ComboFix 09-04-18.05 - Administrator 18.04.2009 9:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.2047.1593 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *enabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\inst.exe c:\windows\system32\fhpatch.dll c:\windows\system32\fiplock.dll c:\windows\system32\iphy.dll c:\windows\system32\tcpd.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-15 16:17 . 2009-04-15 16:17 73728 ----a-w c:\windows\system32\javacpl.cpl 2009-04-15 16:17 . 2009-04-15 16:17 410984 ----a-w c:\windows\system32\deploytk.dll 2009-04-15 16:09 . 2009-04-15 16:09 -------- d-----w c:\windows\Sun 2009-04-15 15:43 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 15:43 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 15:43 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 15:43 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 15:43 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 15:43 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 15:43 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 15:43 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 15:43 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 15:42 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 15:42 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 15:42 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-14 17:38 . 2009-04-14 17:38 0 ----a-w c:\windows\Path.idx 2009-04-11 09:13 . 2005-11-03 21:35 487552 ----a-r c:\windows\system32\drivers\ar5211.sys 2009-04-11 07:32 . 2009-04-11 07:32 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec 2009-04-11 07:31 . 2009-04-11 20:01 182656 -c--a-w c:\windows\system32\dllcache\ndis.sys 2009-04-11 07:04 . 2009-04-11 07:04 989696 ----a-w c:\windows\system32\kernel32_check.dll 2009-04-11 07:04 . 2009-04-11 07:04 10240 ----a-w c:\windows\system32\Packer.dll 2009-04-11 07:04 . 2009-04-11 07:04 -------- d-----w c:\windows\system32\3361 2009-04-11 07:04 . 2009-04-11 07:04 108336 ----a-w c:\windows\system32\MSWINSCK.OCX 2009-04-11 07:04 . 2009-04-11 07:04 -------- d-----w c:\windows\dhcp 2009-04-11 06:37 . 2009-04-11 06:37 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-04-11 06:36 . 2009-04-11 06:36 35888 ----a-r c:\windows\system32\drivers\SymIM.sys 2009-04-11 06:36 . 2009-04-11 06:36 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-04-11 06:36 . 2009-04-11 06:36 60808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-04-11 06:36 . 2009-04-11 06:36 10635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-04-11 06:36 . 2009-04-11 06:36 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-04-11 06:35 . 2009-04-11 20:13 -------- d-----w c:\windows\system32\drivers\NIS 2009-04-11 06:35 . 2009-04-11 06:36 -------- d-----w c:\documents and settings\All Users\Application Data\Norton 2009-04-10 20:59 . 2009-04-11 07:46 57856 ----a-w c:\windows\system32\spoolsv.exe 2009-04-09 20:52 . 2009-04-09 20:52 44 ----a-w c:\windows\system32\1F.tmp 2009-04-09 20:49 . 2009-04-17 20:20 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-09 20:00 . 2009-04-09 20:00 80 ----a-w c:\windows\system32\C8.tmp 2009-04-05 15:11 . 2009-04-05 15:11 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET 2009-03-29 13:35 . 2009-03-29 13:46 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-29 13:34 . 2009-03-29 13:34 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Downloaded Installations 2009-03-29 13:33 . 2009-03-29 13:35 -------- d-----w c:\documents and settings\Administrator\Application Data\GetRightToGo 2009-03-22 17:54 . 2009-03-22 17:54 -------- d-----w c:\documents and settings\Administrator\Application Data\Vso 2009-03-22 17:54 . 2009-03-22 17:54 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-22 17:54 . 2009-03-22 17:54 47360 ----a-w c:\documents and settings\Administrator\Application Data\pcouffin.sys 2009-03-22 16:16 . 2009-03-22 16:16 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2009-03-22 15:08 . 2009-03-22 15:08 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\ESET 2009-03-22 14:23 . 2009-04-04 16:49 -------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-03-21 22:23 . 2009-03-21 22:23 -------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-03-21 22:06 . 2009-03-21 22:06 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU 2009-03-21 22:05 . 2009-03-21 22:05 -------- d-----w c:\documents and settings\Administrator\Application Data\AVSMedia 2009-03-21 22:05 . 2003-05-21 12:50 24576 ----a-w c:\windows\system32\msxml3a.dll 2009-03-21 22:05 . 2002-01-05 14:40 487424 ----a-w c:\windows\system32\msvcp70.dll 2009-03-21 21:58 . 2009-03-21 21:58 -------- d-----w c:\documents and settings\Administrator\Application Data\DVDFab 2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll 2009-03-19 14:45 . 2009-03-19 14:45 -------- d-----w c:\documents and settings\All Users\Application Data\ATI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-15 16:17 . 2008-10-13 11:05 -------- d-----w c:\program files\Java 2009-04-11 08:30 . 2008-08-05 21:14 118784 ----a-w c:\windows\system32\atibrtmon.exe 2009-04-11 08:29 . 2001-08-23 12:00 610304 ----a-w c:\windows\system32\sspipes.scr 2009-04-11 08:29 . 2001-08-23 12:00 42496 ----a-w c:\windows\system32\ftp.exe 2009-04-11 08:28 . 2008-08-21 02:07 26112 ----a-w c:\windows\system32\Ati2mdxx.exe 2009-04-11 08:23 . 2008-10-09 04:43 744448 ----a-w c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe 2009-04-11 08:18 . 2001-08-23 12:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys 2009-04-11 07:46 . 2001-08-23 12:00 1033728 ----a-w c:\windows\explorer.exe 2009-04-11 07:35 . 2009-04-09 20:49 -------- d-----w c:\program files\Spybot - Search & Destroy 2009-04-11 07:34 . 2009-04-11 07:34 -------- d-----r c:\program files\Norton Support 2009-04-11 06:37 . 2009-04-11 06:36 -------- d-----w c:\program files\Common Files\Symantec Shared 2009-04-11 06:36 . 2009-04-11 06:36 -------- d-----w c:\program files\Symantec 2009-04-11 06:35 . 2009-04-11 06:35 -------- d-----w c:\program files\Norton Internet Security 2009-04-11 06:35 . 2009-04-11 06:35 -------- d-----w c:\program files\Windows Sidebar 2009-04-11 06:35 . 2009-04-11 06:35 -------- d-----w c:\program files\NortonInstaller 2009-04-10 20:58 . 2009-04-10 20:58 -------- d-----w c:\program files\Lavasoft 2009-04-09 20:53 . 2008-10-11 05:42 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-09 20:43 . 2009-04-09 20:43 -------- d-----w c:\program files\Gigabyte 2009-04-09 20:27 . 2002-01-01 22:47 13660 ----a-w C:\aaw7boot.log 2009-04-09 19:06 . 2008-10-09 17:30 -------- d-----w c:\program files\AutoPatcher 2009-04-09 18:26 . 2009-02-15 12:28 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-06 13:32 . 2009-02-15 12:28 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 13:32 . 2009-02-15 12:28 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-05 14:44 . 2008-10-09 17:32 -------- d-----w c:\program files\Windows Journal Viewer 2009-04-05 14:43 . 2009-01-27 20:14 -------- d-----w c:\program files\ScanButton 3.0 2009-04-05 14:43 . 2009-04-02 21:10 -------- d-----w c:\program files\ODSLoader 2009-04-05 14:43 . 2009-04-02 21:09 -------- d-----w c:\program files\ODSEdit 2009-04-05 14:43 . 2008-10-09 17:32 -------- d-----w c:\program files\MSN Messenger 2009-04-05 14:41 . 2008-12-15 20:38 -------- d-----w c:\program files\InterVideo Information Service 2009-04-05 14:40 . 2008-11-08 18:46 -------- d-----w c:\program files\eRjecnik11 2009-04-05 14:40 . 2009-03-17 19:31 -------- d-----w c:\program files\Empire Total War 2009-04-05 14:38 . 2008-10-13 17:32 -------- d-----w c:\program files\dirt 2009-04-05 14:35 . 2008-12-15 20:39 -------- d-----w c:\program files\Apple Software Update 2009-03-22 14:28 . 2009-03-22 14:23 -------- d-----w c:\program files\uTorrent 2009-03-22 08:04 . 2008-10-09 17:21 21920 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-21 22:06 . 2009-03-21 22:05 -------- d-----w c:\program files\Common Files\AVSMedia 2009-03-21 22:05 . 2009-03-21 22:05 -------- d-----w c:\program files\AVSMedia 2009-03-19 14:36 . 2008-10-09 16:58 -------- d-----w c:\program files\ATI Technologies 2009-03-18 18:56 . 2008-10-13 10:58 -------- d-----w c:\program files\Common Files\Adobe 2009-03-18 08:36 . 2009-03-18 08:36 -------- d-----w c:\documents and settings\Administrator\Application Data\The Creative Assembly 2009-03-17 20:37 . 2008-10-16 19:43 -------- d-----w c:\program files\SEGA 2009-03-17 20:25 . 2008-10-09 16:58 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-17 20:24 . 2009-03-17 20:24 -------- d-----w c:\documents and settings\Administrator\Application Data\InstallShield 2009-03-06 14:22 . 2001-08-23 12:00 284160 ----a-w c:\windows\system32\pdh.dll 2009-03-01 19:02 . 2009-03-01 19:02 21136 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT 2009-02-25 22:58 . 2008-08-21 04:52 3565568 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2009-02-25 21:42 . 2008-08-21 02:19 442368 ----a-w c:\windows\system32\ATIDEMGX.dll 2009-02-25 21:41 . 2008-08-21 02:18 325120 ----a-w c:\windows\system32\ati2dvag.dll 2009-02-25 21:30 . 2008-08-21 02:01 11841536 ----a-w c:\windows\system32\atioglxx.dll 2009-02-25 21:30 . 2008-08-21 02:08 204800 ----a-w c:\windows\system32\atipdlxx.dll 2009-02-25 21:29 . 2008-08-21 02:08 155648 ----a-w c:\windows\system32\Oemdspif.dll 2009-02-25 21:29 . 2008-08-21 02:07 43520 ----a-w c:\windows\system32\ati2edxx.dll 2009-02-25 21:29 . 2008-08-21 02:07 155648 ----a-w c:\windows\system32\ati2evxx.dll 2009-02-25 21:27 . 2008-08-21 02:05 602112 ----a-w c:\windows\system32\ati2evxx.exe 2009-02-25 21:26 . 2008-08-21 02:04 53248 ----a-w c:\windows\system32\ATIDDC.DLL 2009-02-25 21:16 . 2008-08-21 01:55 3817984 ----a-w c:\windows\system32\ati3duag.dll 2009-02-25 21:09 . 2008-08-21 01:50 307200 ----a-w c:\windows\system32\atiiiexx.dll 2009-02-25 20:59 . 2008-08-21 01:38 2670080 ----a-w c:\windows\system32\ativvaxx.dll 2009-02-25 20:44 . 2008-08-21 01:23 49664 ----a-w c:\windows\system32\amdpcom32.dll 2009-02-25 20:40 . 2008-08-21 01:19 475136 ----a-w c:\windows\system32\atikvmag.dll 2009-02-25 20:38 . 2008-08-21 01:18 126976 ----a-w c:\windows\system32\atiadlxx.dll 2009-02-25 20:38 . 2008-08-21 01:18 17408 ----a-w c:\windows\system32\atitvo32.dll 2009-02-25 20:37 . 2008-08-21 01:17 53248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2009-02-25 20:35 . 2008-08-21 01:17 290816 ----a-w c:\windows\system32\atiok3x2.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalrt.dll 2009-02-25 20:32 . 2009-02-25 20:32 45056 ----a-w c:\windows\system32\aticalcl.dll 2009-02-25 20:32 . 2008-08-21 01:11 626688 ----a-w c:\windows\system32\ati2cqag.dll 2009-02-25 20:30 . 2009-02-25 20:30 3227648 ----a-w c:\windows\system32\aticaldd.dll 2009-02-20 08:10 . 2001-08-23 12:00 666112 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:10 . 2008-10-10 03:52 81920 ------w c:\windows\system32\ieencode.dll 2009-02-09 12:10 . 2001-08-23 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 12:10 . 2001-08-23 12:00 714752 ----a-w c:\windows\system32\ntdll.dll 2009-02-09 12:10 . 2001-08-23 12:00 617472 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 12:10 . 2001-08-23 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 11:13 . 2001-08-23 12:00 1846784 ----a-w c:\windows\system32\win32k.sys 2009-02-06 11:11 . 2001-08-23 12:00 110592 ----a-w c:\windows\system32\services.exe 2009-02-06 11:06 . 2001-08-23 12:00 2145280 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-06 10:39 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-06 10:32 . 2001-08-17 13:48 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-03 19:59 . 2001-08-23 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-02-02 19:53 . 2009-01-29 07:13 253952 ------w c:\windows\Setup1.exe 2009-02-02 19:53 . 2009-01-29 07:13 73216 ----a-w c:\windows\ST6UNST.EXE 2009-01-26 17:55 . 2008-07-17 12:23 182995 ----a-w c:\windows\system32\atiicdxx.dat 2008-10-17 04:27 . 2008-10-17 04:27 136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat . ------- Sigcheck ------- [-] 2009-04-11 07:46 1033728 1D7A9137540E976003E194AC3A24F837 c:\windows\explorer.exe [-] 2004-08-04 07:56 1032192 3CFBE2A2A434C801C464F2B05CFB5DBA c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2008-04-14 12:42 1033728 7ED389F0B5C9F71DA83285915B08375F c:\windows\ServicePackFiles\i386\explorer.exe [-] 2004-08-04 07:56 74752 93026DB3DF9F1B98B83BFDBB4D9FAECD c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2008-04-14 12:42 57856 74709710FC62E95CE0E3DFEED7C6BF0A c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2009-04-11 07:46 57856 8D0A09CF1289CF61C343DD7A5FA6D3C9 c:\windows\system32\spoolsv.exe [-] 2004-08-04 07:56 24576 51AD3FD43E793CD06388E7CAB9ECA69D c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2008-04-14 12:42 26112 A51A6C03D201AADCCCA4386485354B20 c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 12:42 26112 D2BB7373DBB07DBA5AB651B6AB6540AD c:\windows\system32\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 lvsl;lvsl; [x] R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1001000.021\SYMEFA.SYS [2009-04-11 309296] S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys [2009-04-11 255536] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys [2009-04-11 362544] S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090408.002\IDSxpx86.sys [2009-01-29 276344] S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe [2009-04-11 115560] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-10 101936] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ff98ba2-991f-11dd-80d7-0017317dd080}] \shell\Setup\command - setup.exe . Contents of the 'Scheduled Tasks' folder 2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 22:21] . - - - - ORPHANS REMOVED - - - - SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.hr/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7doa5d1w.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/ FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-18 09:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="System32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ADIHdAudAddService] "ImagePath"="system32\drivers\ADIHdAud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AEAudioService] "ImagePath"="system32\drivers\AEAudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AR5211] "ImagePath"="system32\DRIVERS\ar5211.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASPI] "ImagePath"="\??\c:\windows\System32\DRIVERS\ASPI32.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="System32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="System32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller] "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag] "ImagePath"="System32\DRIVERS\ati2mtag.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="System32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="System32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx86] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\BHDrvx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="c:\windows\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme] "ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccHP] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\ccHPx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="System32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cisvc] "ImagePath"="c:\windows\System32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="c:\windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="System32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eeCtrl] "ImagePath"="\??\c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyCDIO] "ImagePath"="System32\Drivers\ElbyCDIO.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ElbyDelay] "ImagePath"="System32\Drivers\ElbyDelay.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EraserUtilRebootDrv] "ImagePath"="\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="c:\windows\System32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] "ImagePath"="System32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] "ImagePath"="System32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="System32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\giveio] "ImagePath"="\??\c:\windows\system32\giveio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="System32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HCF_MSFT] "ImagePath"="System32\DRIVERS\HCF_MSFT.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb] "ImagePath"="System32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpt3xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="System32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSxpx86] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090408.002\IDSxpx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="c:\windows\System32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDFs] "ImagePath"="system32\drivers\InCDFs.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDPass] "ImagePath"="system32\drivers\InCDPass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InCDRm] "ImagePath"="system32\drivers\InCDRm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="System32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ip6fw] "ImagePath"="system32\drivers\ip6fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="System32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="System32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="System32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="System32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="System32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="System32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService] "ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="System32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lvsl] "ImagePath"="system32\drivers\hgfrnbtq.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="c:\windows\System32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="System32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid] "ImagePath"="System32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="System32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="System32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="c:\windows\System32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="c:\windows\System32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="System32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090417.007\NAVENG.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090417.007\NAVEX15.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="System32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="System32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="System32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="System32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\System32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.1.0.33\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.1.0.33\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\System32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="System32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="System32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="System32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="System32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="System32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pcouffin] "ImagePath"="System32\Drivers\pcouffin.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\System32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="System32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor] "ImagePath"="System32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="System32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="System32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="System32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="System32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="System32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="System32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr] "ImagePath"="System32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="System32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\System32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\System32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTLE8023xp] "ImagePath"="system32\DRIVERS\Rtenicxp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort] "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="System32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService] "ImagePath"="system32\drivers\Senfilt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum] "ImagePath"="System32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] "ImagePath"="System32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sptd] "ImagePath"="System32\Drivers\sptd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="System32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="c:\windows\System32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRTSP] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SRTSP.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRTSPX] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SRTSPX.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="System32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="System32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="c:\windows\System32\dllhost.exe /Processid:{9330DAF6-0CFC-4D44-B0C1-1ADE9E6E0A29}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMDNS] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SYMDNS.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEFA] "ImagePath"="system32\drivers\NIS\1001000.021\SYMEFA.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent] "ImagePath"="\??\c:\windows\system32\Drivers\SYMEVENT.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMFW] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SYMFW.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMIDS] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SYMIDS.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymIM] "ImagePath"="system32\DRIVERS\SymIM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymIMMP] "ImagePath"="system32\DRIVERS\SymIM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMNDIS] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SYMNDIS.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMREDRV] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SYMREDRV.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI] "ImagePath"="\??\c:\windows\system32\drivers\NIS\1001000.021\SYMTDI.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="System32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="System32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr] "ImagePath"="c:\windows\System32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="System32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="System32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR] "ImagePath"="System32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="System32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="c:\windows\System32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="System32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock - Google Desktop Search Backup Before First Install] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock - Google Desktop Search Backup Before Last Install] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before First Install] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock2 - Google Desktop Search Backup Before Last Install] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="c:\windows\System32\mspmsnsv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="c:\windows\System32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] "ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{5395580A-7BED-4B7B-9C42-D22F45351718}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{8EBB9B22-4ECE-489D-A854-DF44C7E5C078}] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1112) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Java\jre6\bin\jusched.exe c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-04-18 9:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 07:13 Pre-Run: 85.627.240.448 bytes free Post-Run: 85.648.564.224 bytes free 789 --- E O F --- 2009-04-15 18:33