Jump to content

Gaughin

Honorary Members
 View Profile  See their activity

  • Posts

    54

  • Joined

  • Last visited

 Content Type 

Everything posted by Gaughin

  1. Gaughin
    Hi Maniac, I have run all requested scans; here are the results ********************************** Jawara JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun May 09 16:17:31 2010 Found and removed: C:\Program Files\Java\j2re1.4.2Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\JavaPlugin.142JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun May 09 16:20:38 2010 JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun May 09 16:23:06 2010 ------------------------------------Finished reporting. *********************************************** Combo-fix ComboFix 10-05-09.01 - David Vinson 05/09/2010 21:00:24.1.2 - x86 Running from: c:\documents and settings\David Vinson\Desktop\Combo-Fix.exe AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} . /wow section - STAGE 32A R6025 - pure virtual function call The system cannot find the path specified. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\David Vinson\err.log c:\documents and settings\David Vinson\ResErrors.log C:\Install.exe c:\temp\0b9 c:\temp\0b9\tmpTF.log c:\temp\17o7 c:\temp\17o7\tmpTF.log c:\windows\system32\comrepl.exe c:\windows\system32\smpi1 ----- BITS: Possible infected sites ----- hxxp://liveupdate.symantec.com hxxp://definitions.symantec.com . ((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 ))))))))))))))))))))))))))))))) . 2010-05-07 02:22 . 2010-05-07 02:22 -------- d-----w- c:\program files\Trend Micro 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Malwarebytes 2010-05-06 01:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-06 01:40 . 2010-05-06 01:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-06 01:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-03 03:03 . 2010-05-03 03:03 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Tific 2010-05-03 02:55 . 2010-05-03 02:55 -------- d-----w- c:\documents and settings\David Vinson\Local Settings\Application Data\Symantec 2010-05-03 02:27 . 2010-05-03 02:27 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-05-03 02:27 . 2010-05-03 02:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-05-03 02:27 . 2010-05-03 02:43 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-05-03 02:27 . 2010-05-03 02:27 -------- d-----w- c:\program files\Symantec 2010-05-03 02:23 . 2010-05-03 23:36 -------- d-----w- c:\windows\system32\drivers\N360 2010-05-03 02:22 . 2010-05-03 02:23 -------- d-----w- c:\program files\Norton Security Suite 2010-05-03 02:22 . 2010-05-03 02:22 -------- d-----w- c:\program files\Windows Sidebar 2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\program files\NortonInstaller 2010-05-03 02:20 . 2010-05-03 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2010-05-03 02:05 . 2010-05-03 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-05-01 01:39 . 2010-05-01 01:39 -------- d-----w- c:\documents and settings\Andy Vinson\Local Settings\Application Data\AOL 2010-05-01 01:37 . 2010-05-01 01:37 -------- d-sh--w- c:\documents and settings\Andy Vinson\IETldCache 2010-05-01 01:04 . 2010-05-01 01:04 -------- d-----w- c:\documents and settings\Carol Vinson\Application Data\IObit 2010-05-01 00:35 . 2010-05-01 00:35 -------- d-----w- c:\documents and settings\Carol Vinson\Local Settings\Application Data\AVG Security Toolbar 2010-04-29 14:37 . 2010-04-29 14:37 -------- d-----w- c:\program files\iPod 2010-04-29 14:37 . 2010-04-29 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-04-29 14:21 . 2010-04-29 14:21 -------- d-----w- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-08 12:28 . 2007-05-11 02:39 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-05-07 10:52 . 2006-05-18 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-07 10:48 . 2009-05-25 12:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2010-05-07 10:45 . 2009-12-19 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-07 04:15 . 2009-12-24 12:57 0 ----a-w- c:\documents and settings\David Vinson\Local Settings\Application Data\prvlcl.dat 2010-05-06 12:32 . 2005-10-22 03:26 -------- d-----w- c:\program files\Lavasoft 2010-05-06 12:32 . 2008-08-11 12:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-05 02:21 . 2008-05-31 21:07 -------- d-----w- c:\documents and settings\David Vinson\Application Data\MSN6 2010-05-03 02:27 . 2010-05-03 02:27 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF 2010-05-03 02:27 . 2010-05-03 02:27 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT 2010-04-29 14:39 . 2007-04-05 00:50 -------- d-----w- c:\program files\iTunes 2010-04-29 14:37 . 2007-07-09 13:45 -------- d-----w- c:\program files\Common Files\Apple 2010-04-29 14:31 . 2006-12-18 21:07 -------- d-----w- c:\program files\QuickTime 2010-04-16 12:33 . 2009-03-19 11:02 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll 2010-04-16 12:33 . 2007-11-12 03:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2010-04-09 11:56 . 2010-04-09 11:56 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Office Genuine Advantage 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-04-03 05:03 . 2009-09-11 04:04 96272 ---ha-w- c:\windows\system32\mlfcache.dat 2010-03-29 18:04 . 2004-06-03 06:10 130000 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-29 17:30 . 2010-03-29 17:30 -------- d-----w- c:\program files\Eusing Free Registry Cleaner 2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Jasc Software Inc 2010-03-29 15:12 . 2004-06-03 06:00 -------- d-----w- c:\program files\Dell Computer 2010-03-29 14:10 . 2008-01-18 12:43 -------- d-----w- c:\program files\RealMedia 2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Real 2010-03-29 14:08 . 2004-06-03 05:56 -------- d-----w- c:\program files\Common Files\Real 2010-03-29 14:05 . 2010-03-19 02:09 -------- d-----w- c:\program files\SecureBackupShare 2010-03-29 14:02 . 2009-12-22 18:47 -------- d-----w- c:\program files\Uniblue 2010-03-29 13:40 . 2010-03-13 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-03-28 14:59 . 2005-03-22 01:38 -------- d-----w- c:\program files\Avery Wizard 2010-03-28 03:53 . 2007-11-04 21:50 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Uniblue 2010-03-27 11:40 . 2007-05-11 02:24 -------- d--h--w- c:\documents and settings\David Vinson\Application Data\Move Networks 2010-03-23 01:45 . 2010-02-14 22:43 -------- d-----w- c:\documents and settings\David Vinson\Application Data\TrueSwitch 2010-03-23 01:42 . 2009-11-28 16:36 -------- d-----w- c:\documents and settings\David Vinson\Application Data\Amazon 2010-03-21 13:49 . 2004-07-30 15:52 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-20 07:05 . 2010-03-20 07:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-03-20 02:59 . 2008-08-18 01:50 -------- d-----w- c:\program files\Microsoft Silverlight 2010-03-14 19:05 . 2010-03-14 19:05 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2010-03-10 06:15 . 2004-03-19 22:44 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-02-25 06:24 . 2004-08-24 00:32 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 13:11 . 2002-11-18 11:27 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 1980-01-01 05:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 1980-01-01 05:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2004-03-19 22:33 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2004-03-19 22:43 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys 2006-01-04 22:30 . 2006-01-04 22:30 774144 -c----w- c:\program files\RngInterstitial.dll 2009-10-27 22:22 . 2006-11-11 04:54 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2005-04-29 00:03 . 2005-04-29 00:03 442170 -csh--w- c:\windows\Help\tenipat.bak1 2005-04-29 01:01 . 2005-04-29 01:01 442114 -csh--w- c:\windows\Registration\cvsmbk.bak1 2005-05-02 01:01 . 2005-04-30 01:01 498182 -csh--w- c:\windows\Registration\cvsmbk.bak2 2005-05-02 07:06 . 2005-04-30 15:00 496157 -csh--w- c:\windows\Registration\cvsmbk.ini2 2005-04-29 11:01 . 2005-04-27 11:01 445876 -csh--w- c:\windows\SYSTEM\nulitu.bak1 2007-05-13 16:44 . 2007-05-13 16:44 1493810 -csh--w- c:\windows\SYSTEM32\qqstv.bak1 2007-05-14 16:44 . 2007-05-14 16:44 1500024 -csh--w- c:\windows\SYSTEM32\qqstv.bak2 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-18 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-27 30192] "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672] c:\documents and settings\Andy Vinson\Start Menu\Programs\Startup\ PowerReg Scheduler V3.exe [2005-6-30 225280] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" . Contents of the 'Scheduled Tasks' folder 2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2010-05-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-12 16:16] 2004-07-01 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12] 2010-05-10 c:\windows\Tasks\User_Feed_Synchronization-{96A8F87C-1609-4822-9E2A-BB33302CC2EE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} FF - ProfilePath - c:\documents and settings\David Vinson\Application Data\Mozilla\Firefox\Profiles\vic99eqj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071504000001.dll FF - plugin: c:\documents and settings\David Vinson\Application Data\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 16000 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 4095 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 1000000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 1000000 FF - user.js: dom.disable_window_status_change - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 1000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - BHO-{271724AF-A099-49E7-821E-8EAB76AF97CD} - (no file) BHO-{3E094DBF-E4CC-444D-BF99-93F54684F1F5} - (no file) Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKCU-Run-stratas - lockx.exe Notify-kbmsvc - (no file) Notify-nnnmmjh - (no file) Notify-tapinet - (no file) Notify-utilun - (no file) Notify-vtsqq - (no file) AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb AddRemove-StudioWorks - c:\windows\system32\javaws.exe ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\.NETFramework] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\abp480n5] "ImagePath"="\SystemRoot\System32\DRIVERS\ABP480N5.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ACPI] "ImagePath"="System32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ACPIEC] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\adpu160m] "ImagePath"="\SystemRoot\System32\DRIVERS\adpu160m.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aeaudio] "ImagePath"="system32\drivers\aeaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\agp440] "ImagePath"="\SystemRoot\System32\DRIVERS\agp440.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\agpCPQ] "ImagePath"="\SystemRoot\System32\DRIVERS\agpCPQ.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Aha154x] "ImagePath"="\SystemRoot\System32\DRIVERS\aha154x.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aic78u2] "ImagePath"="\SystemRoot\System32\DRIVERS\aic78u2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aic78xx] "ImagePath"="\SystemRoot\System32\DRIVERS\aic78xx.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AliIde] "ImagePath"="\SystemRoot\System32\DRIVERS\aliide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\alim1541] "ImagePath"="\SystemRoot\System32\DRIVERS\alim1541.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\amdagp] "ImagePath"="\SystemRoot\System32\DRIVERS\amdagp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\amsint] "ImagePath"="\SystemRoot\System32\DRIVERS\amsint.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Apple Mobile Device] "ImagePath"="\"c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc] "ImagePath"="\SystemRoot\System32\DRIVERS\asc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc3350p] "ImagePath"="\SystemRoot\System32\DRIVERS\asc3350p.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\asc3550] "ImagePath"="\SystemRoot\System32\DRIVERS\asc3550.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASP.NET] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\atapi] "ImagePath"="System32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Atmarpc] "ImagePath"="System32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\audstub] "ImagePath"="System32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BHDrvx86] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Bonjour Service] "ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\BVRPMPR5] "ImagePath"="\??\c:\windows\system32\drivers\BVRPMPR5.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\bvrp_pci] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme] "ImagePath"="\??\c:\docume~1\DAVIDV~1\LOCALS~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbidf] "ImagePath"="\SystemRoot\System32\DRIVERS\cbidf2k.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CCDECODE] "ImagePath"="System32\DRIVERS\CCDECODE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ccHP] "ImagePath"="\SystemRoot\system32\drivers\N360\0401000.020\ccHPx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cd20xrnt] "ImagePath"="\SystemRoot\System32\DRIVERS\cd20xrnt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\cdrbsdrv] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cdrom] "ImagePath"="System32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\clr_optimization_v2.0.50727_32] "ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CmBatt] "ImagePath"="System32\DRIVERS\CmBatt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CmdIde] "ImagePath"="\SystemRoot\System32\DRIVERS\cmdide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Compbatt] "ImagePath"="System32\DRIVERS\compbatt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\COMSysApp] "ImagePath"="c:\windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Cpqarray] "ImagePath"="\SystemRoot\System32\DRIVERS\cpqarray.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dac2w2k] "ImagePath"="\SystemRoot\System32\DRIVERS\dac2w2k.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dac960nt] "ImagePath"="\SystemRoot\System32\DRIVERS\dac960nt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DCamUSBSQTECH] "ImagePath"="System32\Drivers\SQcaptur.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DcCam] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Disk] "ImagePath"="System32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dpti2o] "ImagePath"="\SystemRoot\System32\DRIVERS\dpti2o.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drvmcdb] "ImagePath"="system32\drivers\drvmcdb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drvncdb] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\drvnddm] "ImagePath"="system32\drivers\drvnddm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSBrokerService] "ImagePath"="\"c:\program files\DellSupport\brkrsvc.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\DSproct] "ImagePath"="\??\c:\program files\DellSupport\GTAction\triggers\DSproct.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\dsunidrv] "ImagePath"="system32\DRIVERS\dsunidrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\E100B] "ImagePath"="System32\DRIVERS\e100b325.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\eeCtrl] "ImagePath"="\??\c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EraserUtilRebootDrv] "ImagePath"="\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EventSystem] "ServiceDll"="c:\windows\System32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fdc] "ImagePath"="System32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Flpydisk] "ImagePath"="System32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\FontCache3.0.0.0] "ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ftdisk] "ImagePath"="System32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GEARAspiWDM] "ImagePath"="System32\Drivers\GEARAspiWDM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GoogleDesktopManager-093009-130223] "ImagePath"="\"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Gpc] "ImagePath"="System32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\gusvc] "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HidUsb] "ImagePath"="System32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\hpn] "ImagePath"="\SystemRoot\System32\DRIVERS\hpn.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZid412] "ImagePath"="system32\DRIVERS\HPZid412.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZipr12] "ImagePath"="system32\DRIVERS\HPZipr12.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HPZius12] "ImagePath"="system32\DRIVERS\HPZius12.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i2omp] "ImagePath"="\SystemRoot\System32\DRIVERS\i2omp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\i8042prt] "ImagePath"="System32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDriverT] "ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\idrmkl] "ImagePath"="\??\c:\docume~1\DAVIDV~1\LOCALS~1\Temp\idrmkl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\idsvc] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IDSxpx86] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100505.001\IDSxpx86.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ILADFtmi] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Imapi] "ImagePath"="System32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ini910u] "ImagePath"="\SystemRoot\System32\DRIVERS\ini910u.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelC51] "ImagePath"="System32\DRIVERS\IntelC51.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelC52] "ImagePath"="System32\DRIVERS\IntelC52.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelC53] "ImagePath"="System32\DRIVERS\IntelC53.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IntelIde] "ImagePath"="\SystemRoot\System32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\intelppm] "ImagePath"="System32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ip6fw] "ImagePath"="system32\drivers\ip6fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpFilterDriver] "ImagePath"="System32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpInIp] "ImagePath"="System32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IpNat] "ImagePath"="System32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\iPod Service] "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IPSec] "ImagePath"="System32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\IRENUM] "ImagePath"="System32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\isapnp] "ImagePath"="System32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jfuf] "ImagePath"="system32\drivers\qgxc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\JL2005C] "ImagePath"="System32\Drivers\jl2005c.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Kbdclass] "ImagePath"="System32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kbdhid] "ImagePath"="System32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\McComponentHostService] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MCSTRM] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MDM] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mnmsrvc] "ImagePath"="c:\windows\System32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MODEMCSA] "ImagePath"="system32\drivers\MODEMCSA.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mohfilt] "ImagePath"="System32\DRIVERS\mohfilt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mouclass] "ImagePath"="System32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mouhid] "ImagePath"="System32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mraid35x] "ImagePath"="\SystemRoot\System32\DRIVERS\mraid35x.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxDAV] "ImagePath"="System32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MRxSmb] "ImagePath"="System32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC] "ImagePath"="c:\windows\System32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSDTC Bridge 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mssmbios] "ImagePath"="System32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSSQL$MICROSOFTBCM] "ImagePath"="c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSSQLServerADHelper] "ImagePath"="c:\program files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.1.0.32\diMaster.dll\" /prefetch:1" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NABTSFEC] "ImagePath"="System32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAVENG] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100509.019\NAVENG.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAVEX15] "ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100509.019\NAVEX15.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisIP] "ImagePath"="System32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisTapi] "ImagePath"="System32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ndisuio] "ImagePath"="System32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NdisWan] "ImagePath"="System32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBIOS] "ImagePath"="System32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetSvc] "ImagePath"="c:\program files\Intel\NCS\Sync\NetSvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NetTcpPortSharing] "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtLmSsp] "ImagePath"="%SystemRoot%\System32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\nv] "ImagePath"="System32\DRIVERS\nv4_mini.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NVSvc] "ImagePath"="%SystemRoot%\system32\nvsvc32.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFlt] "ImagePath"="System32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NwlnkFwd] "ImagePath"="System32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\omci] "ImagePath"="System32\DRIVERS\omci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\OpenCASE Media Agent] "ImagePath"="\"c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ose] "ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Outlook] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\P3] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Parport] "ImagePath"="System32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCI] "ImagePath"="System32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCIIde] "ImagePath"="System32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pcmcia] "ImagePath"="System32\DRIVERS\pcmcia.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2] "ImagePath"="\SystemRoot\System32\DRIVERS\perc2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\perc2hib] "ImagePath"="\SystemRoot\System32\DRIVERS\perc2hib.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Pml Driver HPZ12] "ImagePath"="c:\windows\system32\HPZipm12.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PptpMiniport] "ImagePath"="System32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Processor] "ImagePath"="System32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PSched] "ImagePath"="System32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ptilink] "ImagePath"="System32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PxHelp20] "ImagePath"="System32\DRIVERS\PxHelp20.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1080] "ImagePath"="\SystemRoot\System32\DRIVERS\ql1080.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Ql10wnt] "ImagePath"="\SystemRoot\System32\DRIVERS\ql10wnt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql12160] "ImagePath"="\SystemRoot\System32\DRIVERS\ql12160.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1240] "ImagePath"="\SystemRoot\System32\DRIVERS\ql1240.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ql1280] "ImagePath"="\SystemRoot\System32\DRIVERS\ql1280.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rasl2tp] "ImagePath"="System32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RasPppoe] "ImagePath"="System32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Raspti] "ImagePath"="System32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Rdbss] "ImagePath"="System32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\rdpdr] "ImagePath"="System32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RDSessMgr] "ImagePath"="c:\windows\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\redbook] "ImagePath"="System32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcLocator] "ImagePath"="%SystemRoot%\System32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RSVP] "ImagePath"="%SystemRoot%\System32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\RT25USBAP] "ImagePath"="system32\DRIVERS\rt25usbap.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SbcpHid] "ImagePath"="\??\c:\windows\system32\Drivers\SbcpHid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ScsiPort] "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SDDMI2] "ImagePath"="\??\c:\windows\system32\DDMI2.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Secdrv] "ImagePath"="System32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\serenum] "ImagePath"="System32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Serial] "ImagePath"="System32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelOperation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ServiceModelService 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sisagp] "ImagePath"="\SystemRoot\System32\DRIVERS\sisagp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SLIP] "ImagePath"="System32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SMSvcHost 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\smwdm] "ImagePath"="system32\drivers\smwdm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Sparrow] "ImagePath"="\SystemRoot\System32\DRIVERS\sparrow.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SQLAgent$MICROSOFTBCM] "ImagePath"="c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SQTECH905C] "ImagePath"="System32\Drivers\Capt905c.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sr] "ImagePath"="System32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\srservice] "ServiceDll"="%SystemRoot%\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SRTSP] "ImagePath"="\SystemRoot\System32\Drivers\N360\0401000.020\SRTSP.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SRTSPX] "ImagePath"="\SystemRoot\system32\drivers\N360\0401000.020\SRTSPX.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Srv] "ImagePath"="System32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sscdbhk5] "ImagePath"="system32\drivers\sscdbhk5.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ssrtln] "ImagePath"="system32\drivers\ssrtln.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\streamip] "ImagePath"="System32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swenum] "ImagePath"="System32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SwPrv] "ImagePath"="c:\windows\System32\dllhost.exe /Processid:{F4EE4B9F-B129-4835-8716-52A527794F7B}" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\swwd] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc810] "ImagePath"="\SystemRoot\System32\DRIVERS\symc810.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\symc8xx] "ImagePath"="\SystemRoot\System32\DRIVERS\symc8xx.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymDS] "ImagePath"="system32\drivers\N360\0401000.020\SYMDS.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymEFA] "ImagePath"="system32\drivers\N360\0401000.020\SYMEFA.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymEvent] "ImagePath"="\??\c:\windows\system32\Drivers\SYMEVENT.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SymIRON] "ImagePath"="\SystemRoot\system32\drivers\N360\0401000.020\Ironx86.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SYMTDI] "ImagePath"="\SystemRoot\System32\Drivers\N360\0401000.020\SYMTDI.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_hi] "ImagePath"="\SystemRoot\System32\DRIVERS\sym_hi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sym_u3] "ImagePath"="\SystemRoot\System32\DRIVERS\sym_u3.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip] "ImagePath"="System32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermDD] "ImagePath"="System32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnboio] "ImagePath"="system32\dla\tfsnboio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsncofs] "ImagePath"="system32\dla\tfsncofs.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsndrct] "ImagePath"="system32\dla\tfsndrct.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsndres] "ImagePath"="system32\dla\tfsndres.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnifs] "ImagePath"="system32\dla\tfsnifs.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnopio] "ImagePath"="system32\dla\tfsnopio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnpool] "ImagePath"="system32\dla\tfsnpool.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnudf] "ImagePath"="system32\dla\tfsnudf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\tfsnudfa] "ImagePath"="system32\dla\tfsnudfa.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TlntSvr] "ImagePath"="c:\windows\System32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TosIde] "ImagePath"="\SystemRoot\System32\DRIVERS\toside.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra] "ImagePath"="\SystemRoot\System32\DRIVERS\ultra.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Update] "ImagePath"="System32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBAAPL] "ImagePath"="System32\Drivers\usbaapl.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp] "ImagePath"="System32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci] "ImagePath"="System32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub] "ImagePath"="System32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint] "ImagePath"="System32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan] "ImagePath"="System32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBSTOR] "ImagePath"="System32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci] "ImagePath"="System32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\viaagp] "ImagePath"="\SystemRoot\System32\DRIVERS\viaagp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde] "ImagePath"="\SystemRoot\System32\DRIVERS\viaide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Viewpoint Manager Service] "ImagePath"="\"c:\program files\Viewpoint\Common\ViewpointService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\w32time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp] "ImagePath"="System32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wanatw] "ImagePath"="System32\DRIVERS\wanatw4.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN] "ServiceDll"="c:\windows\system32\MsPMSNSv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv] "ImagePath"="c:\windows\System32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSTCODEC] "ImagePath"="System32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv] "ServiceDll"="c:\windows\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{08A0F9B9-60C1-45D8-A3BA-E678FBD53498}] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{D8A0D9C8-8653-466D-B3A1-34C1DBDD35C7}] [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{DC79E8A4-F24F-4851-9A22-79B0B4694D5D}] . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2560) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe c:\windows\system32\nvsvc32.exe c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe c:\windows\system32\fxssvc.exe c:\program files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-05-10 09:54:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-10 13:53 Pre-Run: 10,972,540,928 bytes free Post-Run: 10,943,696,896 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn Current=3 Default=3 Failed=5 LastKnownGood=6 Sets=1,2,3,5,6 - - End Of File - - F69468A3B5E574C8819C76BC106C24E7 ***************************************************** New Hijack This Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 7:32:14 PM, on 5/10/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe C:\Combo-Fix\CF15971.cfxxe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\DSentry.exe C:\Combo-Fix\mbr.cfxxe C:\WINDOWS\system32\msfeedssync.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 6977 bytes ******************************************************************************** * Thanks again; this is all sort of over-whelming, but your instructions are really well-written and easy to follow. Current services.exe CPU consumption is hovering around 96% gaughin
  2. Gaughin
    I seem to have hit a snag. Ran the javara; here's the log JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun May 09 16:17:31 2010 Found and removed: C:\Program Files\Java\j2re1.4.2Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed: SOFTWARE\Classes\JavaPlugin.142JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun May 09 16:20:38 2010 JavaRa 1.15 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Sun May 09 16:23:06 2010 ------------------------------------Finished reporting. Manually deleted all of the Sun/Java folders, and other folders (in the order you suggested.) Renamed and ran Combo-Fix as requested. I started that at about 5:15 PM; at midnight it was still running; it had completed 50 levels, but was just sitting with no message given beyond that completion list. Woke up this morning to find a blue screen on the computer with a message that said something like processes had been shut down due to an NVIDIA driver being stuck in an infinite loop, which required a computer reboot. Rebooted computer, am concerned that the reboot may have interrupted some important process, but the computer was dead in the water without the reboot. A DOS screen says that the log file is being created, but wanted to make sure the reboot didn't foul up the process. Thanks. will check back in with logs (if they exist) when I get back from work. gaughin
  3. Gaughin
    OK, here are the logs ********************** Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4079 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 5/8/2010 5:47:19 PM mbam-log-2010-05-08 (17-47-19).txt Scan type: Quick scan Objects scanned: 158426 Time elapsed: 1 hour(s), 46 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ****************************** Acrobat.com Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Software Suite Audacity 1.2.3 Bonjour Business Contact Manager for Outlook 2003 CardRd81 CCScore CD Audio Reader Filter (remove only) CDex extraction audio Comcast High-Speed Internet Install Wizard Compatibility Pack for the 2007 Office system CR2 Dell Digital Jukebox Driver Dell Media Experience Dell Solution Center Dell Support Center DellSupport DirectVobSub (remove only) DScaler 5 Mpeg Decoders DS-MP3 Source 1.30 DVDSentry ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSSONIC ESSTOOLS essvatgt Eusing Free Registry Cleaner fflink GdiplusUpgrade GIMP 2.6.6 Google Desktop Google Updater HDView for Firefox HiJackThis HLPPDOCK Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) HP Document Viewer 5.3 HP Image Zone 5.3 HP Imaging Device Functions 5.3 HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 Intel
  4. Gaughin
    Thanks for your time and consideration; after weeks without work, I finally get a freelance job and my computer craps out. services.exe is consuming all of my CPU and I can't get hardly any software to run. Here are the requested logs. ******************************** Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 8.0.6001.18702 5/6/2010 5:32:42 AM mbam-log-2010-05-06 (05-32-42).txt Scan type: Full scan (C:\|) Objects scanned: 336855 Time elapsed: 2 hour(s), 4 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 28 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{44240bb5-bd7d-4d49-a1aa-8ab0f3d3cb44} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409} (Adware.OneStepSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\SYSTEM32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\David Vinson\My Documents\Downloads\antimalware-pro-v04(2).exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\David Vinson\My Documents\Downloads\antimalware-pro-v04.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\David Vinson\My Documents\Downloads\vlcsetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\David Vinson\My Documents\Downloads\vlcsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP403\A0052838.sys (Rootkit.Agent) -> Quarantined and deleted successfully. *************************************************** Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:24:08 PM, on 5/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\DSentry.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\msfeedssync.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\Common Files\Java\Java Update\jaucheck.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - (no file) O2 - BHO: (no name) - {271724AF-A099-49E7-821E-8EAB76AF97CD} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {3E094DBF-E4CC-444D-BF99-93F54684F1F5} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\coIEPlg.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [stratas] lockx.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) - O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) - O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) - O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O20 - Winlogon Notify: kbmsvc - Invalid registry found O20 - Winlogon Notify: nnnmmjh - Invalid registry found O20 - Winlogon Notify: tapinet - Invalid registry found O20 - Winlogon Notify: utilun - Invalid registry found O20 - Winlogon Notify: vtsqq - Invalid registry found O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Desktop Manager 5.9.909.30391 (GoogleDesktopManager-093009-130223) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.1.0.32\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) -- End of file - 10729 bytes **************************** Thanks again, gaughin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.