-04 18:41 . 2010-10-04 18:41 -------- d-----w- c:\documents and settings\Main\Application Data\BitTorrent
2010-10-04 13:31 . 2010-10-04 13:31 -------- d-----w- c:\program files\MSECache
2010-10-01 13:34 . 2010-10-01 13:34 -------- d-----w- c:\program files\Citrix
2010-09-30 23:59 . 2010-09-30 23:59 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ATI
2010-09-30 23:59 . 2010-09-30 23:59 -------- d-----w- c:\documents and settings\Main\Application Data\ATI
2010-09-29 00:36 . 2010-09-29 00:35 77312 ----a-w- C:\mbr.exe
2010-09-28 18:17 . 2010-09-28 18:17 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Adobe
2010-09-28 01:47 . 2010-09-28 01:47 388096 ----a-r- c:\documents and settings\Main\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 01:47 . 2010-09-28 01:47 -------- d-----w- c:\program files\Trend Micro
2010-09-28 01:47 . 2010-09-28 01:47 1402880 ----a-w- C:\HiJackThis.msi
2010-09-26 18:15 . 2010-09-26 18:35 63488 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-26 18:15 . 2010-09-26 18:15 52224 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-26 18:15 . 2010-09-26 18:35 117760 ----a-w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-26 18:15 . 2010-09-26 18:15 -------- d-----w- c:\documents and settings\Main\Application Data\SUPERAntiSpyware.com
2010-09-26 17:32 . 2010-09-26 17:32 15 ----a-w- c:\documents and settings\Main\settings.dat
2010-09-26 15:22 . 2010-09-26 15:22 -------- d-sh--w- c:\documents and settings\Main\IECompatCache
2010-09-26 03:09 . 2010-09-26 03:09 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\HP
2010-09-26 03:08 . 2010-09-26 03:08 127 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\fusioncache.dat
2010-09-26 03:08 . 2010-09-26 03:08 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\ApplicationHistory
2010-09-26 03:06 . 2010-09-26 03:07 13104 ----a-w- c:\documents and settings\Main\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-sh--w- c:\documents and settings\Main\IETldCache
2010-09-26 03:03 . 2010-09-26 03:03 -------- d-----w- c:\documents and settings\Main\Local Settings\Application Data\Threat Expert
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-sh--w- c:\documents and settings\Main\PrivacIE
2010-09-26 03:02 . 2010-09-26 03:02 -------- d-----w- c:\documents and settings\Main\Application Data\Yahoo!
2010-09-26 03:01 . 2010-09-26 03:01 -------- d-----w- c:\documents and settings\Main\Application Data\Malwarebytes
2010-09-26 02:03 . 2010-09-26 02:03 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Threat Expert
2010-09-24 19:57 . 2010-09-24 19:57 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-24 19:56 . 2010-09-24 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-24 18:27 . 2010-09-24 18:27 -------- d-----w- C:\$AVG
2010-09-24 18:05 . 2010-09-24 18:05 -------- d-----w- c:\program files\AVG
2010-09-24 15:35 . 2010-09-24 15:35 -------- d-----w- C:\FOUND.003
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\CCleaner
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-24 01:40 . 2010-09-24 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:23 . 2010-09-23 17:23 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-23 05:57 . 2010-09-23 05:57 -------- d-----w- c:\documents and settings\All Users\Application Data\hostsvr
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2010-09-22 22:32 . 2010-09-22 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
2010-09-22 20:22 . 2010-09-22 20:22 -------- d-----w- c:\documents and settings\Home\Application Data\UltraVNC
2010-09-22 20:16 . 2010-09-22 20:16 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\CrossLoop
2010-09-19 10:46 . 2010-09-19 10:46 318832 ----a-w- c:\documents and settings\Main\Application Data\Genieo\Application\Updater\genieo_temp\homey_setup.exe
2010-09-19 10:46 . 2010-09-19 10:46 455552 ----a-w- c:\documents and settings\Main\Application Data\Genieo\Application\Updater\genieo_temp\InstallMyHomey.exe
2010-09-14 13:45 . 2010-09-14 13:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities
2010-09-14 13:04 . 2010-09-14 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-14 00:34 . 2010-09-14 00:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-14 00:27 . 2010-09-14 00:27 -------- d-----w- c:\program files\Games
2010-09-13 22:25 . 2010-09-13 22:26 -------- d-----w- c:\documents and settings\Home\Application Data\Exent Technologies
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Free_Ride_Games
2010-09-13 22:21 . 2010-09-13 22:21 64 ----a-w- c:\windows\GPlrLanc.dat
2010-09-13 22:21 . 2001-09-05 10:23 56320 ----a-w- c:\documents and settings\All Users\Application Data\Free Ride Games\Setup.exe
2010-09-13 22:21 . 2010-09-13 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2010-09-11 13:30 . 2010-09-11 13:30 -------- d-----w- C:\games
2010-09-10 17:39 . 2010-09-10 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-10 17:35 . 2010-09-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2010-09-08 22:00 . 2010-09-08 22:00 -------- d-----w- c:\program files\PokerStars.NET
2010-09-07 20:57 . 2010-09-07 20:57 -------- d-----w- c:\documents and settings\Home\Application Data\Yahoo!
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\HipSoft
2010-09-07 20:20 . 2010-09-07 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-09-07 20:18 . 2010-09-07 20:18 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-06 02:27 . 2010-08-02 00:35 3064 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 17:39 . 2010-09-22 22:29 112 ----a-w- c:\documents and settings\All Users\Application Data\3p2Mxs6D1.dat
2010-09-13 00:02 . 2010-08-02 00:35 2728 ----a-w- c:\windows\system32\d3d8caps.dat
2010-09-02 22:29 . 2010-09-02 22:29 127 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\fusioncache.dat
2010-09-01 08:00 . 2010-09-01 08:00 -------- d-----w- c:\program files\MSXML 4.0
2010-08-31 21:12 . 2010-08-31 20:52 68964 ----a-w- c:\windows\hpoins05.dat
2010-08-31 21:02 . 2010-08-31 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-08-31 21:01 . 2010-08-31 21:01 -------- d-----w- c:\program files\Common Files\HP
2010-08-31 21:00 . 2010-08-31 21:00 -------- d-----w- c:\program files\Hewlett-Packard
2010-08-31 20:59 . 2010-08-31 20:59 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-08-31 20:41 . 2010-08-31 20:41 10134 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-08-31 20:41 . 2010-08-31 20:41 -------- d-----w- c:\program files\HP
2010-08-31 20:34 . 2010-08-31 20:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-31 20:32 . 2010-08-31 20:32 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-31 20:27 . 2010-08-31 20:27 -------- d-----w- c:\program files\Google
2010-08-31 20:23 . 2010-08-31 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-08-31 20:22 . 2010-08-31 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-08-31 20:21 . 2010-08-31 20:21 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2010-08-26 19:59 . 2010-08-26 19:59 -------- d-----w- c:\documents and settings\Home\Application Data\Media Player Classic
2010-08-24 00:50 . 2010-08-24 00:50 -------- d-----w- c:\program files\Sierra
2010-08-13 17:26 . 2010-08-13 17:26 -------- d-----w- c:\documents and settings\Home\Application Data\ImgBurn
2010-08-13 02:57 . 2010-08-13 02:58 19849216 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\CaesarIV.exe
2010-08-13 02:43 . 2010-08-13 02:58 11331309 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\caesariv_update_en_10_11.exe
2010-08-12 23:35 . 2010-08-12 23:35 -------- d-----w- c:\program files\Realtek
2010-08-12 23:20 . 2010-08-13 03:01 2280 ----a-w- c:\documents and settings\Home\Application Data\BitTorrent\Caesar IV [RELOADED crack and keygen with update v1.0-1.1][h33t.com PC 2xCD IMAGE]\rld-c4kg.exe
2010-08-12 08:06 . 2010-08-12 08:06 -------- d-----w- c:\program files\MSXML 6.0
2010-08-10 23:47 . 2010-08-02 15:41 13104 ----a-w- c:\documents and settings\Home\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\Home\Application Data\ATI
2010-08-10 23:47 . 2010-08-10 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2010-08-10 23:46 . 2010-08-10 23:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\ATI Technologies
2010-08-10 23:24 . 2010-08-02 00:03 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-08-09 09:58 . 2010-08-09 09:58 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-d3d.dll
2010-08-09 09:58 . 2010-08-09 09:58 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-306db4bb-n\decora-sse.dll
2010-08-09 09:58 . 2010-08-09 09:58 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcp71.dll
2010-08-09 09:58 . 2010-08-09 09:58 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\jmc.dll
2010-08-09 09:58 . 2010-08-09 09:58 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5587d11c-n\msvcr71.dll
2010-08-03 04:40 . 2010-08-02 00:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-02 00:49 . 2010-08-02 00:49 61440 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-sse.dll
2010-08-02 00:49 . 2010-08-02 00:49 503808 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcp71.dll
2010-08-02 00:49 . 2010-08-02 00:49 499712 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\jmc.dll
2010-08-02 00:49 . 2010-08-02 00:49 348160 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-652744db-n\msvcr71.dll
2010-08-02 00:49 . 2010-08-02 00:49 12800 ----a-w- c:\documents and settings\Home\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1fb174e6-n\decora-d3d.dll
2010-07-27 23:42 . 2010-08-02 14:43 1774720 ----a-w- c:\windows\system32\BootMan.exe
2010-07-17 10:00 . 2010-08-02 15:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 13:44 . 2010-08-02 14:43 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-07-15 13:44 . 2010-08-02 14:43 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-07-15 13:44 . 2010-08-02 14:43 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2008-07-25 16:17 . 2008-07-25 16:17 1172472 ----a-w- c:\program files\rst32i.exe
.


------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[-] 2004-08-04 . 3583C761EBB02A32101D803D6C72B941 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ERDNT\cache\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[-] 2004-08-04 . C2828822F8189939BCA7FA4AF1E063BF . 1032192 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iwodufisawan"="c:\windows\inefolif.dll" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe" [2010-08-11 232912]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Home\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
2001-09-27 06:39 245760 ----a-w- c:\windows\system32\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
c:\progra~1\AVG\AVG9\avgtray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2010-10-04 18:41 654648 ----a-w- d:\program files\BitTorrent\BitTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cnimetofiw]
2004-08-04 17:00 86528 ----a-w- c:\windows\wrtoc40.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 17:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-09-13 20:49 49152 ----a-w- c:\program files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iwodufisawan]
c:\windows\inefolif.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-07-28 19:19 4841472 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
2003-07-28 19:19 852038 ----a-w- c:\windows\system32\nview.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 19:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 19:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-07-26 23:25 16120832 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
c:\program files\Spybot - Search & Destroy\TeaTimer.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-31 20:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers]
d:\program files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"tvnserver"=3 (0x3)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"NVSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"CrossLoopService"=2 (0x2)
"Browser Defender Update Service"=2 (0x2)
"avg9wd"=2 (0x2)
"avg9emc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Steam\\steamapps\\phewdont\\condition zero\\hl.exe"=
"d:\\Steam\\steamapps\\jpfammon\\condition zero\\hl.exe"=
"d:\\Warcraft III\\Replay\\ACSPMonitor\\ASMonitor.exe"=
"d:\\Program Files\\BitTorrent\\BitTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56769:TCP"= 56769:TCP:Pando Media Booster
"56769:UDP"= 56769:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"5910:TCP"= 5910:TCP:vnc5910

R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [8/4/2004 12:00 PM 12800]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/2/2010 9:43 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/2/2010 9:43 AM 8456]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [8/2/2010 9:37 AM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [8/2/2010 9:37 AM 11104]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/31/2010 3:29 PM 136176]

--- Other Services/Drivers In Memory ---

*Deregistered* - sdzutpx
.
Contents of the 'Scheduled Tasks' folder

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]

2010-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-31 20:28]
.
.
------- Supplementary Scan -------
.
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\documents and settings\ackkkkkk\Application Data\Mozilla\Firefox\Profiles\wxjlwjb9.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\SASSEH.DLL
Notify-!SASWinLogon - d:\program files\SASWINLO.DLL



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"=""c:\program files\Google\Update\GoogleUpdate.exe" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"=""c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"=""c:\program files\Java\jre6\bin\jqs.exe" -service -config "c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"=""c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NISUM]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcouffin]
"ImagePath"="System32\Drivers\pcouffin.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdrvio]
"ImagePath"="\??\c:\windows\system32\pwdrvio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwdspio]
"ImagePath"="\??\c:\windows\system32\pwdspio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sdzutpx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="\SystemRoot\system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{7C0B9950-F190-485F-80FB-84FE35E631A1}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VFILT]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"=""c:\program files\Windows Media Player\WMPNetwk.exe""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{0C241DC6-A494-491F-8B71-70840F329E5E}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{177A9868-AB79-4266-95FD-3C504C209879}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1540)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-10-06 18:42:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-06 23:42
ComboFix2.txt 2010-09-29 15:21

Pre-Run: 2,438,545,408 bytes free
Post-Run: 2,605,907,968 bytes free

- - End Of File - - C9AE86201956D037D0CC97F1281669EF

Not good, TDL4.

Do you have your XP disc?

Yes I have my xp disc but I do not have my cd-key is there a way to get it off my computer and plz dont tell me reformatt is the way to go!

Format is the last option, but the way your machine is looking right now, doesn't look too good.

If this fix fails, then format may be the only option.

What drive letter is your CD drive?

E: Drive is my cd-rom/dvd rom internal i also have G: drive external I have found my cd-key as well even but lets try your last option

Hello.

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   Code:

   
KILLALL::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iwodufisawan"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cnimetofiw]

Driver::
mvb35316

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.