Computer slow, log file,which virus protection? done combofix

zoeeeet · 5 November 2009 at 3:07AM

please find log below i have done three scans but got locked out of site before so couldn't post details
result of scans revealed cookies and coupon printer thing so removed and quarantined

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/05/2009 at 02:02 AM
Application Version : 4.29.1004
Core Rules Database Version : 4230
Trace Rules Database Version: 2128
Scan type : Complete Scan
Total Scan Time : 01:27:00
Memory items scanned : 546
Memory threats detected : 0
Registry items scanned : 4599
Registry threats detected : 0
File items scanned : 28979
File threats detected : 10
Adware.Tracking Cookie
C:\Documents and Settings\Zoe\Cookies\zoe@advertising[2].txt
C:\Documents and Settings\Zoe\Cookies\zoe@tacoda[2].txt
C:\Documents and Settings\Zoe\Cookies\zoe@ads.aol.co[1].txt
C:\Documents and Settings\Zoe\Cookies\zoe@atdmt[2].txt
C:\Documents and Settings\Zoe\Cookies\zoe@atwola[1].txt
C:\Documents and Settings\Zoe\Cookies\zoe@doubleclick[2].txt
C:\Documents and Settings\Zoe\Cookies\zoe@uk.at.atwola[1].txt
C:\Documents and Settings\Zoe\Cookies\zoe@serving-sys[2].txt
C:\Documents and Settings\Zoe\Cookies\zoe@bs.serving-sys[1].txt
C:\Documents and Settings\Zoe\Cookies\zoe@statsv2[1].txt

zoeeeet · 5 November 2009 at 4:25AM

Managed to do the combofix.

Thought i'd have another go at combofix, as came across jellyspots thread whilst doing a trojan search (tried again using the link in this thread for combo fix but ended up with same result as before-noticed that bleeping computer page was blank so had a brainwave and used jellyspots link for combofix
please find below the combofix log part 1

ComboFix 09-11-04.02 - Zoe 05/11/2009 2:46.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.479.131 [GMT 0:00]
Running from: c:\documents and settings\Zoe\My Documents\My Received Files\qwerty.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1275210071-57989841-1417001333-1003
c:\recycler\S-1-5-21-2299983038-2035052078-1798419019-1003
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.
2009-11-03 08:19 . 2009-11-03 08:19

d

w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-11-02 16:04 . 2009-11-02 16:04

d

w- c:\documents and settings\Zoe\Application Data\Malwarebytes
2009-11-02 16:03 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 16:03 . 2009-11-02 16:03

d

w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 16:03 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 16:03 . 2009-11-02 16:04

d

w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 13:38 . 2009-11-02 14:56

d

w- c:\program files\Trend Micro
2009-11-02 12:31 . 2009-11-02 12:35

d

w- c:\windows\system32\NtmsData
2009-11-02 11:52 . 2009-11-02 20:42 195456

w- c:\windows\system32\MpSigStub.exe
2009-11-02 11:47 . 2009-11-02 11:48

d

w- c:\program files\Microsoft Security Essentials
2009-10-30 18:38 . 2009-10-30 18:38

d

w- c:\documents and settings\LAYLA\Application Data\Teleca
2009-10-30 18:37 . 2009-10-30 18:37

d

w- c:\documents and settings\LAYLA\Application Data\XTND_BTUIObjects
2009-10-30 18:36 . 2009-10-30 18:36

d

w- c:\documents and settings\LAYLA\Application Data\Sony Ericsson
2009-10-30 18:35 . 2009-10-30 18:35

d

w- c:\documents and settings\LAYLA\Local Settings\Application Data\AOL
2009-10-30 18:35 . 2009-10-30 18:35

d

w- c:\documents and settings\LAYLA\Application Data\AOL
2009-10-22 20:14 . 2009-10-22 21:50

d

w- c:\documents and settings\Mia\Application Data\MSN6
2009-10-14 23:03 . 2009-10-14 23:03

d

w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-10-13 09:02 . 2009-10-13 09:02

d

w- c:\documents and settings\All Users\Application Data\HMRC
2009-10-09 21:14 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-10-09 21:14 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-10-07 12:28 . 2009-10-07 12:28

d

w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-07 09:39 . 2009-10-07 09:39

d

w- c:\documents and settings\All Users\Application Data\Citrix
2009-10-07 09:35 . 2009-10-07 09:35

d

w- c:\program files\Citrix
2009-10-07 09:35 . 2009-10-07 09:35

d

w- c:\documents and settings\Zoe\Local Settings\Application Data\Citrix
2009-10-06 19:04 . 2009-10-19 21:36 3144624 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\ocpinst.exe
2009-10-06 19:04 . 2009-10-19 21:36 171600 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\setup.exe
2009-10-06 19:04 . 2009-10-19 21:35 76736 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\afixlang.exe
2009-10-06 19:04 . 2009-10-19 21:39

d

w- c:\documents and settings\All Users\Application Data\AOL Downloads
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 00:33 . 2009-11-04 23:49 117760 ----a-w- c:\documents and settings\Zoe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-04 22:50 . 2009-11-04 22:50

d

w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-04 22:49 . 2009-11-04 22:49

d

w- c:\program files\SUPERAntiSpyware
2009-11-04 22:49 . 2009-11-04 22:49

d

w- c:\documents and settings\Zoe\Application Data\SUPERAntiSpyware.com
2009-11-04 22:46 . 2009-11-04 22:46

d

w- c:\program files\Common Files\Wise Installation Wizard
2009-11-04 15:11 . 2006-10-26 10:27

d

w- c:\program files\Common Files\Motive
2009-11-04 15:11 . 2004-12-10 15:16

d

w- c:\program files\Common Files\FTL Shared
2009-11-04 12:05 . 2008-05-23 19:32

d

w- c:\program files\BT Voyager 105 ADSL Modem
2009-11-04 00:12 . 2009-11-04 00:12

d

w- c:\program files\CCleaner
2009-10-21 10:40 . 2009-06-03 20:30

d

w- c:\program files\Coupon Printer
2009-10-19 21:39 . 2009-10-06 19:05 182360 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\cculang_uk.exe
2009-10-19 21:39 . 2009-10-06 19:05 63056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\instSup.dll
2009-10-19 21:39 . 2009-10-06 19:05 96920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\sminstlp_uk.exe
2009-10-19 21:39 . 2009-10-06 19:05 99096 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\sminstlp.exe
2009-10-19 21:39 . 2009-10-06 19:05 163976 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\iphinst.exe
2009-10-19 21:39 . 2009-10-06 19:05 225080 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\cculang.exe
2009-10-19 21:36 . 2009-10-06 19:05 79232 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\afixlang_uk.exe
2009-10-16 23:17 . 2004-01-16 05:38

d

w- c:\program files\BigFix
2009-10-16 22:20 . 2004-11-15 10:40

d

w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-16 22:11 . 2004-01-16 05:28

d

w- c:\program files\Viewpoint
2009-10-15 19:09 . 2004-12-17 21:52

d

w- c:\program files\AOL 9.0
2009-10-15 11:08 . 2004-01-16 05:27

d

w- c:\program files\Common Files\aolshare
2009-10-15 11:07 . 2004-01-16 05:27

d

w- c:\program files\Common Files\AOL
2009-10-14 23:02 . 2004-12-17 21:52

d

w- c:\documents and settings\All Users\Application Data\AOL
2009-10-12 22:24 . 2008-01-18 13:20

d

w- c:\program files\HMRC
2009-10-07 09:35 . 2009-10-07 09:35 61224 ----a-w- c:\windows\java\GoToAssistDownloadHelper.exe
2009-10-06 19:05 . 2009-10-06 19:05 256144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\CCUInst.exe
2009-10-06 17:36 . 2007-12-17 22:54

d

w- c:\program files\Common Files\Symantec Shared
2009-09-14 20:05 . 2009-09-14 20:05

d

w- c:\documents and settings\Ellis\Application Data\AdobeAUM
2009-09-14 19:07 . 2009-09-14 19:07

d

w- c:\documents and settings\Ellis\Application Data\You've Got Pictures screensaver
2009-09-14 19:00 . 2009-09-14 19:00

d

w- c:\documents and settings\Ellis\Application Data\Apple Computer
2009-09-11 14:18 . 2004-01-16 10:45 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-01-16 10:45 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-02-06 17:05 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-01-16 10:45 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-01-16 10:45 247326 ----a-w- c:\windows\system32\strmdll.dll
.

zoeeeet · 5 November 2009 at 4:27AM

part 2
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-12 2000112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-11-20 139264]
"%FP%Friendly fts.exe"="c:\program files\VoyagerTest\fts.exe" [2003-05-06 72192]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 71008]
"HostManager"="c:\program files\Common Files\AOL\1135262144\ee\AOLSoftware.exe" [2006-11-17 50736]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
"DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2003-12-29 28672]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2003-06-03 496640]
"BTUSRBDG"="BtUsrBdg.exe" - c:\windows\system32\BtUsrBdg.exe [2003-11-05 53248]
"BTSETBOOTKEY"="BTSetBootKey.exe" - c:\windows\system32\BTSetBootKey.exe [2003-04-15 36864]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Ellis\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\Zoe\Start Menu\Programs\Startup\
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2004-12-17 156784]
AOL Broadband Assistant.lnk - c:\program files\AOL\Broadband Assistant\bin\matcli.exe [2006-10-26 217088]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 15:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\1135262144\\ee\\aolsoftware.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 21:24 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 21:24 74480]
R3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys [10/07/2004 18:10 55616]
R3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\drivers\BtKrnBdg.sys [10/07/2004 18:10 15876]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 21:24 7408]
R3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys [10/07/2004 18:10 19840]
S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\drivers\csrbc01.sys [10/07/2004 18:10 24523]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder
2004-08-28 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8081634754.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52]
2009-11-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
2009-11-05 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]
.
.

Supplementary Scan

.
uStart Page = hxxp://www.aol.co.uk
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-GB\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {B2DCECC4-FF85-4DE0-B89F-BF3A80043271} = 205.188.146.145
TCP: {EFF9A924-E188-4063-B9DB-F02150FFC306} = 92.31.242.20 92.31.242.21
DPF: Microsoft XML Parser for Java - [URL]file://c:\windows\Java\classes\xmldso.cab[/URL]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-MCODS

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 03:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="System32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="System32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTCOMM]
"ImagePath"="system32\drivers\Btcomm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthEnum]
"ImagePath"="system32\DRIVERS\BthEnum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHMODEM]
"ImagePath"="system32\DRIVERS\bthmodem.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthPan]
"ImagePath"="system32\DRIVERS\bthpan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHPORT]
"ImagePath"="System32\Drivers\BTHport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthServ]
"ServiceDll"="%SystemRoot%\System32\bthserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHUSB]
"ImagePath"="System32\Drivers\BTHUSB.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTKRNBDG]
"ImagePath"="System32\DRIVERS\btkrnbdg.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\caboagp]
"ImagePath"="System32\DRIVERS\atisgkaf.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Zoe\LOCALS~1\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="System32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CSRBC01]
"ImagePath"="System32\Drivers\csrbc01.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="System32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\System32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="System32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FETND5BV]
"ImagePath"="system32\DRIVERS\fetnd5bv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FETNDIS]
"ImagePath"="system32\DRIVERS\fetnd5.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FETNDISB]
"ImagePath"="system32\DRIVERS\fetnd5b.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="System32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="System32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="SYSTEM32\DRIVERS\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GMSIPCI]
"ImagePath"="\??\d:\install\GMSIPCI.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="System32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidBth]
"ImagePath"="system32\DRIVERS\hidbth.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="System32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZid412]
"ImagePath"="System32\DRIVERS\HPZid412.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZipr12]
"ImagePath"="System32\DRIVERS\HPZipr12.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HPZius12]
"ImagePath"="System32\DRIVERS\HPZius12.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWBS2]
"ImagePath"="System32\DRIVERS\HSFHWBS2.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DP]
"ImagePath"="System32\DRIVERS\HSF_DP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="System32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="System32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="System32\DRIVERS\intelppm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ip6fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="System32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="System32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="System32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodService]
"ImagePath"="c:\program files\iPod\bin\iPodService.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="System32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="System32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="System32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k750bus]
"ImagePath"="system32\DRIVERS\k750bus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k750mdfl]
"ImagePath"="system32\DRIVERS\k750mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k750mdm]
"ImagePath"="system32\DRIVERS\k750mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k750mgmt]
"ImagePath"="system32\DRIVERS\k750mgmt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k750obex]
"ImagePath"="system32\DRIVERS\k750obex.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="System32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

zoeeeet · 5 November 2009 at 4:29AM

part 3

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanusb]
"ImagePath"="system32\DRIVERS\glausb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]
"ImagePath"="System32\DRIVERS\mdmxsdk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\System32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="System32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="System32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpFilter]
"ImagePath"="system32\DRIVERS\MpFilter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="System32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\System32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsMpSvc]
"ImagePath"="\"c:\program files\Microsoft Security Essentials\MsMpEng.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="System32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="System32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="System32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="System32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTACCESS]
"ImagePath"="\??\D:\NTACCESS.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="System32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="System32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="System32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="System32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="System32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pml Driver HPZ12]
"ImagePath"="c:\windows\System32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PPPoEWin]
"ImagePath"="system32\DRIVERS\PPPoEWin.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="System32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="System32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="System32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="System32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="System32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="System32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="System32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="System32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RFCOMM]
"ImagePath"="system32\DRIVERS\rfcomm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\System32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8139]
"ImagePath"="System32\DRIVERS\R8139n51.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S3Psddr]
"ImagePath"="system32\DRIVERS\s3gnbm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S3SavageNB]
"ImagePath"="system32\DRIVERS\s3gnbm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASENUM]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SE27bus]
"ImagePath"="system32\DRIVERS\SE27bus.sys"

zoeeeet · 5 November 2009 at 4:32AM

part 4
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SE27mdfl]
"ImagePath"="system32\DRIVERS\SE27mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SE27mdm]
"ImagePath"="system32\DRIVERS\SE27mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SE27obex]
"ImagePath"="system32\DRIVERS\SE27obex.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="System32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="System32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="System32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SetupNTGLM7X]
"ImagePath"="\??\D:\NTGLM7X.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="System32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="System32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SunkFilt]
"ImagePath"="\??\c:\windows\System32\Drivers\sunkfilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="System32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\System32\dllhost.exe /Processid:{D736FDB9-02DF-4B3A-96D6-606C6058D894}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="System32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="System32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UMWdf]
"ImagePath"="c:\windows\system32\wdfmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="System32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="System32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="System32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="System32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="System32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="System32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="System32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="System32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vad_multi]
"ImagePath"="system32\drivers\vadmulti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VIA Codec Default]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="System32\DRIVERS\viaagp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VIAudio]
"ImagePath"="system32\drivers\vinyl97.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VXD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="System32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wanatw]
"ImagePath"="System32\DRIVERS\wanatw4.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wandrv]
"ImagePath"="System32\DRIVERS\wandrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WANMiniportService]
"ImagePath"="\"c:\windows\wanmpsvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsf]
"ImagePath"="System32\DRIVERS\HSF_CNXT.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\System32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1540F040-7D55-4148-855C-68AD7AB74D7A}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{7115AE2D-7C6E-4406-B22C-A0A14A539024}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{80FAB5B3-869A-4315-95B0-06EBE1BB7D67}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{9C494CD1-7068-42DA-AF55-D20054B83C05}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{CAEF38F8-576C-402F-BF46-CE573F39E72C}]
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(884)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3500)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
Completion time: 2009-11-05 3:18
ComboFix-quarantined-files.txt 2009-11-05 03:18
Pre-Run: 64,191,496,192 bytes free
Post-Run: 65,273,868,288 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

aliEnRIK · 5 November 2009 at 7:43AM

The bottom of the logs missing?

anyways

In general terms the computers log is clean aside from these ~
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\CCUInst.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\cculang_uk.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\instSup.dll
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\sminstlp_uk.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\sminstlp.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\iphinst.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\cculang.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\afixlang_uk.exe

try to manually delete them

...............................................................................................

All of these ~

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w scsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll "
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w uauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll "
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W ZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll "
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\x mlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dl l"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 1540F040-7D55-4148-855C-68AD7AB74D7A}]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 7115AE2D-7C6E-4406-B22C-A0A14A539024}]
etc etc etc (Of which you have tons)

They look quite dodgy but wouldnt really know where to start with them so we shall attempt a few things to clean up (As below)

..............................................................................

Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

(If you cant get hosts running move onto the others)
...............................................................................................

Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)

.......................................................................................................

reboot

Download GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Then goto MODULES, SYSTEM TOOLS, WINDOWS STANDARD TOOLS and run SYSTEM FILE CHECKER

..............................................

Update malwarebytes and run a another full scan

zoeeeet · 7 November 2009 at 12:35AM

THIS IS BOTTOM OF LOG -FILE HAD NO MORE INFO
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

MANAGED TO DELETE THESE
In general terms the computers log is clean aside from these ~
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\CCUInst.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\cculang_uk.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\instSup.dll
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\sminstlp_uk.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\sminstlp.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\iphinst.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\cculang.exe
c:\documents and settings\All Users\Application Data\AOL Downloads\ccu_suite_uk\1.1.13.1\afixlang_uk.exe

COULDN'T DO THIS ONE AND GOT SOME STRANGE POPUPS FLOATNG AROUND ON PAGE

Download HostsXpert
http://www.softpedia.com/get/Security/Security-Related/Hoster.shtml
and then follow the below steps.

* Unzip HostsXpert.zip
* It will create a folder named HostsXpert in whatever folder you extract it to.
* Run HostsXpert.exe by double clicking on it.
* click the Make Writeable? button.
* click Restore Microsoft's Hosts File and then click OK.
* Click the X to exit the program

DONE THIS ONE
(If you cant get hosts running move onto the others)
Download CCLEANER
http://www.ccleaner.com/download/builds/downloading-slim
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)

LIKED THIS ONE EASY TO USE AND I THINK IT GOT RID OF THEM THINGS THAT YOU SAID I'VE GOT LOADS OF
GLARY UTILITIES
http://www.glaryutilities.com/download/gusetup_slim.exe
Run the ONE CLICK scan
Then goto MODULES, SYSTEM TOOLS, WINDOWS STANDARD TOOLS and run SYSTEM FILE CHECKER

DID THIS NOTHING FOUND CAN I JUMP FOR JOY YET?
Update malwarebytes and run a another full scan

COMPUTER IS RUNNING MUCH BETTER THANKS
shall i download some antivirus, avast and avira keep getting mentioned? would these conflict with microsoft security essentials and think i should get spybot

oh and for got to add aol spyzapper has asked me to block two thing recently don't ever recall it asking me to block anything

aliEnRIK · 7 November 2009 at 12:42AM

Glad its running better

Either keep it as it is or uninstall essentials and install AVIRA

zoeeeet · 7 November 2009 at 12:56AM

so i can jump for joy:j
Thank you soooooooo much for all your help, and from all the threads there are alot of non-techie people on here with similar security problems who you and your tag team buddy (as well as other helpers) offer advice endlessly.:T

This has been a steep learning curve for me this week (more like a cliff face). Now I can get back to changing internet provider.

Ps helped my dad tonight with his laptop (he's more clueless than me)
oh my god he's got mcafee and it was not registered-i suppose i'll be downloading malwarebytes and making sure he's got adequate security.

Once again thanks for all your help, the truth is out there if you want to help yourself.

aliEnRIK · 7 November 2009 at 10:38AM

zoeeeet wrote: »

should get spybot

oh and for got to add aol spyzapper has asked me to block two thing recently don't ever recall it asking me to block anything

I use spybot myself
Make sure you UNTICK 'tea timer' (I find it does more harm than good)
UPDATE, 'immunise' (Protects from bad webpages etc) and scan every so often

As for aol software - I personally find it absolutely useless

Computer slow, log file,which virus protection? done combofix

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free