We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Kaspersky Found 6 Trojans - Could someone take a look please?
Comments
-
Did as suggested.
Here is the file
In different parts
ComboFix 10-04-06.04 - Woodies 07/04/2010 15:15:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.538 [GMT 1:00]
Running from: c:\documents and settings\Woodies\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Woodies\Application Data\inst.exe
c:\recycler\S-1-5-21-2613712753-1050240633-3494479008-500
c:\windows\eSellerateEngine.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-03-07 to 2010-04-07 )))))))))))))))))))))))))))))))
.
2010-04-07 09:06 . 2010-04-07 09:06
d
w- c:\program files\Trend Micro
2010-04-06 14:22 . 2010-04-06 14:22 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-04-06 14:22 . 2010-04-06 14:22 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-04-06 14:22 . 2010-04-06 14:22 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-04-06 14:22 . 2010-04-06 14:22 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-04-06 14:22 . 2010-04-06 14:22 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-04-06 14:22 . 2010-04-06 14:22 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-06 14:22 . 2010-04-06 14:22 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-04-06 14:12 . 2010-04-06 14:12 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-06 14:12 . 2010-04-06 14:12 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-06 14:10 . 2010-04-07 06:48
d
w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-04-06 14:10 . 2010-04-06 14:10
d
w- c:\program files\Kaspersky Lab
2010-04-06 13:31 . 2010-04-06 13:31
d
w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-03-31 15:39 . 2010-03-31 15:39 503808 ----a-w- c:\documents and settings\Woodies\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a225d38-n\msvcp71.dll
2010-03-31 15:39 . 2010-03-31 15:39 499712 ----a-w- c:\documents and settings\Woodies\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a225d38-n\jmc.dll
2010-03-31 15:39 . 2010-03-31 15:39 348160 ----a-w- c:\documents and settings\Woodies\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a225d38-n\msvcr71.dll
2010-03-31 15:39 . 2010-03-31 15:39 61440 ----a-w- c:\documents and settings\Woodies\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3fda09c3-n\decora-sse.dll
2010-03-31 15:39 . 2010-03-31 15:39 12800 ----a-w- c:\documents and settings\Woodies\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3fda09c3-n\decora-d3d.dll
2010-03-23 20:24 . 2008-05-06 06:01 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-03-23 20:24 . 2008-05-06 06:01 16512 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-03-23 20:24 . 2010-03-23 20:24
d
w- c:\program files\Xilisoft
2010-03-21 09:26 . 2010-03-21 09:26
d
w- c:\program files\iPod
2010-03-21 09:26 . 2010-03-21 09:27
d
w- c:\program files\iTunes
2010-03-21 09:21 . 2010-03-21 09:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-14 10:11 . 2010-03-14 10:12
d
w- c:\program files\Safari
2010-03-14 10:08 . 2010-03-14 10:08 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-11 17:23 . 2009-10-23 15:28 3558912
w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 10:20 . 2009-04-18 10:47
d
w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-07 09:16 . 2009-04-14 13:35
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 09:16 . 2009-07-12 09:53 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-06 17:15 . 2007-05-27 17:14
d
w- c:\documents and settings\All Users\Application Data\Skype
2010-03-31 15:39 . 2007-04-11 19:13
d
w- c:\program files\Common Files\Java
2010-03-31 15:38 . 2007-04-11 19:13
d
w- c:\program files\Java
2010-03-29 23:46 . 2009-04-14 13:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-04-14 13:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 14:56 . 2010-01-16 12:33
d
w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-21 09:26 . 2008-07-22 16:48
d
w- c:\program files\Common Files\Apple
2010-03-14 10:19 . 2007-04-11 19:13
d
w- c:\program files\QuickTime
2010-03-09 03:28 . 2008-12-02 10:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-06 14:03 . 2007-04-18 16:13 48480 ----a-w- c:\documents and settings\Woodies\Application Data\wklnhst.dat
2010-03-04 16:12 . 2010-03-04 16:12
d
w- c:\documents and settings\Woodies\Application Data\Amazon
2010-03-04 16:09 . 2010-03-04 16:09
d
w- c:\program files\Amazon
2010-03-03 09:36 . 2007-04-18 17:20
d
w- c:\program files\Watchtower
2010-02-28 09:56 . 2009-12-07 15:05
d
w- c:\program files\Handbrake
2010-02-25 06:24 . 2004-09-10 13:57 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 10:16 . 2009-10-03 10:38 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-20 21:46 . 2010-01-03 16:56
d
w- c:\documents and settings\Woodies\Application Data\skypePM
2010-02-12 10:03 . 2010-03-08 13:50 293376
w- c:\windows\system32\browserchoice.exe
2010-02-10 18:25 . 2009-11-30 12:53 93376 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-28 18:31 . 2006-10-17 07:07 114616 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14/10/2009 20:18 36880]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [18/04/2009 11:50 130424]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [18/04/2009 11:51 159600]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [18/04/2009 11:50 73840]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 12:31 92008]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14/09/2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/10/2009 18:39 19472]
S3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\drivers\optousb.sys [13/11/2009 11:42 18432]
S3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\drivers\optovcm.sys [13/11/2009 11:42 26368]
S3 pctplfw;pctplfw;\??\c:\windows\system32\drivers\pctplfw.sys --> c:\windows\system32\drivers\pctplfw.sys [?]
S3 SPCA508A;iCam320;c:\windows\system32\drivers\SPCA508A.SYS [08/07/2007 13:49 99014]
.
Contents of the 'Scheduled Tasks' folder
2010-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 12:34]
2010-04-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-11 10:47]
.
.
Supplementary Scan
.
uStart Page = hxxp://www.virginmedia.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: shopandscan.com\www
Trusted Zone: virginmedia.com\www
DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} - hxxp://www.shopandscan.com/TNSClicker.CAB
DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} - hxxp://www.shopandscan.com/TNSClickrc.CAB
FF - ProfilePath - c:\documents and settings\Woodies\Application Data\Mozilla\Firefox\Profiles\prfdz3yx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.virginmedia.com/
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - c:\program files\NOS\bin\getPlus_HelperSvc.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 15:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 00 -
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
"ImagePath"="system32\DRIVERS\ABP480N5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
"ImagePath"="system32\DRIVERS\adpu160m.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFGMp50]
"ImagePath"="System32\Drivers\AFGMp50.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFGSp50]
"ImagePath"="System32\Drivers\AFGSp50.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="system32\DRIVERS\agp440.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agpCPQ]
"ImagePath"="system32\DRIVERS\agpCPQ.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
"ImagePath"="system32\DRIVERS\aha154x.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
"ImagePath"="system32\DRIVERS\aic78u2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
"ImagePath"="system32\DRIVERS\aic78xx.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
"ImagePath"="system32\DRIVERS\aliide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\alim1541]
"ImagePath"="system32\DRIVERS\alim1541.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amdagp]
"ImagePath"="system32\DRIVERS\amdagp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
"ImagePath"="system32\DRIVERS\amsint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AOL ACS]
"ImagePath"="c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
"ImagePath"="system32\DRIVERS\asc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
"ImagePath"="system32\DRIVERS\asc3350p.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
"ImagePath"="system32\DRIVERS\asc3550.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASCTRM]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aspi32]
"ImagePath"="System32\drivers\aspi32.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVP]
"ImagePath"="\"c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe\" -r"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Woodies\LOCALS~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf]
"ImagePath"="system32\DRIVERS\cbidf2k.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="system32\DRIVERS\cd20xrnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="system32\DRIVERS\cmdide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="system32\DRIVERS\cpqarray.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="system32\DRIVERS\dac2w2k.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="system32\DRIVERS\dac960nt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcCam]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="system32\DRIVERS\dpti2o.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehRecvr]
"ImagePath"="c:\windows\eHome\ehRecvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ehSched]
"ImagePath"="c:\windows\eHome\ehSched.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FETND5BV]
"ImagePath"="system32\DRIVERS\fetnd5bv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\getPlus(R) Helper]
"ImagePath"="c:\program files\NOS\bin\getPlus_HelperSvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""0 -
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irsir]
"ImagePath"="system32\DRIVERS\irsir.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kl1]
"ImagePath"="\??\c:\windows\system32\drivers\kl1.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klbg]
"ImagePath"="system32\drivers\klbg.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KLIF]
"ImagePath"="system32\DRIVERS\klif.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klim5]
"ImagePath"="system32\DRIVERS\klim5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\klmouflt]
"ImagePath"="system32\DRIVERS\klmouflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KodakCCS]
"ImagePath"="%SystemRoot%\system32\drivers\KodakCCS.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\McrdSvc]
"ImagePath"="c:\windows\ehome\mcrdsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHN]
"ServiceDll"="%SystemRoot%\System32\mhn.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MHNDRV]
"ImagePath"="system32\DRIVERS\mhndrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Microsoft Office Groove Audit Service]
"ImagePath"="\"c:\program files\Microsoft Office\Office12\GrooveAuditService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NBService]
"ImagePath"="c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odserv]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\optousb]
"ImagePath"="system32\DRIVERS\optousb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\optovcm]
"ImagePath"="system32\DRIVERS\optovcm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcouffin]
"ImagePath"="System32\Drivers\pcouffin.sys"0 -
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTAppEvent]
"ImagePath"="\??\c:\windows\system32\drivers\PCTAppEvent.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCTCore]
"ImagePath"="system32\drivers\PCTCore.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pctgntdi]
"ImagePath"="\??\c:\windows\system32\drivers\pctgntdi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCToolsFirewallPlus]
"ImagePath"="c:\program files\PC Tools Firewall Plus\FWService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pctplfw]
"ImagePath"="\??\c:\windows\system32\drivers\pctplfw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasirda]
"ImagePath"="system32\DRIVERS\rasirda.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
"ImagePath"="system32\DRIVERS\ser2pl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SFilter]
"ImagePath"="system32\DRIVERS\pctfw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SPCA508A]
"ImagePath"="system32\DRIVERS\SPCA508A.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{A016769C-3EE0-4AFB-918B-FF7C7B60DFE7}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]0 -
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TomTomHOMEService]
"ImagePath"="c:\program files\TomTom HOME 2\TomTomHOMEService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UleadBurningHelper]
"ImagePath"="c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UMWdf]
"ImagePath"="c:\windows\system32\wdfmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBDeviceService]
"ImagePath"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaidexp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viamraid]
"ImagePath"="system32\DRIVERS\viamraid.sys\00mraid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w810bus]
"ImagePath"="system32\DRIVERS\w810bus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w810mdfl]
"ImagePath"="system32\DRIVERS\w810mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w810mdm]
"ImagePath"="system32\DRIVERS\w810mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="system32\DRIVERS\wanatw4.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{2F982AFD-B780-4D84-BDD7-903E24A488FF}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{A4F62F33-2F56-4602-88F2-A0F9F010E037}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{E71B39C6-26FA-4265-AB91-ADC459765B30}]
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3904)
c:\windows\system32\WININET.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Other Running Processes
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\ehtray.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\Real\RealPlayer\RealPlay.exe
c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
c:\apps\ABoard\ABoard.exe
c:\apps\ABoard\AOSD.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIABE.EXE
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
c:\apps\SMP\SmpSys.exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
**************************************************************************
.
Completion time: 2010-04-07 15:36:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-07 14:36
Pre-Run: 43,412,262,912 bytes free
Post-Run: 43,736,084,480 bytes free
- - End Of File - - E1D65C5E19071042A5E7675F93DF16F40 -
Alienrik - how do things look now?
Do I need to do anything else?0 -
Open notepad and copy/paste the text in RED below
File::
c:\windows\system32\drivers\optovcm.sys
c:\windows\system32\drivers\optousb.sys
Save this as "CFScript" (FULL file will be 'CFScript.txt' EXACTLY as shown)
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 30 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.:idea:0 -
Do I need to turn kaspersky off again?0
-
Yes please:idea:0
-
Ok thanks will try again and post the results.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards