Tech Support Forum - View Single Post

ohno · 05-06-2007, 01:58 AM

ComboFix2.txt

"ohno" - 2007-05-06 17:39:54 Service Pack 2
ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\ohno\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\_desktop.ini
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\WINDOWS\system32\cmdbcs.dll
C:\WINDOWS\system32\msccrt.dll
C:\WINDOWS\richdll.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn
C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))

2007-05-06 14:55 <DIR> d-------- C:\Deckard
2007-05-06 14:54 21,312 --a------ C:\WINDOWS\choice.exe
2007-05-06 14:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\LastGood
2007-05-06 13:23 <DIR> d--h----- C:\WINDOWS\rundl132.exe
2007-05-06 13:21 <DIR> d--h----- C:\WINDOWS\vdll.dll
2007-05-06 13:20 <DIR> d--h----- C:\WINDOWS\Logo_1.exe
2007-05-06 13:19 <DIR> d--h----- C:\WINDOWS\Logo1_.exe
2007-05-06 13:04 <DIR> d--h----- C:\WINDOWS\uninstall
2007-05-06 12:25 <DIR> d-------- C:\Program Files\IDM Computer Solutions
2007-05-06 12:25 <DIR> d-------- C:\DOCUME~1\ohno\APPLIC~1\IDMComp
2007-05-06 11:37 <DIR> d--hs---- C:\WINDOWS\CSC
2007-05-05 15:50 <DIR> d-------- C:\Program Files\Spybot
2007-05-05 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-05 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-05 10:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-05 10:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-05-05 09:44 77,312 --a------ C:\WINDOWS\ua2.dll
2007-05-04 23:48 5,632 --a------ C:\WINDOWS\system32\Kvsc3.dll
2007-05-04 23:48 18,484 ---h----- C:\WINDOWS\system32\RAVWM506.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-06 06:36:27 -------- d-----w C:\Program Files\VPN Client
2007-05-06 06:27:01 -------- d-----w C:\Program Files\Wireless Console 2
2007-05-06 06:24:35 -------- d-----w C:\Program Files\MSN Messenger
2007-05-06 06:21:19 -------- d-----w C:\Program Files\Google
2007-05-06 06:21:08 -------- d-----w C:\Program Files\DAEMON Tools
2007-05-06 06:21:06 -------- d-----w C:\Program Files\CuteFTP
2007-05-06 03:04:57 -------- d-----w C:\Program Files\putty
2007-05-06 02:25:24 -------- d-----w C:\DOCUME~1\ohno\APPLIC~1.\IDMComp
2007-05-05 23:50:59 -------- d-----w C:\Program Files\SyncBack
2007-05-04 13:51:00 -------- d-----w C:\Program Files\Windows XP MUI Pack
2007-05-04 13:50:58 -------- d-----w C:\Program Files\Winamp
2007-05-04 13:50:41 -------- d-----w C:\Program Files\Real Alternative
2007-05-04 13:50:40 -------- d-----w C:\Program Files\QuickTime Alternative
2007-05-04 13:50:33 -------- d-----w C:\Program Files\pg2
2007-05-04 13:50:33 -------- d-----w C:\Program Files\PCMan
2007-05-04 13:50:25 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-04 13:50:17 -------- d-----w C:\Program Files\eMule
2007-05-04 13:50:15 -------- d-----w C:\Program Files\BitComet
2007-02-23 01:19:49 12,245,199 ------w C:\AVG7QT.DAT

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="C:\Program Files\BitComet\tools\BitCometBHO.dll"
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\bin\ssv.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll"
"{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"="c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SkyTel"="SkyTel.EXE"
"SMSERIAL"="sm56hlpr.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe"
"ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="APSHook.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0ASWLNPkg\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr
ALCMTR.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asus live update
C:\Program Files\ASUS\ASUS Live Update\ALU.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\power_gear
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
Cognizance ASChannel\0\0

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 17:41:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-06 17:41:57
C:\ComboFix-quarantined-files.txt ... 2007-05-06 17:41

05-06-2007, 01:58 AM	#8 (permalink)
ohno Registered User Join Date: May 2007 Posts: 19 OS: Windows XP	Re: Multiple infections ComboFix2.txt "ohno" - 2007-05-06 17:39:54 Service Pack 2 ComboFix 07-05.06.1.V - Running from: "C:\Documents and Settings\ohno\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\_desktop.ini C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn\IFFLASHAD_PLAYER.sol C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol C:\WINDOWS\system32\cmdbcs.dll C:\WINDOWS\system32\msccrt.dll C:\WINDOWS\richdll.dll C:\WINDOWS\system32\drivers\npf.sys C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\#SharedObjects\5B2B7EZU\www.inter-focus.cn C:\DOCUME~1\ohno\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn ((((((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_NPF -------\NPF ((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 )))))))))))))))))))))))))))))))))) 2007-05-06 14:55 <DIR> d-------- C:\Deckard 2007-05-06 14:54 21,312 --a------ C:\WINDOWS\choice.exe 2007-05-06 14:47 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-05-06 14:20 <DIR> d-------- C:\WINDOWS\LastGood 2007-05-06 13:23 <DIR> d--h----- C:\WINDOWS\rundl132.exe 2007-05-06 13:21 <DIR> d--h----- C:\WINDOWS\vdll.dll 2007-05-06 13:20 <DIR> d--h----- C:\WINDOWS\Logo_1.exe 2007-05-06 13:19 <DIR> d--h----- C:\WINDOWS\Logo1_.exe 2007-05-06 13:04 <DIR> d--h----- C:\WINDOWS\uninstall 2007-05-06 12:25 <DIR> d-------- C:\Program Files\IDM Computer Solutions 2007-05-06 12:25 <DIR> d-------- C:\DOCUME~1\ohno\APPLIC~1\IDMComp 2007-05-06 11:37 <DIR> d--hs---- C:\WINDOWS\CSC 2007-05-05 15:50 <DIR> d-------- C:\Program Files\Spybot 2007-05-05 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-05 10:09 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-05 10:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-05 10:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2007-05-05 09:44 77,312 --a------ C:\WINDOWS\ua2.dll 2007-05-04 23:48 5,632 --a------ C:\WINDOWS\system32\Kvsc3.dll 2007-05-04 23:48 18,484 ---h----- C:\WINDOWS\system32\RAVWM506.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 06:36:27 -------- d-----w C:\Program Files\VPN Client 2007-05-06 06:27:01 -------- d-----w C:\Program Files\Wireless Console 2 2007-05-06 06:24:35 -------- d-----w C:\Program Files\MSN Messenger 2007-05-06 06:21:19 -------- d-----w C:\Program Files\Google 2007-05-06 06:21:08 -------- d-----w C:\Program Files\DAEMON Tools 2007-05-06 06:21:06 -------- d-----w C:\Program Files\CuteFTP 2007-05-06 03:04:57 -------- d-----w C:\Program Files\putty 2007-05-06 02:25:24 -------- d-----w C:\DOCUME~1\ohno\APPLIC~1.\IDMComp 2007-05-05 23:50:59 -------- d-----w C:\Program Files\SyncBack 2007-05-04 13:51:00 -------- d-----w C:\Program Files\Windows XP MUI Pack 2007-05-04 13:50:58 -------- d-----w C:\Program Files\Winamp 2007-05-04 13:50:41 -------- d-----w C:\Program Files\Real Alternative 2007-05-04 13:50:40 -------- d-----w C:\Program Files\QuickTime Alternative 2007-05-04 13:50:33 -------- d-----w C:\Program Files\pg2 2007-05-04 13:50:33 -------- d-----w C:\Program Files\PCMan 2007-05-04 13:50:25 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-04 13:50:17 -------- d-----w C:\Program Files\eMule 2007-05-04 13:50:15 -------- d-----w C:\Program Files\BitComet 2007-02-23 01:19:49 12,245,199 ------w C:\AVG7QT.DAT (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}"="C:\Program Files\BitComet\tools\BitCometBHO.dll" "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\bin\ssv.dll" "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar2.dll" "{DF21F1DB-80C6-11D3-9483-B03D0EC10000}"="c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "nwiz"="nwiz.exe /install" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit" "SkyTel"="SkyTel.EXE" "SMSERIAL"="sm56hlpr.exe" "Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Zshutdown"="c:\\sysprep\\patch\\sysprep.cmd" "RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\bin\\jusched.exe\"" "RTHDCPL"="RTHDCPL.EXE" "ABLKSR"="C:\\windows\\ABLKSR\\ABLKSR.exe" "ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "CognizanceTS"="rundll32.exe c:\\PROGRA~1\\ASUSSE~1\\ASUSSE~1\\Bin\\ASTSVCC.dll,RegisterModule" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe" "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="APSHook.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0ASWLNPkg\0\0 HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr ALCMTR.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\asus live update C:\Program Files\ASUS\ASUS Live Update\ALU.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\power_gear C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter HTTPFilter\0\0 LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 DcomLaunch DcomLaunch\0TermService\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 Cognizance ASChannel\0\0 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Svchost netsvcs ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-06 17:41:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 2007-05-06 17:41:57 C:\ComboFix-quarantined-files.txt ... 2007-05-06 17:41