Virtumonde

[bladehappy]

Unfortunately, I've got it. Lets get started:

HJT Scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:11 PM, on 12/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 207.210.93.28 game01.us.segaonline.jp
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll,avgrsstx.dll tnfajz.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10639 bytes

[Shaba]

Hi bladehappy

Rename HijackThis.exe to bladehappy.exe and post back a fresh HijackThis log, please

[bladehappy]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:05 AM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Sandisk\Sansa Media Converter 2\Sansa Media Converter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Trend Micro\HijackThis\bladehappy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 207.210.93.28 game01.us.segaonline.jp
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61D0D3D0-8771-4276-80E8-D54A10BE3BE8} - C:\WINDOWS\system32\iiffGXrp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {B09EEFB1-0E56-4091-9D59-80459C00EC74} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BF606CAD-3F81-499F-A54E-7081DD94BCCB} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1.0\wl_hook.dll,avgrsstx.dll fxsuzy.dll qaxubs.dll wljltp.dll vxxtwh.dll mwbsvd.dll
O20 - Winlogon Notify: mlJAtuUM - mlJAtuUM.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12473 bytes



There you go. :3

[Shaba]

We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix

[bladehappy]

Combofix Log:
ComboFix 09-01-01.02 - Michael 2009-01-02 13:37:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1050 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Michael\Application Data\APPATC~1
c:\documents and settings\Michael\Application Data\NI.GSCNS
c:\documents and settings\Michael\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Michael\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\Michael\Application Data\SpeedRunner
c:\documents and settings\Michael\Application Data\SpeedRunner\config.cfg
c:\documents and settings\Michael\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Michael\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
c:\program files\asembl~1
c:\temp\PRE45
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\scurit~1
c:\windows\system32\chqiiiey.dll
c:\windows\system32\fxsuzy.dll
c:\windows\system32\gpobnusy.dll
c:\windows\system32\iiffGXrp.dll
c:\windows\system32\kmbqcbct.dll
c:\windows\system32\mwbsvd.dll
c:\windows\system32\nssohcvj.dll
c:\windows\system32\pac.txt
c:\windows\system32\prXGffii.ini
c:\windows\system32\prXGffii.ini2
c:\windows\system32\qaxubs.dll
c:\windows\system32\qlqfhgab.dll
c:\windows\system32\regbwexq.dll
c:\windows\system32\sX3i19
c:\windows\system32\tnfajz.dll
c:\windows\system32\vksecaji.dll
c:\windows\system32\vxxtwh.dll
c:\windows\system32\wljltp.dll
c:\windows\system32\xxfbxirs.dll
c:\windows\system32\yksdfyfj.dll

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_RPCSE
-------\Legacy_VFILT
-------\Service_cmdService
-------\Service_RPCSE
-------\Service_VFILT


((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-01 20:03 . 2009-01-01 20:03 120 --ahs---- c:\windows\system32\srixbfxx.ini
2008-12-31 12:42 . 2008-12-31 12:42 120 --ahs---- c:\windows\system32\baghfqlq.ini
2008-12-30 11:28 . 2008-12-30 11:28 120 --ahs---- c:\windows\system32\ijaceskv.ini
2008-12-29 19:39 . 2008-12-29 19:39 120 --ahs---- c:\windows\system32\mrmsrtxr.ini
2008-12-28 19:36 . 2008-12-28 19:36 120 --ahs---- c:\windows\system32\wabvbltc.ini
2008-12-28 17:56 . 2008-12-28 17:56 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 14:18 . 2008-12-28 14:18 95 --a------ c:\windows\wininit.ini
2008-12-28 13:45 . 2008-12-28 14:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 13:45 . 2008-12-28 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 16:04 . 2008-12-27 16:15 <DIR> d-------- c:\documents and settings\Michael\Application Data\Twain
2008-12-27 15:59 . 2008-12-27 17:42 <DIR> d-------- c:\program files\Webtools
2008-12-20 17:35 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-20 17:35 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-08 18:54 . 2008-12-08 18:54 <DIR> d-------- c:\program files\foobar2000
2008-12-08 18:54 . 2009-01-02 09:11 <DIR> d-------- c:\documents and settings\Michael\Application Data\foobar2000
2008-12-07 16:42 . 2008-12-07 16:42 <DIR> d-------- c:\program files\UnH Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 18:47 --------- d-----w c:\program files\Steam
2009-01-02 18:46 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-01 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-31 04:26 --------- d-----w c:\documents and settings\Michael\Application Data\uTorrent
2008-12-31 01:32 --------- d-----w c:\program files\War Craft III
2008-12-29 22:59 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 19:22 94,208 ----a-w c:\windows\ScUnin.exe
2008-12-21 05:04 --------- d-----w c:\documents and settings\Michael\Application Data\OpenOffice.org2
2008-12-20 23:31 --------- d-----w c:\documents and settings\Michael\Application Data\Xfire
2008-12-19 02:14 --------- d-s---w c:\program files\Xfire
2008-12-15 19:38 --------- d-----w c:\program files\WinVorbis
2008-12-15 19:38 --------- d-----w c:\program files\SpeedFan
2008-11-17 20:50 --------- d-----w c:\program files\Lavasoft
2008-11-17 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-17 20:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 06:10 --------- d-----w c:\program files\MSXML 6.0
2008-11-10 01:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 01:06 --------- d-----w c:\program files\Bethesda Softworks
2008-11-10 01:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-10 01:04 --------- d-----w c:\program files\MSBuild
2008-11-10 01:02 --------- d-----w c:\program files\Reference Assemblies
2007-12-30 00:51 22,328 ----a-w c:\documents and settings\Michael\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-10-18 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-10-04 50528]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8527872]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-09-23 2494464]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-04-29 4376328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-24 81920]
"Outpost Firewall"="c:\progra~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 91648]
"OutpostFeedBack"="c:\progra~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 356420]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-18 113152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-10-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-05-03 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\War Craft III\\Frozen Throne.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AeriaGames\\Project Torque\\ProjectTorque.bin"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.5.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\softsd\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Rohan\\rohanclient.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Michael\\Desktop\\LackeyCCG\\LackeyCCG\\LackeyCCG.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\GunzLauncher.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\Gunz.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\My Completed Downloads\\zunesetuppkg-x86(2).exe"=
"f:\\Program Files\\Starcraft\\StarCraft.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"11871:TCP"= 11871:TCP:utorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-06 97928]
R1 raddrvv3;raddrvv3;\??\c:\windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-06 76040]
R2 RServer3;Radmin Server V3;"c:\windows\system32\rserver30\RServer3.exe" /service [2008-04-24 1238344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-24 24652]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\DRIVERS\PRISMNDS.sys [2007-04-28 652288]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 17440]
S3 CCCP106;D-Link CIF Webcam;c:\windows\system32\DRIVERS\cccp106.sys [2007-12-22 227200]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 9024]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 9696]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys []
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-01-02 c:\windows\Tasks\awckpjzv.job
- c:\windows\system32\rundll32.exe [2006-02-28 07:00]

2009-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

2008-12-26 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{61D0D3D0-8771-4276-80E8-D54A10BE3BE8} - c:\windows\system32\iiffGXrp.dll
BHO-{B09EEFB1-0E56-4091-9D59-80459C00EC74} - (no file)
BHO-{BF606CAD-3F81-499F-A54E-7081DD94BCCB} - (no file)
Notify-mlJAtuUM - mlJAtuUM.dll


.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 13:48:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\DirectInput\ôu"oD’.*NULL*E*NULL*X*NULL*E*NULL*4*NULL*7*NULL*1*NULL*1*NULL*9*NULL*1*NULL*E*NULL*A*NULL*0*NULL*0*NULL*1*NULL*6*NULL*2*NULL*0*NULL*0*NULL*0*NULL*]
"Name"="???.EXE"
"UsesMapper"=hex:00,00,00,00

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:ec,8e,8c,78,f6,42,bb,21,bd,2d,bd,b7,d9,da,b6,c8,af,9b,bd,28,4b,75,44,\
e4,37,f0,96,6a,06,94,22,30,1f,0d,41,29,23,0f,22,b8,de,b0,25,e5,a9,0d,2d,85,\
18,3c,d3,08,b1,f7,d2,24,fc,af,ea,f7,81,d2,21,62,ea,0c,db,5d,e2,31,5b,10,c6,\
21,8b,77,07,ad,12,c3,3e,46,a0,d3,0b,51,8c,32,6a,1f,60,c8,52,68,e3,e0,8f,36,\
00,c5,ff,02,72,f9,5e,15,27,bb,4e,a0,f4,c2,6d,98,60,43,1a,09,24,49,29,98,3a,\
f0,b4,16,72,97,e9,60,8d,f5,83,a3,32,5a,28,8b,12,0b,6a,4d,5c,df,c3,b1,8d,b7,\
81,f4,85,66,d3,2d,43,c0,29,c3,3d,f8,59,77,f3,2b,08,3c,a9,26,34,91,26,2d,8e,\
ba,a4,56,05,dc,e4,73,9a,6f,70,c0,4c,a0,08,4e,6d,ef,20,86,a6,8a,5c,d1,70,82,\
15,89,d1,aa,13,62,52,df,fc,10,2f,ba,aa,b7,41,55,f7,d9,25,91,49,9c,ec,8b,7f,\
5c,48,6c,4d,e7,de,6f,e4,db,df,86,70,98,34,f7,2e,51,d4,3a,f3,95,8c,ea,bb,7d,\
34,41,1b,b9,37,b3,bc,40,0c,34,4a,44,33,fa,41,ea,a3,f8,a8,46,c3,e6,2e,e1,92,\
41,7e,da,38,3c,a3,fe,71,04,8c,65,14,da,57,52,0a,a3,82,05,07,ad,a2,be,02,52,\
38,a2,48,d1,c1,eb,82,ba,44,fd,24,1a,b2,6b,75,a5,6b,f8,c6,28,b6,12,bf,4c,19,\
b8,8e,11,2b,25,d0,d4,db,f8,91,94,3f,d4,7c,ec,ce,ce,52,e7,1f,7b,a1,de,6c,6c,\
da,17,ba,b6,a8,14,0f,58,cd,1d,7e,e5,d1,11,01,6c,54,b3,7c,91,1a,d8,be,ad,ac,\
52,a3,85,56,71,be,7f,da,88,6c,5a,2a,90,13,85,d9,cd,55,a9,ee,8e,5b,4b,3e,8f,\
7c,a4,7c,b3,7b,9f,cb,0f,97,f0,31,8c,7a,f3,23,5f,4a,7f,00,85,5d,73,b7,bd,cb,\
6b,14,cd,4f,b4,ae,2f,1b,8d,b5,29,9e,9a,ec,5f,53,16,bf,c0,95,e6,19,99,d3,cf,\
a6,3c,9f,fc,13,a4,e8,34,60,65,c9,9a,0f,fe,2c,8e,dd,68,de,2a,10,f6,e5,e4,1b,\
d3,ab,7a,2d,c6,06,09,70,b5,c3,c9,10,19,8c,b2,c3,b2,5e,ef,d9,a6,20,88,f1,63,\
54,aa,83,91,53,00,7c,1a,19,88,e3,3f,db,d1,c0,21,15,59,12,44,d4,55,71,2a,4e,\
a2,57,cd,47,32,ec,67,1c,9d,b5,67,46,de,20,a9,98,d9,3c,d9,6f,7e,5a,dd,8c,94,\
73,3d,9f,a7,4d,d9,0d,45,94,47,8a,e4,08,18,d4,c7,5e,43,b6,ac,2e,ee,c8,b9,2c,\
9e,e5,35,e0,3e,c2,23,9f,11,99,18,5e,dc,b5,46,b2,c2,ae,d1,ca,b4,3b,de,b2,98,\
b1,da,22,78,b5,58,57,33,db,b6,96,dc,b3,09,4b,36,fa,a7,b3,b7,1a,2e,9e,ec,ff,\
3d,1e,a0,d3,4a,4c,4d,2c,04,ba,b2,1e,a5,1b,c0,9e,77,ba,10,48,5e,0d,49,8f,f4,\
ef,32,88,6e,6c,61,e4,07,68,00,19,9b,83,a4,42,c5,5a,7a,bc,44,95,00,99,e5,0d,\
96,bd,b3,7b,2c,65,2c,a7,ad,f8,da,8d,c8,22,5c,1f,ec,ee,b7,2c,4b,b8,61,0c,18,\
1f,53,0d,6b,3a,a7,c5,a3,55,4e,a8,25,07,93,9c,62,d2,28,5c,fc,66,46,68,0c,53,\
48,52,9b,c9,46,15,16,5f,9c,aa,4f,54,b5,4a,23,35,8b,90,0e,cc,4b,be,a9,8a,f6,\
e6,28,52,ed,24,dc,82,dc,8c,9f,b7,f3,dd,1e,ed,c0,ed,9d,03,65,03,3b,69,96,90,\
f4,f2,0c,f0,9a,82,4e,d7,19,ba,f6,91,7e,66,91,4f,3d,b1,d2,d2,bb,ef,0e,9c,01,\
69,9c,d2,65,4b,24,92,74,aa,55,51,c8,ab,4d,14,fd,3c,95,e7,97,10,93,da,56,ed,\
89,33,1a,a0,91,af,9a,37,8a,69,35,d4,6f,28,c6,14,e5,3c,97,ca,90,0a,a8,0f,46,\
16,71,c3,98,a8,d7,62,80,2c,96,5b,6c,8e,52,2c,3f,d7,79,2b,fc,bc,77,73,2e,72,\
de,77,66,0c,33,42,0b,39,8b,bf,57,30,11,18,a5,60,a3,6a,ee,24,e8,b5,b1,37,19,\
3d,2c,99,4c,80,d9,97,54,66,49,d3,88,74,8a,ec,c4,22,6f,8d,12,5d,22,e1,07,0d,\
28,e4,01,83,25,8e,61,e9,54,29,20,d6,a0,ce,f3,3f,9f,21,40,be,31,a3,ae,53,b2,\
fc,25,d4,8e,5b,8e,c4,9b,43,15,c7,ab,d0,89,42,08,5b,8b,59,fe,1f,c1,f9,b4,ae,\
9a,94,25,b2,4a,19,24,b4,44,4d,d9,a7,a4,08,d5,e9,5e,70,29,1b,09,07,cb,04,b1,\
0a,21,ee,2c,1d,74,9a,a8,21,84,0f,d0,1a,65,c8,b3,73,dd,1e,27,4e,1f,0d,a9,e8,\
3d,90,47,21,83,f7,df,03,9f,73,97,64,6d,46,ed,05,2e,93,e6,6a,26,ab,66,42,4f,\
a2,35,0e,eb,74,d3,66,69,12,69,32,62,27,cb,55,1e,93,e4,4a,6c,b6,c4,0d,af,b8,\
bd,2c,f0,a0,d3,a5,5b,6b,c2,9d,2f,b4,0c,16,47,12,36,ce,c8,41,ae,f4,1c,90,71,\
db,63,3b,ea,64,ee,9d,ab,0f,33,cf,43,91,ad,37,39,ff,78,5b,ba,67,e5,5c,ed,74,\
89,78,e6,a4,3b,40,20,95,0b,28,4b,54,cb,ab,49,38,0d,9c,a4,5d,02,81,fd,8b,d0,\
70,fe,f9,1e,0e,d9,72,d8,69,15,88,85,94,28,bc,71,5d,f8,e7,72,fc,66,37,07,f2,\
c4,ea,50,0e,0e,72,0b,51,1a,9f,0e,31,19,95,2e,c1,d2,b9,6a,97,c1,84,35,17,34,\
43,d5,77,4d,48,e2,e2,75,85,73,3e,7c,f2,b0,30,1b,98,1a,5b,d0,a2,e2,96,71,77,\
33,e2,ed,80,10,06,97,5b,99,e4,13,27,05,be,25,84,88,2e,d1,d1,d3,29,82,ea,af,\
70,0b,55,c4,aa,34,cf,84,0e,e2,e0,53,ce,e4,fe,ea,04,e2,f2,bc,65,4b,40,73,57,\
19,32,47,f5,8b,b9,c4,2a,39,f1,bf,d1,48,a5,8d,44,b9,03,b8,b8,27,cd,86,d2,6a,\
f3,ee,4a,c0,e6,5b,b9,41,51,7f,f8,db,7e,69,43,3c,27,46,78,2c,60,07,e0,d2,d0,\
9f,68,f3,d5,a0,58,bd,35,7f,76,75,49,5b,c6,b0,03,cf,22,4a,e7,a9,86,15,6e,af,\
c0,84,5b,da,e2,29,75,84,32,3a,48,23,d6,98,c4,b9,64,cb,a1,2a,15,1f,8c,20,4f,\
98,dd,01,f3,f1,bd,ab,70,7a,f7,b7,98,39,3f,6a,02,9d,d6,99,99,19,f9,21,04,28,\
52,6e,7c,cf,48,28,9c,79,e6,53,64,97,cc,a0,7d,10,91,04,79,4b,65,97,84,93,18,\
0b,5e,26,47,0b,9c,ec,74,02,a1,8a,1c,8b,70,61,14,a5,65,66,3c,38,6c,0a,28,b4,\
09,c9,22,71,d1,fd,33,30,06,95,b8,83,21,09,71,58,8c,ed,8d,4c,b2,53,32,9d,53,\
8e,35,34,74,37,7f,23,92,5e,ef,99,1d,17,b6,c9,1e,75,1a,d6,4b,7c,d3,bc,7b,4e,\
58,6f,ae,35,a6,5a,79,b4,fa,dc,2c,cb,1e,93,10,9c,6f,24,85,e2,1e,bd,16,4b,86,\
7e,30,c5,2f,3b,52,27,9c,32,30,6c,35,c3,0c,12,93,4c,88,ec,ea,7b,3c,22,ca,cc,\
64,54,8a,cf,39,47,e3,61,8d,ae,c2,21,1d,33,e6,23,6d,5b,df,c7,8a,8d,6a,48,04,\
2a,41,ac,8e,9f,6f,ef,ae,ef,46,e6,9c,48,c6,c1,e4,7c,75,4f,65,2d,b8,c9,02,df,\
61,05,e8,61,b3,96,14,5d,12,c5,94,df,67,09,60,2e,cd,c1,94,e5,b6,6a,92,02,5d,\
14,98,eb,64,e5,e3,06,bc,8c,0b,86,ec,00,16,5d,5d,6e,05,cc,ff,6e,6f,7b,7f,83,\
44,bb,2b,c4,8a,6f,05,10,0f,31,e1,df,cc,9f,d9,96,d6,64,a4,56,61,0e,4e,d3,06,\
9a,da,5d,61,ac,fb,cd,73,a7,97,fd,d2,8f,c0,24,ea,5b,77,73,29,46,46,08,bb,22,\
4c,8e,cd,59,b9,35,5a,a2,cd,a2,4e,7d,de,82,64,72,fd,b7,a6,99,5e,21,f0,61,2a,\
b0,e8,42,b7,19,4c,9d,0c,a5,0b,1a,27,04,e2,dd,ba,b1,af,d9,d9,d0,bf,01,17,80,\
2c,37,dc,ee,7e,3a,6b,5a,22,0a,45,d2,10,d5,c3,b2,89,2d,aa,36,b9,fb,58,ce,51,\
a3,8d,e9,d1,01,f2,1b,22,3c,76,af,49,05,9c,8a,0a,8e,2b,93,ce,49,e0,ed,57,91,\
97,f6,fe,83,2f,75,b4,fe,d6,14,56,1a,b7,0d,e2,1a,21,53,1f,59,be,a9,a6,7e,9d,\
fb,e6,34,5a,ea,86,4f,47,eb,47,8f,82,f6,bf,e4,94,e9,5c,bc,0e,cb,ca,d9,ce,41,\
37,07,03,f4,6f,04,d7,6f,5c,85,81,36,88,65,ee,1e,9a,f0,23,19,4b,eb,6e,5a,ed,\
8f,9b,c2,85,3f,b3,c1,29,58,cd,c9,34,41,f0,02,8f,f7,88,fc,8f,65,6c,3b,8f,60,\
1c,bf,0b,ef,75,e7,54,0a,99,1b,01,ca,a2,bf,5f,6e,f6,14,14,cb,1e,03,25,ee,61,\
36,11,14,e9,a7,bc,ff,67,fc,84,92,c0,6e,48,f4,53,5a,25,ae,e4,82,d4,ce,ec,7c,\
81,aa,26,b3,68,c5,dd,a2,d5,d2,02,6d,7c,40,d3,b7,c0,40,97,d9,f9,ee,d2,2b,82,\
fd,b6,2f,8f,d3,e8,b1,84,93,2d,e9,6d,55,73,54,63,09,d5,0a,cd,f6,d9,19,b8,d3,\
84,2d,ea,90,7c,74,5c,14,01,a4,e9,5c,0c,fa,0a,33,1c,7e,fe,e1,0e,97,2c,f3,20,\
10,f6,9c,de,0b,36,2f,8e,1b,28,75,8b,47,62,9d,cd,2b,52,e3,ac,2a,be,c8,47,56,\
92,c7,78,3d,32,1d,8c,40,bc,f5,02,c3,57,26,e2,b1,a5,19,55,e8,44,82,d7,09,be,\
57,48,bd,22,9e,e7,dc,eb,31,e2,41,13,c6,2d,4a,2f,c0,32,06,80,49,2c,b3,be,34,\
82,48,40,61,40,55,ef,ab,f7,c4,fa,e8,df,d0,ab,0c,ba,fc,f1,de,86,fe,ab,f9,1a,\
f0,20,66,84,5b,f7,94,92,42,b1,0b,89,00,e1,e3,6b,a8,bd,49,54,f4,70,57,4e,54,\
c3,cc,f9,4c,c3,c4,e9,b4,c3,bc
"??"=hex:bb,40,94,9c,6a,80,2e,00,eb,37,9f,34,fd,35,40,bb

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\License information*NULL*]
"datasecu"=hex:1c,1b,96,36,82,0c,8b,5a,8b,ae,d2,b5,af,c9,0b,34,05,61,70,cf,83,\
5e,6a,df,85,ad,ee,ad,5e,f3,60,2a,e9,d4,7e,22,b8,14,2f,b2,96,c9,6c,4f,1a,8a,\
3a,8a,4e,b1,68,fb,c7,60,da,e6,88,74,db,f3,40,02,a0,f2,20,60,bf,f5,ff,46,8b,\
42,4d,21,db,1d,66,e5,b0,a3,50,7e,69,ca,fa,cb,eb,9f,23,43,53,2e,8e,55,06,6f,\
95,e1,05,d4,f2,54,e0,bc,5a,31,c4,21,86,38,49,c9,8e,de,2f,01,80,ec,57,7d,b2,\
1d,9f,ab,74,3c,25,fd,78,8b,2f,f7,01,fc,a4,74,8c,a0,7a,c8,fb,89,ab,4c,a9,29,\
c2,61,fa,ee,1a,08,7b,81,c5,6b,61,04,3a,bb,54,3b,ab,11,17,e8,bc,10,a1,e8,1e,\
0b,64,25,ff,6e,0d,53,cc,86,e6,34,f4,ff,6a,f1,c2,9e,a5,2c,7c,6e,5a,44,56,3f,\
f6,01,6b,f4,a7,14,3b,0a,85,99,92,a5,84,fd,94,db,29,98,36,5b,44,12,44,c9,d8,\
4e,de,ea,b8,93,b7,f2,78,ca,5b,1e,82,b7,ce,24,0a,b9,04,87,d1,b8,26,dc,9d,68,\
8c,f6,87,e7,32,ec,22,c7,6a,07,f2,5e,7b,a3,95,8c,a9,67,58,68,f4,a6,ef,2c,ec,\
b8,c5,f8,aa,4a,fe,19,97,30,ab,d7,49,5c,e5,c2,69,7e,f3,4c,44,f2,9c,8b,49,c1,\
16,2b,6f,bf,54,f4,6a,1f,01,72,b8,97,60,af,c3,b8,c9,9a,eb,02,4c,39,9c,b8,ef,\
c5,94,f3,9d,8a,6d,fa,45,c9,cb,bd,dd,9d,58,89,67,56,11,ec,db,ad,01,67,04,9e,\
3e,d1,f6,5f,af,b7,66,eb,17,8d,f2,ba,e8,e6,ea,86,5d,94,fd,4d,82,b7,f7,35,da,\
7c,2b,32,14,8d,c0,1b,2b,ff,a6,b4,08,d6,a0,1b,90,37,be,db,2c,06,5b,95,1c,1e,\
b6,48,b8,82,0d,91,8d,ab,46,97,44,b6,64,67,b2,62,4c,70,9d,88,c7,21,4a,6e,02,\
c4,17,86,35,28,da,73,91,c7,17,45,fc,4e,78,04,34,6f,1d,93,45,06,6f,3f,64,44,\
d6,94,a4,56,9f,85,0a,6d,10,da,e6,ff,2f,b8,dd,37,3d,46,e4,ef,07,6a,ea,3c,da,\
9d,de,2a,85,f6,a2,45,4e,ef,0e,24,6b,f8,48,84,8f,af,93,69,c3,c5,5e,a2,06,ba,\
2f,37,36,00,b0,4b,22,24,e4,1b,cd,21,42,29,cc,a8,d9,ac,d8,fd,de,1e,38,93,fb,\
e1,ce,40,be,19,81,15,53,32,16,8a,f7,0f,14,53,9e,0c,fc,d5,99,fe,df,b5,be,60,\
cb,37,a8,a7,fa,8d,e9,99,37,32,ba,2e,bc,15,2b,4a,4b,59,b2,e4,bb,3d,d7,46,8a,\
2f,7e,c6,1a,88,a0,98,d8,a6,5c,57,d3,17,6d,32,db,84,5c,c1,2f,55,31,22,1c,99,\
f5,ad,d7,f3,3e,7a,d7,01,aa,f5,a5,78,3d,e2,c2,fd,fb,2d,93,b8,bc,e7,40,30,69,\
07,5f,d7,1f,d6,d5,7b,3c,9c,d3,ff,96,cf,0d,7c,b5,20,a7,2f,47,0c,65,57,12,15,\
02,ed,3a,ab,07,66,99,f1,a1,46,fb,e4,fc,26,19,af,5a,a2,34,99,3b,29,76,74,f8,\
68,ba,75,43,33,af,b1,52,00,1a,24,30,70,f6,31,0f,ea,aa,82,3f,b0,74,f3,a4,8b,\
18,65,cc,8f,ec,88,04,83,03,f5,46,4f,47,22,f5,2f,a5,be,65,af,f2,5c,4c,6a,40,\
d5,8b,49,79,fb,4a,09,4c,1b,75,53,76,93,2e,cb,8d,ca,9b,5f,f4,08,29,47,22,fe,\
a1,7e,34,43,8a,8b,34,05,3e,95,dd,78,66,0b,6d,ca,ec,c2,6a,a8,81,d1,2a,1b,75,\
ff,7d,10,98,b6,c8,a9,56,13,1b,37,ad,61,82,13,f7,4e,2d,3b,2e,19,e2,35,3e,25,\
fc,6f,d5,b1,8d,ef,21,0a,db,75,c0,b4,87,2a,24,f5,9c,eb,35,40,58,69,fe,9f,50,\
23,e1,d3,ae,ca,7e,c1,17,a2,c2,f7,e5,28,aa,b2,2b,02,58,2b,d3,59,e1,0b,76,3f,\
94,d3,7f,ab,a6,a1,93,50,3f,00,1e,c1,94,0c,0d,79,d7,5e,c8,0f,a3,89,67,14,2c,\
b2,2b,36,f9,b6,1c,fb,e6,f7,84,85,76,e1,c4,2b,56,5a,95,4a,37,24,54,db,4c,03,\
ca,39,24,13,45,37,d9,e6,b0,c7,f3,dd,80,ae,7d,4d,fa,9d,20,68,22,80,88,94,a4,\
a0,7c,e5,23,b2,99,3f,07,cb,f1,48,b6,83,be,b4,75,69,f1,59,4b,af,cc,54,6e,e5,\
9a,b3,71,f8,1b,31,60,9f,42,74,97,dc,5e,e8,d2,fa,9d,59,bd,0e,15,2a,bf,a8,34,\
bf,3a,96,f8,80,9e,75,4c,98,02,09,a1,70,12,1f,e1,3e,4b,85,c5,cc,75,7d,02,f7,\
58,57,7c,b0,4b,6a,52,64,af,ed,90,fd,e3,b0,b6,cb,26,60,7a,21,b5,cf,3a,25,1c,\
ef,26,5f,7c,96,cb,ab,49,cc,1a,d3,38,d7,d6,80,40,bb,e3,79,f2,63,1f,a2,6c,ea,\
d7,6a,74,7e,96,f6,6b,af,03,de,68,8c,39,04,05,c7,9f,43,f3,f1,89,76,30,da,b0,\
50,5b,a1,f7,ab,b5,f0,1d,8c,b2,3f,43,8f,f5,d7,3a,81,a2,02,20,5b,22,3c,8b,97,\
33,d9,af,8f,85,41,e8,62,14,3c,8f,40,2b,64,3e,b4,f6,bc,78,a0,fc,65,8c,99,4a,\
81,6e,1e,0b,5e,a8,52,1a,5b,de,56,4a,60,cf,4d,2c,b3,d0,6d,f4,4f,69,46,27,45,\
3c,27,3d,c4,53,73,63,75,90,6f,3e,00,ab,c4,e3,6c,a5,a2,1f,04,89,db,77,fd,d9,\
02,3c,4f,4c,2f,99,52,84,24,ea,3b,e9,d1,7a,91,0a,80,f6,e3,5d,5d,c7,ab,06,1e,\
2e,43,6b,60,36,fe,1b,f5,44,2e,ca,ac,75,bc,14,23,63,1c,86,69,80,cc,ee,08,2b,\
ae,a2,9e,a5,22,bb,41,95,ab,cb,33,5f,82,04,f4,bb,28,8d,5f,e4,ea,79,65,d8,76,\
6d,45,2f,ab,28,fb,22,c4,92,ab,c9,4f,eb,5a,17,8c,6c,35,4b,49,c4,05,43,52,c4,\
57,16,af,a3,92,76,d5,db,be,51,55,f0,b8,a1,bb,bc,5c,cd,4c,b6,04,c7,67,10,a0,\
e8,25,8c,08,56,42,e7,bb,dc,4d,15,7e,38,85,71,31,69,ff,df,cf,6d,cc,2f,48,aa,\
c4,e3,c4,00,5c,7f,e8,1b,02,fc,0d,0a,3d,3d,d0,0d,6f,fb,0e,5b,21,39,e6,21,68,\
7f,6b,47,59,ff,4c,cf,28,bb,26,a4,a8,58,2b,11,79,16,94,43,1c,86,08,62,6e,a4,\
85,dd,62,96,23,7c,09,25,c8,ed,6a,f2,19,8b,e0,f6,f1,2a,f9,da,69,ca,ab,04,d3,\
c9,fe,a4,14,80,af,3f,d2,c5,47,02,27,fc,ea,32,c5,6d,30,76,1b,a1,9f,be,bf,7d,\
01,26,45,26,d1,16,f8,d7,4c,74,0e,6c,17,92,80,cd,a7,42,9b,ea,ff,7a,4f,0b,32,\
98,4d,7f,dd,f0,26,7c,3e,94,1b,e6,b9,37,b0,90,f4,15,ed,ae,3d,51,c2,b3,ee,1d,\
34,45,41,cb,f8,66,82,fa,14,59,b8,c3,7b,7c,9d,6a,13,c4,2b,ac,0d,44,9f,ae,98,\
cb,04,78,48,06,9c,2a,08,a1,8c,61,c0,47,ba,8c,76,b3,48,b2,61,67,bd,ec,f2,61,\
75,de,aa,a8,34,fc,06,7a,dc,d1,27,f7,bf,07,37,1d,0e,79,a6,91,3b,e8,c5,93,21,\
20,81,8e,6a,ec,5d,55,55,04,7c,f0,89,b8,98,29,87,88,57,92,f4,fc,2d,76,c0,e3,\
9e,c6,74,66,b7,3d,d0,9c,46,1a,e6,e9,8d,eb,84,7c,0a,bf,6e,ec,eb,7d,c5,49,eb,\
c7,26,7a,c1,96,68,c6,af,2f,ec,86,76,32,e6,fd,a8,c9,9c,6b,a2,3a,cd,08,4b,4f,\
63,75,c8,80,8a,7c,ef,ea,ad,1f,9c,29,2c,49,79,b6,da,d9,af,e5,b8,bd,a2,74,7e,\
7d,78,d5,82,80,ea,29,a4,a3,61,4a,1a,da,22,c1,ef,0b,3b,6d,82,db,44,ff,86,60,\
27,80,5a,e9,a4,a1,99,d2,ed,87,f6,7c,ee,52,83,71,9e,b4,76,13,47,fc,f6,55,1c,\
ea,0e,10,35,0a,45,8e,4d,3d,88,5e,3d,6e,ed,66,ab,fe,95,77,3a,fe,5b,37,24,d2,\
81,34,cc,a7,d8,39,90,87,4e,33,97,40,75,06,93,7d,25,78,01,34,e6,c9,20,b1,79,\
39,3f,14,8c,33,2b,4d,1c,57,37,06,5c,99,39,47,ad,ab,86,c9,60,d7,65,fe,fe,29,\
9e,fb,91,b4,ac,eb,ba,0e,2e,ac,b5,9e,f2,bc,1b,a2,65,2a,69,5e,8d,42,47,35,0c,\
68,25,74,38,84,0a,fe,52,c5,7a,c8,94,a5,2d,14,c4,d6,22,10,c8,e5,f0,2a,e9,94,\
3d,95,a4,7b,77,01,f7,5f,74,6d,43,41,51,46,c7,22,11,89,4a,ac,dd,61,fc,87,26,\
bb,78,ca,19,bd,fb,44,d8,3c,f6,1e,37,9a,9c,66,cc,d4,b7,ad,8a,53,2f,75,f0,93,\
36,aa,bd,95,61,70,da,5a,51,64,19,5c,08,a0,50,71,2b,c2,ef,13,f4,4f,4e,4e,4c,\
18,c1,15,a3,13,fd,91,21,e3,c0,27,7b,55,b4,80,33,f8,c9,16,85,be,2d,b2,14,a3,\
5b,c4,d9,29,ef,e4,3d,9e,f2,7e,ca,12,8e,04,e1,e0,3d,31,71,ea,86,52,74,39,a6,\
08,9d,9f,c5,85,52,cf,53,91,24,3d,68,49,fb,93,12,52,f4,b7,45,6f,5d,d2,3c,c6,\
5a,a4,bf,95,47,b4,b0,a0,49,09,6d,a9,e2,71,66,d9,2b,8f,40,29,65,ad,86,5c,89,\
a1,35,d3,09,72,ca,98,e5,b1,99,f8,7f,20,0b,90,7b,7e,fa,2a,a2,12,bd,51,bd,a4,\
e7,6f,f9,94,be,c7,9b,b7,7f,ff,e6,a4,a3,04,90,47,a4,be,2c,64,52,7a,e7,ce,90,\
75,9a,61,e6,94,8e,90,f0,14,47,f4,10,98,5b,9a,10,3f,a5,dd,98,f9,7d,01,5e,62,\
72,86,6b,78,19,d1,6c,95,e6,91,e9,fd,ea,9d,93,99,d3,cd,cf,ce,93,3d,3e,d3,4a,\
f1,ed,8b,2e,9a,f3,ac,cc,27,d9,64,6e,66,16,76,13,bc,de,00,cf,9e,bd,50,1e,bb,\
31,cc,ec,26,32,c7,c5,60,b3,2d,95,ea,38,f0,b8,61,da,86,14,e4,36,b7,01,be,98,\
34,02,ca,53,a3,3f,6e,7b,ed,45,01,78,28,01,04,99,46,1a,98,95,51,ed,05,2a,ba,\
46,a0,34,10,9b,d5,4c,c4,9b,c6,9e,4e,06,d7,9d,91,cc,bf,74,22,80,6c,03,0a,14,\
c0,2f,bc,f3,20,3b,41,25,e7,d7,63,3f,e2,94,44,dd,cf,c0,46,a9,74,df,5f,fb,1b,\
ae,83,73,0b,9a,9b,ee,5f,a0,d4,3e,1f,e5,9f,39,be,5d,29,d7,1c,c7,bf,fe,d3,c1,\
e4,dd,e5,fb,a3,47,62,3f,b2,44,54,16,3f,02,3c,ee,cb,5a,89,e2,f9,73,3b,96,b8,\
a3,8c,89,2f,da,81,a4,fc,1c,9e,2a,6b,53,d0,f3,3f,a2,9a,70,9d,69,5c,11,dd,3c,\
6e,6d,de,84,27,b1,bc,78,85,06,13,c6,92,b8,74,0e,9c,e3,7e,53,4d,fa,6d,03,89,\
fd,b0,04,cf,9f,e9,e8,57,55,df,8e,d0,c6,6d,68,67,e4,79,1e,15,e1,a1,fd,2a,67,\
68,9c,a0,6b,d1,63,ec,f5,68,e3,06,52,4d,b7,bc,5a,f7,2a,ef,ea,53,83,3a,60,4d,\
13,ff,f7,1c,fd,ba,f7,ca,6d,44,34,01,7f,a1,a5,83,55,c5,f7,f7,47,17,83,c3,d6,\
fa,c8,f4,d4,c4,83,7a,16,f7,79,c1,09,e7,bb,51,d4,48,5b,78,bd,37,1f,fd,a9,89,\
f4,a9,7c,3d,01,a4,86,c2,59,02,43,05,cb,03,a0,b5,da,51,99,0b,07,87,ca,44,3e,\
fa,77,8c,ad,50,9b,a4,ab,31,bb,7a,a7,6a,ca,c2,39,80,f0,ac,39,cb,60,ba,6d,3c,\
84,44,9f,2d,c6,4d,b8,c7,ca,2a,a4,ab,c4,9f,65,6c,4f,b3,5c,e8,67,f2,d3,69,22,\
58,58,69,57,a8,16,ab,f6,07,6d,f1,80,4a,a9,4b,9e,63,4d,8d,9d,25,62,dc,de,40,\
b2,e2,04,28,71,8e,22,04,dc,90,a8,69,27,7a,77,32,fa,35,92,3e,0e,d0,1c,fa,ed,\
31,2d,c3,31,05,7b,d0,58,e8,ad,60,bb,aa,c2,de,59,1a,91,b6,97,65,31,e9,c2,cc,\
30,68,3d,1a,00,09,fe,bb,a5,c9,f9,45,32,dd,14,2f,93,e6,71,25,8a,8b,cf,60,8a,\
4e,66,4a,34,66,71,32,d7,7c,7d,b8,33,38,9d,0a,65,ba,0c,f5,5a,e5,15,29,e4,fd,\
ee,62,4c,46,93,19,79,97,79,fb,11,c8,55,1c,16,fe,fb,d4,28,e0,6f,d3,b1,7e,99,\
b8,17,7c,4b,d1,fa,fc,dc,ae,a1,73,80,8b,85,fb,b1,3a,db,71,fe,97,c3,03,db,13,\
dc,93,04,c3,8e,45,84,4c,7b,44,35,04,d9,8c,12,4f,a9,fb,6d,9e,d6,27,89,6a,0c,\
c8,94,df,cc,da,e1,e7,e1,0d,4a,21,f0,3b,e1,24,c9,75,d0,f9,f7,26,fc,e6,e5,89,\
86,0d,43,ce,28,54,e8,d6,93,04,43,14,11,d5,d4,a0,f0,0b,c5,61,06,04,43,b7,7e,\
c2,1a,27,27,87,e0,4c,8a,9b,99,cd,7c,e3,b9,11,70,a0,c8,1f,25,05,bf,67,13,fe,\
79,7d,42,33,d7,b5,cb,f9,16,4f,6d,c6,6a,15,e8,82,ad,4f,07,9c,85,7f,03,1c,57,\
b8,d8,8d,d1,66,6d,3e,77,3b,3e,ee,4c,61,ea,f5,45,9e,89,74,d2,e1,16,06,3d,38,\
69,c7,da,75,cd,24,2f,d3,68,18,61,a3,5d,63,ad,69,10,4d,71,82,d8,05,79,d3,09,\
07,ef,15,1b,67,b7,d5,5b,89,62,ec,9e,87,f6,22,59,30,90,f2,fe,e7,e1,b4,57,79,\
89,ea,3c,55,f9,b7,c8,dd,b4,5c,3d,c6,3b,b1,35,dd,70,1d,bd,19,9b,92,29,70,7c,\
40,e6,82,3f,36,60,5d,c8,9c,83,b6,ca,d0,5a,50,24,77,2c,79,4e,f0,2a,f2,57,85,\
e6,f1,bf,e2,2e,4b,dc,3e,5e,44,c8,f6,cd,4e,d7,79,b9,7e,af,84,7c,39,8a,f8,6b,\
15,4c,52,37,ef,18,3d,d3,c9,8c,bf,4d,e7,e3,b9,0b,a0,39,96,05,fe,8b,80,5b,f4,\
46,50,1c,2a,d5,b4,73,96,8e,3a,f9,e0,fe,3b,53,f1,45,7a,0b,3b,c9,e6,1c,78,1f,\
93,ba,05,f4,ca,89,67,24,8e,c4,a5,72,97,26,77,21,9f,3e,8f
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\wscntfy.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-01-02 13:53:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-02 18:53:20

Pre-Run: 13,306,937,344 bytes free
Post-Run: 14,079,700,992 bytes free

539 --- E O F --- 2008-12-19 03:42:30




HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:48 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\bladehappy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11591 bytes





It never asked to install the Recovery Console, but it says I don't have it. Should I install it anyway?

[Shaba]

Yes, please follow instructions in my link to install recovery console, re-run combofix and post back a fresh HijackThis log, please.

[bladehappy]

New Combofix Log (if needed):

ComboFix 09-01-01.02 - Michael 2009-01-02 14:10:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1531 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\baghfqlq.ini
c:\windows\system32\ijaceskv.ini
c:\windows\system32\mrmsrtxr.ini
c:\windows\system32\srixbfxx.ini
c:\windows\system32\wabvbltc.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-28 17:56 . 2008-12-28 17:56 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 14:18 . 2008-12-28 14:18 95 --a------ c:\windows\wininit.ini
2008-12-28 13:45 . 2008-12-28 14:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 13:45 . 2008-12-28 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 16:04 . 2008-12-27 16:15 <DIR> d-------- c:\documents and settings\Michael\Application Data\Twain
2008-12-27 15:59 . 2008-12-27 17:42 <DIR> d-------- c:\program files\Webtools
2008-12-20 17:35 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-20 17:35 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-08 18:54 . 2008-12-08 18:54 <DIR> d-------- c:\program files\foobar2000
2008-12-08 18:54 . 2009-01-02 09:11 <DIR> d-------- c:\documents and settings\Michael\Application Data\foobar2000
2008-12-07 16:42 . 2008-12-07 16:42 <DIR> d-------- c:\program files\UnH Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 19:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-02 19:13 --------- d-----w c:\program files\Steam
2009-01-01 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-31 04:26 --------- d-----w c:\documents and settings\Michael\Application Data\uTorrent
2008-12-31 01:32 --------- d-----w c:\program files\War Craft III
2008-12-29 22:59 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 19:22 94,208 ----a-w c:\windows\ScUnin.exe
2008-12-21 05:04 --------- d-----w c:\documents and settings\Michael\Application Data\OpenOffice.org2
2008-12-20 23:31 --------- d-----w c:\documents and settings\Michael\Application Data\Xfire
2008-12-19 02:14 --------- d-s---w c:\program files\Xfire
2008-12-15 19:38 --------- d-----w c:\program files\WinVorbis
2008-12-15 19:38 --------- d-----w c:\program files\SpeedFan
2008-11-17 20:50 --------- d-----w c:\program files\Lavasoft
2008-11-17 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-17 20:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 06:10 --------- d-----w c:\program files\MSXML 6.0
2008-11-10 01:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 01:06 --------- d-----w c:\program files\Bethesda Softworks
2008-11-10 01:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-10 01:04 --------- d-----w c:\program files\MSBuild
2008-11-10 01:02 --------- d-----w c:\program files\Reference Assemblies
2007-12-30 00:51 22,328 ----a-w c:\documents and settings\Michael\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-10-18 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-10-04 50528]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8527872]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-09-23 2494464]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-04-29 4376328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-24 81920]
"Outpost Firewall"="c:\progra~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 91648]
"OutpostFeedBack"="c:\progra~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 356420]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-18 113152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-10-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-05-03 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtuUM]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\War Craft III\\Frozen Throne.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AeriaGames\\Project Torque\\ProjectTorque.bin"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.5.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\softsd\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Rohan\\rohanclient.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Michael\\Desktop\\LackeyCCG\\LackeyCCG\\LackeyCCG.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\GunzLauncher.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\Gunz.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\My Completed Downloads\\zunesetuppkg-x86(2).exe"=
"f:\\Program Files\\Starcraft\\StarCraft.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"11871:TCP"= 11871:TCP:utorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-06 97928]
R1 raddrvv3;raddrvv3;\??\c:\windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-06 76040]
R2 RServer3;Radmin Server V3;"c:\windows\system32\rserver30\RServer3.exe" /service [2008-04-24 1238344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-24 24652]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\DRIVERS\PRISMNDS.sys [2007-04-28 652288]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 17440]
S3 CCCP106;D-Link CIF Webcam;c:\windows\system32\DRIVERS\cccp106.sys [2007-12-22 227200]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 9024]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 9696]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys []
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-01-02 c:\windows\Tasks\awckpjzv.job
- c:\windows\system32\rundll32.exe [2006-02-28 07:00]

2009-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

2008-12-26 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{61D0D3D0-8771-4276-80E8-D54A10BE3BE8} - (no file)
BHO-{B09EEFB1-0E56-4091-9D59-80459C00EC74} - (no file)
BHO-{BF606CAD-3F81-499F-A54E-7081DD94BCCB} - (no file)


.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 14:14:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\DirectInput\ôu"oD’.*NULL*E*NULL*X*NULL*E*NULL*4*NULL*7*NULL*1*NULL*1*NULL*9*NULL*1*NULL*E*NULL*A*NULL*0*NULL*0*NULL*1*NULL*6*NULL*2*NULL*0*NULL*0*NULL*0*NULL*]
"Name"="???.EXE"
"UsesMapper"=hex:00,00,00,00

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:ec,8e,8c,78,f6,42,bb,21,bd,2d,bd,b7,d9,da,b6,c8,af,9b,bd,28,4b,75,44,\
e4,37,f0,96,6a,06,94,22,30,1f,0d,41,29,23,0f,22,b8,de,b0,25,e5,a9,0d,2d,85,\
18,3c,d3,08,b1,f7,d2,24,fc,af,ea,f7,81,d2,21,62,ea,0c,db,5d,e2,31,5b,10,c6,\
21,8b,77,07,ad,12,c3,3e,46,a0,d3,0b,51,8c,32,6a,1f,60,c8,52,68,e3,e0,8f,36,\
00,c5,ff,02,72,f9,5e,15,27,bb,4e,a0,f4,c2,6d,98,60,43,1a,09,24,49,29,98,3a,\
f0,b4,16,72,97,e9,60,8d,f5,83,a3,32,5a,28,8b,12,0b,6a,4d,5c,df,c3,b1,8d,b7,\
81,f4,85,66,d3,2d,43,c0,29,c3,3d,f8,59,77,f3,2b,08,3c,a9,26,34,91,26,2d,8e,\
ba,a4,56,05,dc,e4,73,9a,6f,70,c0,4c,a0,08,4e,6d,ef,20,86,a6,8a,5c,d1,70,82,\
15,89,d1,aa,13,62,52,df,fc,10,2f,ba,aa,b7,41,55,f7,d9,25,91,49,9c,ec,8b,7f,\
5c,48,6c,4d,e7,de,6f,e4,db,df,86,70,98,34,f7,2e,51,d4,3a,f3,95,8c,ea,bb,7d,\
34,41,1b,b9,37,b3,bc,40,0c,34,4a,44,33,fa,41,ea,a3,f8,a8,46,c3,e6,2e,e1,92,\
41,7e,da,38,3c,a3,fe,71,04,8c,65,14,da,57,52,0a,a3,82,05,07,ad,a2,be,02,52,\
38,a2,48,d1,c1,eb,82,ba,44,fd,24,1a,b2,6b,75,a5,6b,f8,c6,28,b6,12,bf,4c,19,\
b8,8e,11,2b,25,d0,d4,db,f8,91,94,3f,d4,7c,ec,ce,ce,52,e7,1f,7b,a1,de,6c,6c,\
da,17,ba,b6,a8,14,0f,58,cd,1d,7e,e5,d1,11,01,6c,54,b3,7c,91,1a,d8,be,ad,ac,\
52,a3,85,56,71,be,7f,da,88,6c,5a,2a,90,13,85,d9,cd,55,a9,ee,8e,5b,4b,3e,8f,\
7c,a4,7c,b3,7b,9f,cb,0f,97,f0,31,8c,7a,f3,23,5f,4a,7f,00,85,5d,73,b7,bd,cb,\
6b,14,cd,4f,b4,ae,2f,1b,8d,b5,29,9e,9a,ec,5f,53,16,bf,c0,95,e6,19,99,d3,cf,\
a6,3c,9f,fc,13,a4,e8,34,60,65,c9,9a,0f,fe,2c,8e,dd,68,de,2a,10,f6,e5,e4,1b,\
d3,ab,7a,2d,c6,06,09,70,b5,c3,c9,10,19,8c,b2,c3,b2,5e,ef,d9,a6,20,88,f1,63,\
54,aa,83,91,53,00,7c,1a,19,88,e3,3f,db,d1,c0,21,15,59,12,44,d4,55,71,2a,4e,\
a2,57,cd,47,32,ec,67,1c,9d,b5,67,46,de,20,a9,98,d9,3c,d9,6f,7e,5a,dd,8c,94,\
73,3d,9f,a7,4d,d9,0d,45,94,47,8a,e4,08,18,d4,c7,5e,43,b6,ac,2e,ee,c8,b9,2c,\
9e,e5,35,e0,3e,c2,23,9f,11,99,18,5e,dc,b5,46,b2,c2,ae,d1,ca,b4,3b,de,b2,98,\
b1,da,22,78,b5,58,57,33,db,b6,96,dc,b3,09,4b,36,fa,a7,b3,b7,1a,2e,9e,ec,ff,\
3d,1e,a0,d3,4a,4c,4d,2c,04,ba,b2,1e,a5,1b,c0,9e,77,ba,10,48,5e,0d,49,8f,f4,\
ef,32,88,6e,6c,61,e4,07,68,00,19,9b,83,a4,42,c5,5a,7a,bc,44,95,00,99,e5,0d,\
96,bd,b3,7b,2c,65,2c,a7,ad,f8,da,8d,c8,22,5c,1f,ec,ee,b7,2c,4b,b8,61,0c,18,\
1f,53,0d,6b,3a,a7,c5,a3,55,4e,a8,25,07,93,9c,62,d2,28,5c,fc,66,46,68,0c,53,\
48,52,9b,c9,46,15,16,5f,9c,aa,4f,54,b5,4a,23,35,8b,90,0e,cc,4b,be,a9,8a,f6,\
e6,28,52,ed,24,dc,82,dc,8c,9f,b7,f3,dd,1e,ed,c0,ed,9d,03,65,03,3b,69,96,90,\
f4,f2,0c,f0,9a,82,4e,d7,19,ba,f6,91,7e,66,91,4f,3d,b1,d2,d2,bb,ef,0e,9c,01,\
69,9c,d2,65,4b,24,92,74,aa,55,51,c8,ab,4d,14,fd,3c,95,e7,97,10,93,da,56,ed,\
89,33,1a,a0,91,af,9a,37,8a,69,35,d4,6f,28,c6,14,e5,3c,97,ca,90,0a,a8,0f,46,\
16,71,c3,98,a8,d7,62,80,2c,96,5b,6c,8e,52,2c,3f,d7,79,2b,fc,bc,77,73,2e,72,\
de,77,66,0c,33,42,0b,39,8b,bf,57,30,11,18,a5,60,a3,6a,ee,24,e8,b5,b1,37,19,\
3d,2c,99,4c,80,d9,97,54,66,49,d3,88,74,8a,ec,c4,22,6f,8d,12,5d,22,e1,07,0d,\
28,e4,01,83,25,8e,61,e9,54,29,20,d6,a0,ce,f3,3f,9f,21,40,be,31,a3,ae,53,b2,\
fc,25,d4,8e,5b,8e,c4,9b,43,15,c7,ab,d0,89,42,08,5b,8b,59,fe,1f,c1,f9,b4,ae,\
9a,94,25,b2,4a,19,24,b4,44,4d,d9,a7,a4,08,d5,e9,5e,70,29,1b,09,07,cb,04,b1,\
0a,21,ee,2c,1d,74,9a,a8,21,84,0f,d0,1a,65,c8,b3,73,dd,1e,27,4e,1f,0d,a9,e8,\
3d,90,47,21,83,f7,df,03,9f,73,97,64,6d,46,ed,05,2e,93,e6,6a,26,ab,66,42,4f,\
a2,35,0e,eb,74,d3,66,69,12,69,32,62,27,cb,55,1e,93,e4,4a,6c,b6,c4,0d,af,b8,\
bd,2c,f0,a0,d3,a5,5b,6b,c2,9d,2f,b4,0c,16,47,12,36,ce,c8,41,ae,f4,1c,90,71,\
db,63,3b,ea,64,ee,9d,ab,0f,33,cf,43,91,ad,37,39,ff,78,5b,ba,67,e5,5c,ed,74,\
89,78,e6,a4,3b,40,20,95,0b,28,4b,54,cb,ab,49,38,0d,9c,a4,5d,02,81,fd,8b,d0,\
70,fe,f9,1e,0e,d9,72,d8,69,15,88,85,94,28,bc,71,5d,f8,e7,72,fc,66,37,07,f2,\
c4,ea,50,0e,0e,72,0b,51,1a,9f,0e,31,19,95,2e,c1,d2,b9,6a,97,c1,84,35,17,34,\
43,d5,77,4d,48,e2,e2,75,85,73,3e,7c,f2,b0,30,1b,98,1a,5b,d0,a2,e2,96,71,77,\
33,e2,ed,80,10,06,97,5b,99,e4,13,27,05,be,25,84,88,2e,d1,d1,d3,29,82,ea,af,\
70,0b,55,c4,aa,34,cf,84,0e,e2,e0,53,ce,e4,fe,ea,04,e2,f2,bc,65,4b,40,73,57,\
19,32,47,f5,8b,b9,c4,2a,39,f1,bf,d1,48,a5,8d,44,b9,03,b8,b8,27,cd,86,d2,6a,\
f3,ee,4a,c0,e6,5b,b9,41,51,7f,f8,db,7e,69,43,3c,27,46,78,2c,60,07,e0,d2,d0,\
9f,68,f3,d5,a0,58,bd,35,7f,76,75,49,5b,c6,b0,03,cf,22,4a,e7,a9,86,15,6e,af,\
c0,84,5b,da,e2,29,75,84,32,3a,48,23,d6,98,c4,b9,64,cb,a1,2a,15,1f,8c,20,4f,\
98,dd,01,f3,f1,bd,ab,70,7a,f7,b7,98,39,3f,6a,02,9d,d6,99,99,19,f9,21,04,28,\
52,6e,7c,cf,48,28,9c,79,e6,53,64,97,cc,a0,7d,10,91,04,79,4b,65,97,84,93,18,\
0b,5e,26,47,0b,9c,ec,74,02,a1,8a,1c,8b,70,61,14,a5,65,66,3c,38,6c,0a,28,b4,\
09,c9,22,71,d1,fd,33,30,06,95,b8,83,21,09,71,58,8c,ed,8d,4c,b2,53,32,9d,53,\
8e,35,34,74,37,7f,23,92,5e,ef,99,1d,17,b6,c9,1e,75,1a,d6,4b,7c,d3,bc,7b,4e,\
58,6f,ae,35,a6,5a,79,b4,fa,dc,2c,cb,1e,93,10,9c,6f,24,85,e2,1e,bd,16,4b,86,\
7e,30,c5,2f,3b,52,27,9c,32,30,6c,35,c3,0c,12,93,4c,88,ec,ea,7b,3c,22,ca,cc,\
64,54,8a,cf,39,47,e3,61,8d,ae,c2,21,1d,33,e6,23,6d,5b,df,c7,8a,8d,6a,48,04,\
2a,41,ac,8e,9f,6f,ef,ae,ef,46,e6,9c,48,c6,c1,e4,7c,75,4f,65,2d,b8,c9,02,df,\
61,05,e8,61,b3,96,14,5d,12,c5,94,df,67,09,60,2e,cd,c1,94,e5,b6,6a,92,02,5d,\
14,98,eb,64,e5,e3,06,bc,8c,0b,86,ec,00,16,5d,5d,6e,05,cc,ff,6e,6f,7b,7f,83,\
44,bb,2b,c4,8a,6f,05,10,0f,31,e1,df,cc,9f,d9,96,d6,64,a4,56,61,0e,4e,d3,06,\
9a,da,5d,61,ac,fb,cd,73,a7,97,fd,d2,8f,c0,24,ea,5b,77,73,29,46,46,08,bb,22,\
4c,8e,cd,59,b9,35,5a,a2,cd,a2,4e,7d,de,82,64,72,fd,b7,a6,99,5e,21,f0,61,2a,\
b0,e8,42,b7,19,4c,9d,0c,a5,0b,1a,27,04,e2,dd,ba,b1,af,d9,d9,d0,bf,01,17,80,\
2c,37,dc,ee,7e,3a,6b,5a,22,0a,45,d2,10,d5,c3,b2,89,2d,aa,36,b9,fb,58,ce,51,\
a3,8d,e9,d1,01,f2,1b,22,3c,76,af,49,05,9c,8a,0a,8e,2b,93,ce,49,e0,ed,57,91,\
97,f6,fe,83,2f,75,b4,fe,d6,14,56,1a,b7,0d,e2,1a,21,53,1f,59,be,a9,a6,7e,9d,\
fb,e6,34,5a,ea,86,4f,47,eb,47,8f,82,f6,bf,e4,94,e9,5c,bc,0e,cb,ca,d9,ce,41,\
37,07,03,f4,6f,04,d7,6f,5c,85,81,36,88,65,ee,1e,9a,f0,23,19,4b,eb,6e,5a,ed,\
8f,9b,c2,85,3f,b3,c1,29,58,cd,c9,34,41,f0,02,8f,f7,88,fc,8f,65,6c,3b,8f,60,\
1c,bf,0b,ef,75,e7,54,0a,99,1b,01,ca,a2,bf,5f,6e,f6,14,14,cb,1e,03,25,ee,61,\
36,11,14,e9,a7,bc,ff,67,fc,84,92,c0,6e,48,f4,53,5a,25,ae,e4,82,d4,ce,ec,7c,\
81,aa,26,b3,68,c5,dd,a2,d5,d2,02,6d,7c,40,d3,b7,c0,40,97,d9,f9,ee,d2,2b,82,\
fd,b6,2f,8f,d3,e8,b1,84,93,2d,e9,6d,55,73,54,63,09,d5,0a,cd,f6,d9,19,b8,d3,\
84,2d,ea,90,7c,74,5c,14,01,a4,e9,5c,0c,fa,0a,33,1c,7e,fe,e1,0e,97,2c,f3,20,\
10,f6,9c,de,0b,36,2f,8e,1b,28,75,8b,47,62,9d,cd,2b,52,e3,ac,2a,be,c8,47,56,\
92,c7,78,3d,32,1d,8c,40,bc,f5,02,c3,57,26,e2,b1,a5,19,55,e8,44,82,d7,09,be,\
57,48,bd,22,9e,e7,dc,eb,31,e2,41,13,c6,2d,4a,2f,c0,32,06,80,49,2c,b3,be,34,\
82,48,40,61,40,55,ef,ab,f7,c4,fa,e8,df,d0,ab,0c,ba,fc,f1,de,86,fe,ab,f9,1a,\
f0,20,66,84,5b,f7,94,92,42,b1,0b,89,00,e1,e3,6b,a8,bd,49,54,f4,70,57,4e,54,\
c3,cc,f9,4c,c3,c4,e9,b4,c3,bc
"??"=hex:bb,40,94,9c,6a,80,2e,00,eb,37,9f,34,fd,35,40,bb

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\License information*NULL*]
"datasecu"=hex:1c,1b,96,36,82,0c,8b,5a,8b,ae,d2,b5,af,c9,0b,34,05,61,70,cf,83,\
5e,6a,df,85,ad,ee,ad,5e,f3,60,2a,e9,d4,7e,22,b8,14,2f,b2,96,c9,6c,4f,1a,8a,\
3a,8a,4e,b1,68,fb,c7,60,da,e6,88,74,db,f3,40,02,a0,f2,20,60,bf,f5,ff,46,8b,\
42,4d,21,db,1d,66,e5,b0,a3,50,7e,69,ca,fa,cb,eb,9f,23,43,53,2e,8e,55,06,6f,\
95,e1,05,d4,f2,54,e0,bc,5a,31,c4,21,86,38,49,c9,8e,de,2f,01,80,ec,57,7d,b2,\
1d,9f,ab,74,3c,25,fd,78,8b,2f,f7,01,fc,a4,74,8c,a0,7a,c8,fb,89,ab,4c,a9,29,\
c2,61,fa,ee,1a,08,7b,81,c5,6b,61,04,3a,bb,54,3b,ab,11,17,e8,bc,10,a1,e8,1e,\
0b,64,25,ff,6e,0d,53,cc,86,e6,34,f4,ff,6a,f1,c2,9e,a5,2c,7c,6e,5a,44,56,3f,\
f6,01,6b,f4,a7,14,3b,0a,85,99,92,a5,84,fd,94,db,29,98,36,5b,44,12,44,c9,d8,\
4e,de,ea,b8,93,b7,f2,78,ca,5b,1e,82,b7,ce,24,0a,b9,04,87,d1,b8,26,dc,9d,68,\
8c,f6,87,e7,32,ec,22,c7,6a,07,f2,5e,7b,a3,95,8c,a9,67,58,68,f4,a6,ef,2c,ec,\
b8,c5,f8,aa,4a,fe,19,97,30,ab,d7,49,5c,e5,c2,69,7e,f3,4c,44,f2,9c,8b,49,c1,\
16,2b,6f,bf,54,f4,6a,1f,01,72,b8,97,60,af,c3,b8,c9,9a,eb,02,4c,39,9c,b8,ef,\
c5,94,f3,9d,8a,6d,fa,45,c9,cb,bd,dd,9d,58,89,67,56,11,ec,db,ad,01,67,04,9e,\
3e,d1,f6,5f,af,b7,66,eb,17,8d,f2,ba,e8,e6,ea,86,5d,94,fd,4d,82,b7,f7,35,da,\
7c,2b,32,14,8d,c0,1b,2b,ff,a6,b4,08,d6,a0,1b,90,37,be,db,2c,06,5b,95,1c,1e,\
b6,48,b8,82,0d,91,8d,ab,46,97,44,b6,64,67,b2,62,4c,70,9d,88,c7,21,4a,6e,02,\
c4,17,86,35,28,da,73,91,c7,17,45,fc,4e,78,04,34,6f,1d,93,45,06,6f,3f,64,44,\
d6,94,a4,56,9f,85,0a,6d,10,da,e6,ff,2f,b8,dd,37,3d,46,e4,ef,07,6a,ea,3c,da,\
9d,de,2a,85,f6,a2,45,4e,ef,0e,24,6b,f8,48,84,8f,af,93,69,c3,c5,5e,a2,06,ba,\
2f,37,36,00,b0,4b,22,24,e4,1b,cd,21,42,29,cc,a8,d9,ac,d8,fd,de,1e,38,93,fb,\
e1,ce,40,be,19,81,15,53,32,16,8a,f7,0f,14,53,9e,0c,fc,d5,99,fe,df,b5,be,60,\
cb,37,a8,a7,fa,8d,e9,99,37,32,ba,2e,bc,15,2b,4a,4b,59,b2,e4,bb,3d,d7,46,8a,\
2f,7e,c6,1a,88,a0,98,d8,a6,5c,57,d3,17,6d,32,db,84,5c,c1,2f,55,31,22,1c,99,\
f5,ad,d7,f3,3e,7a,d7,01,aa,f5,a5,78,3d,e2,c2,fd,fb,2d,93,b8,bc,e7,40,30,69,\
07,5f,d7,1f,d6,d5,7b,3c,9c,d3,ff,96,cf,0d,7c,b5,20,a7,2f,47,0c,65,57,12,15,\
02,ed,3a,ab,07,66,99,f1,a1,46,fb,e4,fc,26,19,af,5a,a2,34,99,3b,29,76,74,f8,\
68,ba,75,43,33,af,b1,52,00,1a,24,30,70,f6,31,0f,ea,aa,82,3f,b0,74,f3,a4,8b,\
18,65,cc,8f,ec,88,04,83,03,f5,46,4f,47,22,f5,2f,a5,be,65,af,f2,5c,4c,6a,40,\
d5,8b,49,79,fb,4a,09,4c,1b,75,53,76,93,2e,cb,8d,ca,9b,5f,f4,08,29,47,22,fe,\
a1,7e,34,43,8a,8b,34,05,3e,95,dd,78,66,0b,6d,ca,ec,c2,6a,a8,81,d1,2a,1b,75,\
ff,7d,10,98,b6,c8,a9,56,13,1b,37,ad,61,82,13,f7,4e,2d,3b,2e,19,e2,35,3e,25,\
fc,6f,d5,b1,8d,ef,21,0a,db,75,c0,b4,87,2a,24,f5,9c,eb,35,40,58,69,fe,9f,50,\
23,e1,d3,ae,ca,7e,c1,17,a2,c2,f7,e5,28,aa,b2,2b,02,58,2b,d3,59,e1,0b,76,3f,\
94,d3,7f,ab,a6,a1,93,50,3f,00,1e,c1,94,0c,0d,79,d7,5e,c8,0f,a3,89,67,14,2c,\
b2,2b,36,f9,b6,1c,fb,e6,f7,84,85,76,e1,c4,2b,56,5a,95,4a,37,24,54,db,4c,03,\
ca,39,24,13,45,37,d9,e6,b0,c7,f3,dd,80,ae,7d,4d,fa,9d,20,68,22,80,88,94,a4,\
a0,7c,e5,23,b2,99,3f,07,cb,f1,48,b6,83,be,b4,75,69,f1,59,4b,af,cc,54,6e,e5,\
9a,b3,71,f8,1b,31,60,9f,42,74,97,dc,5e,e8,d2,fa,9d,59,bd,0e,15,2a,bf,a8,34,\
bf,3a,96,f8,80,9e,75,4c,98,02,09,a1,70,12,1f,e1,3e,4b,85,c5,cc,75,7d,02,f7,\
58,57,7c,b0,4b,6a,52,64,af,ed,90,fd,e3,b0,b6,cb,26,60,7a,21,b5,cf,3a,25,1c,\
ef,26,5f,7c,96,cb,ab,49,cc,1a,d3,38,d7,d6,80,40,bb,e3,79,f2,63,1f,a2,6c,ea,\
d7,6a,74,7e,96,f6,6b,af,03,de,68,8c,39,04,05,c7,9f,43,f3,f1,89,76,30,da,b0,\
50,5b,a1,f7,ab,b5,f0,1d,8c,b2,3f,43,8f,f5,d7,3a,81,a2,02,20,5b,22,3c,8b,97,\
33,d9,af,8f,85,41,e8,62,14,3c,8f,40,2b,64,3e,b4,f6,bc,78,a0,fc,65,8c,99,4a,\
81,6e,1e,0b,5e,a8,52,1a,5b,de,56,4a,60,cf,4d,2c,b3,d0,6d,f4,4f,69,46,27,45,\
3c,27,3d,c4,53,73,63,75,90,6f,3e,00,ab,c4,e3,6c,a5,a2,1f,04,89,db,77,fd,d9,\
02,3c,4f,4c,2f,99,52,84,24,ea,3b,e9,d1,7a,91,0a,80,f6,e3,5d,5d,c7,ab,06,1e,\
2e,43,6b,60,36,fe,1b,f5,44,2e,ca,ac,75,bc,14,23,63,1c,86,69,80,cc,ee,08,2b,\
ae,a2,9e,a5,22,bb,41,95,ab,cb,33,5f,82,04,f4,bb,28,8d,5f,e4,ea,79,65,d8,76,\
6d,45,2f,ab,28,fb,22,c4,92,ab,c9,4f,eb,5a,17,8c,6c,35,4b,49,c4,05,43,52,c4,\
57,16,af,a3,92,76,d5,db,be,51,55,f0,b8,a1,bb,bc,5c,cd,4c,b6,04,c7,67,10,a0,\
e8,25,8c,08,56,42,e7,bb,dc,4d,15,7e,38,85,71,31,69,ff,df,cf,6d,cc,2f,48,aa,\
c4,e3,c4,00,5c,7f,e8,1b,02,fc,0d,0a,3d,3d,d0,0d,6f,fb,0e,5b,21,39,e6,21,68,\
7f,6b,47,59,ff,4c,cf,28,bb,26,a4,a8,58,2b,11,79,16,94,43,1c,86,08,62,6e,a4,\
85,dd,62,96,23,7c,09,25,c8,ed,6a,f2,19,8b,e0,f6,f1,2a,f9,da,69,ca,ab,04,d3,\
c9,fe,a4,14,80,af,3f,d2,c5,47,02,27,fc,ea,32,c5,6d,30,76,1b,a1,9f,be,bf,7d,\
01,26,45,26,d1,16,f8,d7,4c,74,0e,6c,17,92,80,cd,a7,42,9b,ea,ff,7a,4f,0b,32,\
98,4d,7f,dd,f0,26,7c,3e,94,1b,e6,b9,37,b0,90,f4,15,ed,ae,3d,51,c2,b3,ee,1d,\
34,45,41,cb,f8,66,82,fa,14,59,b8,c3,7b,7c,9d,6a,13,c4,2b,ac,0d,44,9f,ae,98,\
cb,04,78,48,06,9c,2a,08,a1,8c,61,c0,47,ba,8c,76,b3,48,b2,61,67,bd,ec,f2,61,\
75,de,aa,a8,34,fc,06,7a,dc,d1,27,f7,bf,07,37,1d,0e,79,a6,91,3b,e8,c5,93,21,\
20,81,8e,6a,ec,5d,55,55,04,7c,f0,89,b8,98,29,87,88,57,92,f4,fc,2d,76,c0,e3,\
9e,c6,74,66,b7,3d,d0,9c,46,1a,e6,e9,8d,eb,84,7c,0a,bf,6e,ec,eb,7d,c5,49,eb,\
c7,26,7a,c1,96,68,c6,af,2f,ec,86,76,32,e6,fd,a8,c9,9c,6b,a2,3a,cd,08,4b,4f,\
63,75,c8,80,8a,7c,ef,ea,ad,1f,9c,29,2c,49,79,b6,da,d9,af,e5,b8,bd,a2,74,7e,\
7d,78,d5,82,80,ea,29,a4,a3,61,4a,1a,da,22,c1,ef,0b,3b,6d,82,db,44,ff,86,60,\
27,80,5a,e9,a4,a1,99,d2,ed,87,f6,7c,ee,52,83,71,9e,b4,76,13,47,fc,f6,55,1c,\
ea,0e,10,35,0a,45,8e,4d,3d,88,5e,3d,6e,ed,66,ab,fe,95,77,3a,fe,5b,37,24,d2,\
81,34,cc,a7,d8,39,90,87,4e,33,97,40,75,06,93,7d,25,78,01,34,e6,c9,20,b1,79,\
39,3f,14,8c,33,2b,4d,1c,57,37,06,5c,99,39,47,ad,ab,86,c9,60,d7,65,fe,fe,29,\
9e,fb,91,b4,ac,eb,ba,0e,2e,ac,b5,9e,f2,bc,1b,a2,65,2a,69,5e,8d,42,47,35,0c,\
68,25,74,38,84,0a,fe,52,c5,7a,c8,94,a5,2d,14,c4,d6,22,10,c8,e5,f0,2a,e9,94,\
3d,95,a4,7b,77,01,f7,5f,74,6d,43,41,51,46,c7,22,11,89,4a,ac,dd,61,fc,87,26,\
bb,78,ca,19,bd,fb,44,d8,3c,f6,1e,37,9a,9c,66,cc,d4,b7,ad,8a,53,2f,75,f0,93,\
36,aa,bd,95,61,70,da,5a,51,64,19,5c,08,a0,50,71,2b,c2,ef,13,f4,4f,4e,4e,4c,\
18,c1,15,a3,13,fd,91,21,e3,c0,27,7b,55,b4,80,33,f8,c9,16,85,be,2d,b2,14,a3,\
5b,c4,d9,29,ef,e4,3d,9e,f2,7e,ca,12,8e,04,e1,e0,3d,31,71,ea,86,52,74,39,a6,\
08,9d,9f,c5,85,52,cf,53,91,24,3d,68,49,fb,93,12,52,f4,b7,45,6f,5d,d2,3c,c6,\
5a,a4,bf,95,47,b4,b0,a0,49,09,6d,a9,e2,71,66,d9,2b,8f,40,29,65,ad,86,5c,89,\
a1,35,d3,09,72,ca,98,e5,b1,99,f8,7f,20,0b,90,7b,7e,fa,2a,a2,12,bd,51,bd,a4,\
e7,6f,f9,94,be,c7,9b,b7,7f,ff,e6,a4,a3,04,90,47,a4,be,2c,64,52,7a,e7,ce,90,\
75,9a,61,e6,94,8e,90,f0,14,47,f4,10,98,5b,9a,10,3f,a5,dd,98,f9,7d,01,5e,62,\
72,86,6b,78,19,d1,6c,95,e6,91,e9,fd,ea,9d,93,99,d3,cd,cf,ce,93,3d,3e,d3,4a,\
f1,ed,8b,2e,9a,f3,ac,cc,27,d9,64,6e,66,16,76,13,bc,de,00,cf,9e,bd,50,1e,bb,\
31,cc,ec,26,32,c7,c5,60,b3,2d,95,ea,38,f0,b8,61,da,86,14,e4,36,b7,01,be,98,\
34,02,ca,53,a3,3f,6e,7b,ed,45,01,78,28,01,04,99,46,1a,98,95,51,ed,05,2a,ba,\
46,a0,34,10,9b,d5,4c,c4,9b,c6,9e,4e,06,d7,9d,91,cc,bf,74,22,80,6c,03,0a,14,\
c0,2f,bc,f3,20,3b,41,25,e7,d7,63,3f,e2,94,44,dd,cf,c0,46,a9,74,df,5f,fb,1b,\
ae,83,73,0b,9a,9b,ee,5f,a0,d4,3e,1f,e5,9f,39,be,5d,29,d7,1c,c7,bf,fe,d3,c1,\
e4,dd,e5,fb,a3,47,62,3f,b2,44,54,16,3f,02,3c,ee,cb,5a,89,e2,f9,73,3b,96,b8,\
a3,8c,89,2f,da,81,a4,fc,1c,9e,2a,6b,53,d0,f3,3f,a2,9a,70,9d,69,5c,11,dd,3c,\
6e,6d,de,84,27,b1,bc,78,85,06,13,c6,92,b8,74,0e,9c,e3,7e,53,4d,fa,6d,03,89,\
fd,b0,04,cf,9f,e9,e8,57,55,df,8e,d0,c6,6d,68,67,e4,79,1e,15,e1,a1,fd,2a,67,\
68,9c,a0,6b,d1,63,ec,f5,68,e3,06,52,4d,b7,bc,5a,f7,2a,ef,ea,53,83,3a,60,4d,\
13,ff,f7,1c,fd,ba,f7,ca,6d,44,34,01,7f,a1,a5,83,55,c5,f7,f7,47,17,83,c3,d6,\
fa,c8,f4,d4,c4,83,7a,16,f7,79,c1,09,e7,bb,51,d4,48,5b,78,bd,37,1f,fd,a9,89,\
f4,a9,7c,3d,01,a4,86,c2,59,02,43,05,cb,03,a0,b5,da,51,99,0b,07,87,ca,44,3e,\
fa,77,8c,ad,50,9b,a4,ab,31,bb,7a,a7,6a,ca,c2,39,80,f0,ac,39,cb,60,ba,6d,3c,\
84,44,9f,2d,c6,4d,b8,c7,ca,2a,a4,ab,c4,9f,65,6c,4f,b3,5c,e8,67,f2,d3,69,22,\
58,58,69,57,a8,16,ab,f6,07,6d,f1,80,4a,a9,4b,9e,63,4d,8d,9d,25,62,dc,de,40,\
b2,e2,04,28,71,8e,22,04,dc,90,a8,69,27,7a,77,32,fa,35,92,3e,0e,d0,1c,fa,ed,\
31,2d,c3,31,05,7b,d0,58,e8,ad,60,bb,aa,c2,de,59,1a,91,b6,97,65,31,e9,c2,cc,\
30,68,3d,1a,00,09,fe,bb,a5,c9,f9,45,32,dd,14,2f,93,e6,71,25,8a,8b,cf,60,8a,\
4e,66,4a,34,66,71,32,d7,7c,7d,b8,33,38,9d,0a,65,ba,0c,f5,5a,e5,15,29,e4,fd,\
ee,62,4c,46,93,19,79,97,79,fb,11,c8,55,1c,16,fe,fb,d4,28,e0,6f,d3,b1,7e,99,\
b8,17,7c,4b,d1,fa,fc,dc,ae,a1,73,80,8b,85,fb,b1,3a,db,71,fe,97,c3,03,db,13,\
dc,93,04,c3,8e,45,84,4c,7b,44,35,04,d9,8c,12,4f,a9,fb,6d,9e,d6,27,89,6a,0c,\
c8,94,df,cc,da,e1,e7,e1,0d,4a,21,f0,3b,e1,24,c9,75,d0,f9,f7,26,fc,e6,e5,89,\
86,0d,43,ce,28,54,e8,d6,93,04,43,14,11,d5,d4,a0,f0,0b,c5,61,06,04,43,b7,7e,\
c2,1a,27,27,87,e0,4c,8a,9b,99,cd,7c,e3,b9,11,70,a0,c8,1f,25,05,bf,67,13,fe,\
79,7d,42,33,d7,b5,cb,f9,16,4f,6d,c6,6a,15,e8,82,ad,4f,07,9c,85,7f,03,1c,57,\
b8,d8,8d,d1,66,6d,3e,77,3b,3e,ee,4c,61,ea,f5,45,9e,89,74,d2,e1,16,06,3d,38,\
69,c7,da,75,cd,24,2f,d3,68,18,61,a3,5d,63,ad,69,10,4d,71,82,d8,05,79,d3,09,\
07,ef,15,1b,67,b7,d5,5b,89,62,ec,9e,87,f6,22,59,30,90,f2,fe,e7,e1,b4,57,79,\
89,ea,3c,55,f9,b7,c8,dd,b4,5c,3d,c6,3b,b1,35,dd,70,1d,bd,19,9b,92,29,70,7c,\
40,e6,82,3f,36,60,5d,c8,9c,83,b6,ca,d0,5a,50,24,77,2c,79,4e,f0,2a,f2,57,85,\
e6,f1,bf,e2,2e,4b,dc,3e,5e,44,c8,f6,cd,4e,d7,79,b9,7e,af,84,7c,39,8a,f8,6b,\
15,4c,52,37,ef,18,3d,d3,c9,8c,bf,4d,e7,e3,b9,0b,a0,39,96,05,fe,8b,80,5b,f4,\
46,50,1c,2a,d5,b4,73,96,8e,3a,f9,e0,fe,3b,53,f1,45,7a,0b,3b,c9,e6,1c,78,1f,\
93,ba,05,f4,ca,89,67,24,8e,c4,a5,72,97,26,77,21,9f,3e,8f
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-02 14:20:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-02 19:19:57
ComboFix2.txt 2009-01-02 18:53:24

Pre-Run: 14,033,825,792 bytes free
Post-Run: 14,037,667,840 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

499 --- E O F --- 2008-12-19 03:42:30




New HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:59 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\bladehappy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJAtuUM - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11583 bytes

[Shaba]

We need first to disable TeaTimer that it doesn''t interfere with fixes. You can re-enable it when you''re clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.Open notepad and copy/paste the text in the codebox below into it:

Code:

File::
c:\windows\Tasks\awckpjzv.job

Folder::
c:\documents and settings\Michael\Application Data\Twain
c:\program files\Webtools
c:\documents and settings\Michael\Application Data\uTorrent
c:\Program Files\uTorrent
c:\Program Files\FrostWire

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\utorrent.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11871:TCP"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

[bladehappy]

ComboFix Log:

ComboFix 09-01-01.02 - Michael 2009-01-02 14:40:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1512 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point

FILE ::
c:\windows\Tasks\awckpjzv.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Michael\Application Data\Twain
c:\documents and settings\Michael\Application Data\uTorrent
c:\documents and settings\Michael\Application Data\uTorrent\(PC Game) WarCraft III - Reign of Chaos - (Plus Serial & Crack).torrent
c:\documents and settings\Michael\Application Data\uTorrent\[DB]_Naruto_133_[B1F3ED83].avi.torrent
c:\documents and settings\Michael\Application Data\uTorrent\[DB]_Naruto_134_[BBF21131].avi.torrent
c:\documents and settings\Michael\Application Data\uTorrent\[oS] [Full PC Games] Grand Theft Auto San Andreas.torrent
c:\documents and settings\Michael\Application Data\uTorrent\10,000serials.torrent
c:\documents and settings\Michael\Application Data\uTorrent\2004 - Wintersun.torrent
c:\documents and settings\Michael\Application Data\uTorrent\3D??????.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.torrent
c:\documents and settings\Michael\Application Data\uTorrent\age of empires 2 + conqueror & all in one !!.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\age of empires 2 + conqueror & all in one !!.torrent
c:\documents and settings\Michael\Application Data\uTorrent\AMV Hell 4 - The Last One.mp4.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Bathory - Nordland.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Binktopia_Bleach_304.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\BIOSHOCK.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Blind Guardian - A Night At The Opera - L.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\C_SKIES_102.mdf.torrent
c:\documents and settings\Michael\Application Data\uTorrent\COD4 Call of Duty 4 Free Hamachi Online Multiplayer Kit 1.5 by Bozo.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\COMBATFS.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Conquer_v4354_10.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Conquer070405.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Crimson.Skies.Eng.Single.Or.Multiplayer.Air.War.Simmulator-mIrAkElHuMlAn.torrent
c:\documents and settings\Michael\Application Data\uTorrent\dht.dat
c:\documents and settings\Michael\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\Dropkick_Murphys-The_Gangs_All_Here-1999.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Dropkick_Murphys-The_Meanest_Of_Times-(Advance)-2007-RTB.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Ensiferum - Iron (2004).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Everquest Titanium.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\EverQuest Titanium.torrent
c:\documents and settings\Michael\Application Data\uTorrent\FirstStrike_V1.1_Full.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Flight Unlimited.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Forgotten Hope 2.0.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Frets on Fire.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\FretsOnFire.7z.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\FretsOnFire.7z.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Full Metal Jacket[1987][Remastered 2007][Eng][Dvdrip]-freakzilla.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Giants Citizen Kabuto.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Giants Citizen Kabuto.torrent
c:\documents and settings\Michael\Application Data\uTorrent\granadoespada.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\granadoespada.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand Theft Auto San Andreas HOODLUM.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand Theft Auto San Andreas HOODLUM.2.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand Theft Auto San Andreas HOODLUM.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.2.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.3.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.4.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.5.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-Steffmeister.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas.CRACK-HOODLUM.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry Potter And The Deathly Hallows.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry.Potter.&.The.Order.Of.The.Phoenix(2007).XViD[Eng].Fantastic.Quality.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry.Potter.And.The.Order.Of.The.Phoenix - Good Quality - Full Length - Sample Included.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry.Potter.And.The.Order.Of.The.Phoenix.CAM.XviD-CANALSTREET.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry_Potter_7_-_And_The_Deathly_Hallows_EBOOK-KG.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Hellsing.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Iced Earth - Something Wicked This Way Comes [for www.p2p-world.dl.am].rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Iced_Earth_-_Tribute_To_The_Gods_-_Released_By_LuCaS_SoAd.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kamelot - The Black Halo - 2005.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Korpiklaani.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator - 1999 - Endorama.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator - Pleasure To Kill.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator Enemy of God.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator Enemy of God.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kung Pow, Enter The Fist (2002) (Dvd Rip OF) (Eng).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Lamb Of God - Sacrament.torrent
c:\documents and settings\Michael\Application Data\uTorrent\machine head-through the ashes of empires.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Medieval.2.Total.War-RELOADED.torrent
c:\documents and settings\Michael\Application Data\uTorrent\MERCENARY - 4 (All) Studio Albums^WaPo (Melodic Death Metal).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Mercenary_-_Architect_Of_Lies_(2008).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Microsoft Office 2007 Enterprise - Full Version.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Monty Python and the Holy Grail (Darkside_RG).1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Monty Python and the Holy Grail (Darkside_RG).torrent
c:\documents and settings\Michael\Application Data\uTorrent\MS Office 2007.iso.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Outworld-Outworld-Promo-2006-DJH_INT.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Pack 2.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Picture Publisher 10 Pro.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Radmin Remote Administrator 3.2 With Crack(Working).rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Rage Against The Machine - Battle Of Duesseldorf.torrent
c:\documents and settings\Michael\Application Data\uTorrent\resume.dat
c:\documents and settings\Michael\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\Rome Total War.torrent
c:\documents and settings\Michael\Application Data\uTorrent\rose_rr_764.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\rss.dat
c:\documents and settings\Michael\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\SAK_SETUP1010.exe.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\SAK_SETUP1010.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\settings.dat
c:\documents and settings\Michael\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\Setup_Atlantica_Beta.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Slayer - God Hates Us All.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Sonata Arctica -- Unia [2007] JP Edition (3 Bonus Tracks) + Covers.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Star Wars Knights of the Old Republic II The Sith Lords [English][4CD][www.pctorrent.com].torrent
c:\documents and settings\Michael\Application Data\uTorrent\Starcraft DVD v1.15.1.iso.torrent
c:\documents and settings\Michael\Application Data\uTorrent\The Black Halo.torrent
c:\documents and settings\Michael\Application Data\uTorrent\The Elder Scrolls IV OBLIVION.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Transformers.CaM.XViD-THS.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Transformers.CaM.XViD-THS.torrent
c:\documents and settings\Michael\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Michael\Application Data\uTorrent\Warcraft 3 1.21 cracks and online play - torrent by 3LANCER.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Warhammer 40,000 - Dawn of War.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Warhammer 40k - Dawn of War Collection - Torrent.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Warhammer.40000.Dawn.of.War.Soulstorm-RELOADED.torrent
c:\documents and settings\Michael\Application Data\uTorrent\wic_openMPbeta.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\zx.hellsing.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\zx.hellsing.torrent
c:\program files\FrostWire
c:\program files\FrostWire\clink.jar
c:\program files\FrostWire\commons-httpclient.jar
c:\program files\FrostWire\commons-logging.jar
c:\program files\FrostWire\commons-net.jar
c:\program files\FrostWire\commons-pool.jar
c:\program files\FrostWire\COPYING
c:\program files\FrostWire\daap.jar
c:\program files\FrostWire\FrostWire.exe
c:\program files\FrostWire\FrostWire.ico
c:\program files\FrostWire\FrostWire.jar
c:\program files\FrostWire\hashes
c:\program files\FrostWire\hs_err_pid1600.log
c:\program files\FrostWire\hs_err_pid1816.log
c:\program files\FrostWire\hs_err_pid2268.log
c:\program files\FrostWire\hs_err_pid2440.log
c:\program files\FrostWire\hs_err_pid2580.log
c:\program files\FrostWire\hs_err_pid3172.log
c:\program files\FrostWire\hs_err_pid3224.log
c:\program files\FrostWire\hs_err_pid3240.log
c:\program files\FrostWire\hs_err_pid3388.log
c:\program files\FrostWire\hs_err_pid3552.log
c:\program files\FrostWire\hs_err_pid3624.log
c:\program files\FrostWire\hs_err_pid548.log
c:\program files\FrostWire\hs_err_pid5596.log
c:\program files\FrostWire\hs_err_pid5960.log
c:\program files\FrostWire\hs_err_pid604.log
c:\program files\FrostWire\hs_err_pid740.log
c:\program files\FrostWire\hs_err_pid744.log
c:\program files\FrostWire\i18n.jar
c:\program files\FrostWire\icu4j.jar
c:\program files\FrostWire\id3v2.jar
c:\program files\FrostWire\irc.jar
c:\program files\FrostWire\jcraft.jar
c:\program files\FrostWire\jdic.dll
c:\program files\FrostWire\jdic.jar
c:\program files\FrostWire\jdic_stub.jar
c:\program files\FrostWire\jl011.jar
c:\program files\FrostWire\jmdns.jar
c:\program files\FrostWire\log4j.jar
c:\program files\FrostWire\log4j.properties
c:\program files\FrostWire\looks.jar
c:\program files\FrostWire\MessagesBundle.properties
c:\program files\FrostWire\MessagesBundles.jar
c:\program files\FrostWire\mp3sp14.jar
c:\program files\FrostWire\MRJAdapter.jar
c:\program files\FrostWire\pmf.ico
c:\program files\FrostWire\ProgressTabs.jar
c:\program files\FrostWire\root\magnet10\badge.img
c:\program files\FrostWire\root\magnet10\canHandle.img
c:\program files\FrostWire\root\magnet10\limewire.gif
c:\program files\FrostWire\root\magnet10\options.js
c:\program files\FrostWire\root\magnet10\silentdetect.js
c:\program files\FrostWire\spacer.gif
c:\program files\FrostWire\SystemUtilities.dll
c:\program files\FrostWire\themes.jar
c:\program files\FrostWire\Thumbs.db
c:\program files\FrostWire\tray.dll
c:\program files\FrostWire\tritonus.jar
c:\program files\FrostWire\Uninstall.exe
c:\program files\FrostWire\update.ver
c:\program files\FrostWire\vorbis.jar
c:\program files\FrostWire\xml-apis.jar
c:\program files\FrostWire\xml.war
c:\program files\uTorrent
c:\program files\uTorrent\Uninstall.exe
c:\program files\uTorrent\utorrent.exe
c:\program files\Webtools
c:\windows\Tasks\awckpjzv.job

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2008-12-28 17:56 . 2008-12-28 17:56 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 14:18 . 2008-12-28 14:18 95 --a------ c:\windows\wininit.ini
2008-12-28 13:45 . 2008-12-28 14:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 13:45 . 2008-12-28 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 17:35 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-20 17:35 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-08 18:54 . 2008-12-08 18:54 <DIR> d-------- c:\program files\foobar2000
2008-12-08 18:54 . 2009-01-02 09:11 <DIR> d-------- c:\documents and settings\Michael\Application Data\foobar2000
2008-12-07 16:42 . 2008-12-07 16:42 <DIR> d-------- c:\program files\UnH Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 19:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-02 19:47 --------- d-----w c:\program files\Steam
2009-01-01 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-31 01:32 --------- d-----w c:\program files\War Craft III
2008-12-29 22:59 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 19:22 94,208 ----a-w c:\windows\ScUnin.exe
2008-12-21 05:04 --------- d-----w c:\documents and settings\Michael\Application Data\OpenOffice.org2
2008-12-20 23:31 --------- d-----w c:\documents and settings\Michael\Application Data\Xfire
2008-12-19 02:14 --------- d-s---w c:\program files\Xfire
2008-12-15 19:38 --------- d-----w c:\program files\WinVorbis
2008-12-15 19:38 --------- d-----w c:\program files\SpeedFan
2008-11-17 20:50 --------- d-----w c:\program files\Lavasoft
2008-11-17 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-17 20:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 06:10 --------- d-----w c:\program files\MSXML 6.0
2008-11-10 01:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 01:06 --------- d-----w c:\program files\Bethesda Softworks
2008-11-10 01:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-10 01:04 --------- d-----w c:\program files\MSBuild
2008-11-10 01:02 --------- d-----w c:\program files\Reference Assemblies
2007-12-30 00:51 22,328 ----a-w c:\documents and settings\Michael\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-10-18 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-10-04 50528]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8527872]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-09-23 2494464]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-04-29 4376328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-24 81920]
"Outpost Firewall"="c:\progra~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 91648]
"OutpostFeedBack"="c:\progra~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 356420]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-18 113152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-10-24 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-05-03 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtuUM]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\War Craft III\\Frozen Throne.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AeriaGames\\Project Torque\\ProjectTorque.bin"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.5.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\softsd\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Rohan\\rohanclient.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Michael\\Desktop\\LackeyCCG\\LackeyCCG\\LackeyCCG.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\GunzLauncher.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\Gunz.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\My Completed Downloads\\zunesetuppkg-x86(2).exe"=
"f:\\Program Files\\Starcraft\\StarCraft.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-06 97928]
R1 raddrvv3;raddrvv3;\??\c:\windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-06 76040]
R2 RServer3;Radmin Server V3;"c:\windows\system32\rserver30\RServer3.exe" /service [2008-04-24 1238344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-24 24652]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\DRIVERS\PRISMNDS.sys [2007-04-28 652288]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 17440]
S3 CCCP106;D-Link CIF Webcam;c:\windows\system32\DRIVERS\cccp106.sys [2007-12-22 227200]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 9024]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 9696]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys []
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]

2008-12-26 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{61D0D3D0-8771-4276-80E8-D54A10BE3BE8} - (no file)
BHO-{B09EEFB1-0E56-4091-9D59-80459C00EC74} - (no file)
BHO-{BF606CAD-3F81-499F-A54E-7081DD94BCCB} - (no file)


.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-02 14:46:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\DirectInput\ôu"oD’.*NULL*E*NULL*X*NULL*E*NULL*4*NULL*7*NULL*1*NULL*1*NULL*9*NULL*1*NULL*E*NULL*A*NULL*0*NULL*0*NULL*1*NULL*6*NULL*2*NULL*0*NULL*0*NULL*0*NULL*]
"Name"="???.EXE"
"UsesMapper"=hex:00,00,00,00

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:ec,8e,8c,78,f6,42,bb,21,bd,2d,bd,b7,d9,da,b6,c8,af,9b,bd,28,4b,75,44,\
e4,37,f0,96,6a,06,94,22,30,1f,0d,41,29,23,0f,22,b8,de,b0,25,e5,a9,0d,2d,85,\
18,3c,d3,08,b1,f7,d2,24,fc,af,ea,f7,81,d2,21,62,ea,0c,db,5d,e2,31,5b,10,c6,\
21,8b,77,07,ad,12,c3,3e,46,a0,d3,0b,51,8c,32,6a,1f,60,c8,52,68,e3,e0,8f,36,\
00,c5,ff,02,72,f9,5e,15,27,bb,4e,a0,f4,c2,6d,98,60,43,1a,09,24,49,29,98,3a,\
f0,b4,16,72,97,e9,60,8d,f5,83,a3,32,5a,28,8b,12,0b,6a,4d,5c,df,c3,b1,8d,b7,\
81,f4,85,66,d3,2d,43,c0,29,c3,3d,f8,59,77,f3,2b,08,3c,a9,26,34,91,26,2d,8e,\
ba,a4,56,05,dc,e4,73,9a,6f,70,c0,4c,a0,08,4e,6d,ef,20,86,a6,8a,5c,d1,70,82,\
15,89,d1,aa,13,62,52,df,fc,10,2f,ba,aa,b7,41,55,f7,d9,25,91,49,9c,ec,8b,7f,\
5c,48,6c,4d,e7,de,6f,e4,db,df,86,70,98,34,f7,2e,51,d4,3a,f3,95,8c,ea,bb,7d,\
34,41,1b,b9,37,b3,bc,40,0c,34,4a,44,33,fa,41,ea,a3,f8,a8,46,c3,e6,2e,e1,92,\
41,7e,da,38,3c,a3,fe,71,04,8c,65,14,da,57,52,0a,a3,82,05,07,ad,a2,be,02,52,\
38,a2,48,d1,c1,eb,82,ba,44,fd,24,1a,b2,6b,75,a5,6b,f8,c6,28,b6,12,bf,4c,19,\
b8,8e,11,2b,25,d0,d4,db,f8,91,94,3f,d4,7c,ec,ce,ce,52,e7,1f,7b,a1,de,6c,6c,\
da,17,ba,b6,a8,14,0f,58,cd,1d,7e,e5,d1,11,01,6c,54,b3,7c,91,1a,d8,be,ad,ac,\
52,a3,85,56,71,be,7f,da,88,6c,5a,2a,90,13,85,d9,cd,55,a9,ee,8e,5b,4b,3e,8f,\
7c,a4,7c,b3,7b,9f,cb,0f,97,f0,31,8c,7a,f3,23,5f,4a,7f,00,85,5d,73,b7,bd,cb,\
6b,14,cd,4f,b4,ae,2f,1b,8d,b5,29,9e,9a,ec,5f,53,16,bf,c0,95,e6,19,99,d3,cf,\
a6,3c,9f,fc,13,a4,e8,34,60,65,c9,9a,0f,fe,2c,8e,dd,68,de,2a,10,f6,e5,e4,1b,\
d3,ab,7a,2d,c6,06,09,70,b5,c3,c9,10,19,8c,b2,c3,b2,5e,ef,d9,a6,20,88,f1,63,\
54,aa,83,91,53,00,7c,1a,19,88,e3,3f,db,d1,c0,21,15,59,12,44,d4,55,71,2a,4e,\
a2,57,cd,47,32,ec,67,1c,9d,b5,67,46,de,20,a9,98,d9,3c,d9,6f,7e,5a,dd,8c,94,\
73,3d,9f,a7,4d,d9,0d,45,94,47,8a,e4,08,18,d4,c7,5e,43,b6,ac,2e,ee,c8,b9,2c,\
9e,e5,35,e0,3e,c2,23,9f,11,99,18,5e,dc,b5,46,b2,c2,ae,d1,ca,b4,3b,de,b2,98,\
b1,da,22,78,b5,58,57,33,db,b6,96,dc,b3,09,4b,36,fa,a7,b3,b7,1a,2e,9e,ec,ff,\
3d,1e,a0,d3,4a,4c,4d,2c,04,ba,b2,1e,a5,1b,c0,9e,77,ba,10,48,5e,0d,49,8f,f4,\
ef,32,88,6e,6c,61,e4,07,68,00,19,9b,83,a4,42,c5,5a,7a,bc,44,95,00,99,e5,0d,\
96,bd,b3,7b,2c,65,2c,a7,ad,f8,da,8d,c8,22,5c,1f,ec,ee,b7,2c,4b,b8,61,0c,18,\
1f,53,0d,6b,3a,a7,c5,a3,55,4e,a8,25,07,93,9c,62,d2,28,5c,fc,66,46,68,0c,53,\
48,52,9b,c9,46,15,16,5f,9c,aa,4f,54,b5,4a,23,35,8b,90,0e,cc,4b,be,a9,8a,f6,\
e6,28,52,ed,24,dc,82,dc,8c,9f,b7,f3,dd,1e,ed,c0,ed,9d,03,65,03,3b,69,96,90,\
f4,f2,0c,f0,9a,82,4e,d7,19,ba,f6,91,7e,66,91,4f,3d,b1,d2,d2,bb,ef,0e,9c,01,\
69,9c,d2,65,4b,24,92,74,aa,55,51,c8,ab,4d,14,fd,3c,95,e7,97,10,93,da,56,ed,\
89,33,1a,a0,91,af,9a,37,8a,69,35,d4,6f,28,c6,14,e5,3c,97,ca,90,0a,a8,0f,46,\
16,71,c3,98,a8,d7,62,80,2c,96,5b,6c,8e,52,2c,3f,d7,79,2b,fc,bc,77,73,2e,72,\
de,77,66,0c,33,42,0b,39,8b,bf,57,30,11,18,a5,60,a3,6a,ee,24,e8,b5,b1,37,19,\
3d,2c,99,4c,80,d9,97,54,66,49,d3,88,74,8a,ec,c4,22,6f,8d,12,5d,22,e1,07,0d,\
28,e4,01,83,25,8e,61,e9,54,29,20,d6,a0,ce,f3,3f,9f,21,40,be,31,a3,ae,53,b2,\
fc,25,d4,8e,5b,8e,c4,9b,43,15,c7,ab,d0,89,42,08,5b,8b,59,fe,1f,c1,f9,b4,ae,\
9a,94,25,b2,4a,19,24,b4,44,4d,d9,a7,a4,08,d5,e9,5e,70,29,1b,09,07,cb,04,b1,\
0a,21,ee,2c,1d,74,9a,a8,21,84,0f,d0,1a,65,c8,b3,73,dd,1e,27,4e,1f,0d,a9,e8,\
3d,90,47,21,83,f7,df,03,9f,73,97,64,6d,46,ed,05,2e,93,e6,6a,26,ab,66,42,4f,\
a2,35,0e,eb,74,d3,66,69,12,69,32,62,27,cb,55,1e,93,e4,4a,6c,b6,c4,0d,af,b8,\
bd,2c,f0,a0,d3,a5,5b,6b,c2,9d,2f,b4,0c,16,47,12,36,ce,c8,41,ae,f4,1c,90,71,\
db,63,3b,ea,64,ee,9d,ab,0f,33,cf,43,91,ad,37,39,ff,78,5b,ba,67,e5,5c,ed,74,\
89,78,e6,a4,3b,40,20,95,0b,28,4b,54,cb,ab,49,38,0d,9c,a4,5d,02,81,fd,8b,d0,\
70,fe,f9,1e,0e,d9,72,d8,69,15,88,85,94,28,bc,71,5d,f8,e7,72,fc,66,37,07,f2,\
c4,ea,50,0e,0e,72,0b,51,1a,9f,0e,31,19,95,2e,c1,d2,b9,6a,97,c1,84,35,17,34,\
43,d5,77,4d,48,e2,e2,75,85,73,3e,7c,f2,b0,30,1b,98,1a,5b,d0,a2,e2,96,71,77,\
33,e2,ed,80,10,06,97,5b,99,e4,13,27,05,be,25,84,88,2e,d1,d1,d3,29,82,ea,af,\
70,0b,55,c4,aa,34,cf,84,0e,e2,e0,53,ce,e4,fe,ea,04,e2,f2,bc,65,4b,40,73,57,\
19,32,47,f5,8b,b9,c4,2a,39,f1,bf,d1,48,a5,8d,44,b9,03,b8,b8,27,cd,86,d2,6a,\
f3,ee,4a,c0,e6,5b,b9,41,51,7f,f8,db,7e,69,43,3c,27,46,78,2c,60,07,e0,d2,d0,\
9f,68,f3,d5,a0,58,bd,35,7f,76,75,49,5b,c6,b0,03,cf,22,4a,e7,a9,86,15,6e,af,\
c0,84,5b,da,e2,29,75,84,32,3a,48,23,d6,98,c4,b9,64,cb,a1,2a,15,1f,8c,20,4f,\
98,dd,01,f3,f1,bd,ab,70,7a,f7,b7,98,39,3f,6a,02,9d,d6,99,99,19,f9,21,04,28,\
52,6e,7c,cf,48,28,9c,79,e6,53,64,97,cc,a0,7d,10,91,04,79,4b,65,97,84,93,18,\
0b,5e,26,47,0b,9c,ec,74,02,a1,8a,1c,8b,70,61,14,a5,65,66,3c,38,6c,0a,28,b4,\
09,c9,22,71,d1,fd,33,30,06,95,b8,83,21,09,71,58,8c,ed,8d,4c,b2,53,32,9d,53,\
8e,35,34,74,37,7f,23,92,5e,ef,99,1d,17,b6,c9,1e,75,1a,d6,4b,7c,d3,bc,7b,4e,\
58,6f,ae,35,a6,5a,79,b4,fa,dc,2c,cb,1e,93,10,9c,6f,24,85,e2,1e,bd,16,4b,86,\
7e,30,c5,2f,3b,52,27,9c,32,30,6c,35,c3,0c,12,93,4c,88,ec,ea,7b,3c,22,ca,cc,\
64,54,8a,cf,39,47,e3,61,8d,ae,c2,21,1d,33,e6,23,6d,5b,df,c7,8a,8d,6a,48,04,\
2a,41,ac,8e,9f,6f,ef,ae,ef,46,e6,9c,48,c6,c1,e4,7c,75,4f,65,2d,b8,c9,02,df,\
61,05,e8,61,b3,96,14,5d,12,c5,94,df,67,09,60,2e,cd,c1,94,e5,b6,6a,92,02,5d,\
14,98,eb,64,e5,e3,06,bc,8c,0b,86,ec,00,16,5d,5d,6e,05,cc,ff,6e,6f,7b,7f,83,\
44,bb,2b,c4,8a,6f,05,10,0f,31,e1,df,cc,9f,d9,96,d6,64,a4,56,61,0e,4e,d3,06,\
9a,da,5d,61,ac,fb,cd,73,a7,97,fd,d2,8f,c0,24,ea,5b,77,73,29,46,46,08,bb,22,\
4c,8e,cd,59,b9,35,5a,a2,cd,a2,4e,7d,de,82,64,72,fd,b7,a6,99,5e,21,f0,61,2a,\
b0,e8,42,b7,19,4c,9d,0c,a5,0b,1a,27,04,e2,dd,ba,b1,af,d9,d9,d0,bf,01,17,80,\
2c,37,dc,ee,7e,3a,6b,5a,22,0a,45,d2,10,d5,c3,b2,89,2d,aa,36,b9,fb,58,ce,51,\
a3,8d,e9,d1,01,f2,1b,22,3c,76,af,49,05,9c,8a,0a,8e,2b,93,ce,49,e0,ed,57,91,\
97,f6,fe,83,2f,75,b4,fe,d6,14,56,1a,b7,0d,e2,1a,21,53,1f,59,be,a9,a6,7e,9d,\
fb,e6,34,5a,ea,86,4f,47,eb,47,8f,82,f6,bf,e4,94,e9,5c,bc,0e,cb,ca,d9,ce,41,\
37,07,03,f4,6f,04,d7,6f,5c,85,81,36,88,65,ee,1e,9a,f0,23,19,4b,eb,6e,5a,ed,\
8f,9b,c2,85,3f,b3,c1,29,58,cd,c9,34,41,f0,02,8f,f7,88,fc,8f,65,6c,3b,8f,60,\
1c,bf,0b,ef,75,e7,54,0a,99,1b,01,ca,a2,bf,5f,6e,f6,14,14,cb,1e,03,25,ee,61,\
36,11,14,e9,a7,bc,ff,67,fc,84,92,c0,6e,48,f4,53,5a,25,ae,e4,82,d4,ce,ec,7c,\
81,aa,26,b3,68,c5,dd,a2,d5,d2,02,6d,7c,40,d3,b7,c0,40,97,d9,f9,ee,d2,2b,82,\
fd,b6,2f,8f,d3,e8,b1,84,93,2d,e9,6d,55,73,54,63,09,d5,0a,cd,f6,d9,19,b8,d3,\
84,2d,ea,90,7c,74,5c,14,01,a4,e9,5c,0c,fa,0a,33,1c,7e,fe,e1,0e,97,2c,f3,20,\
10,f6,9c,de,0b,36,2f,8e,1b,28,75,8b,47,62,9d,cd,2b,52,e3,ac,2a,be,c8,47,56,\
92,c7,78,3d,32,1d,8c,40,bc,f5,02,c3,57,26,e2,b1,a5,19,55,e8,44,82,d7,09,be,\
57,48,bd,22,9e,e7,dc,eb,31,e2,41,13,c6,2d,4a,2f,c0,32,06,80,49,2c,b3,be,34,\
82,48,40,61,40,55,ef,ab,f7,c4,fa,e8,df,d0,ab,0c,ba,fc,f1,de,86,fe,ab,f9,1a,\
f0,20,66,84,5b,f7,94,92,42,b1,0b,89,00,e1,e3,6b,a8,bd,49,54,f4,70,57,4e,54,\
c3,cc,f9,4c,c3,c4,e9,b4,c3,bc
"??"=hex:bb,40,94,9c,6a,80,2e,00,eb,37,9f,34,fd,35,40,bb

[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\License information*NULL*]
"datasecu"=hex:1c,1b,96,36,82,0c,8b,5a,8b,ae,d2,b5,af,c9,0b,34,05,61,70,cf,83,\
5e,6a,df,85,ad,ee,ad,5e,f3,60,2a,e9,d4,7e,22,b8,14,2f,b2,96,c9,6c,4f,1a,8a,\
3a,8a,4e,b1,68,fb,c7,60,da,e6,88,74,db,f3,40,02,a0,f2,20,60,bf,f5,ff,46,8b,\
42,4d,21,db,1d,66,e5,b0,a3,50,7e,69,ca,fa,cb,eb,9f,23,43,53,2e,8e,55,06,6f,\
95,e1,05,d4,f2,54,e0,bc,5a,31,c4,21,86,38,49,c9,8e,de,2f,01,80,ec,57,7d,b2,\
1d,9f,ab,74,3c,25,fd,78,8b,2f,f7,01,fc,a4,74,8c,a0,7a,c8,fb,89,ab,4c,a9,29,\
c2,61,fa,ee,1a,08,7b,81,c5,6b,61,04,3a,bb,54,3b,ab,11,17,e8,bc,10,a1,e8,1e,\
0b,64,25,ff,6e,0d,53,cc,86,e6,34,f4,ff,6a,f1,c2,9e,a5,2c,7c,6e,5a,44,56,3f,\
f6,01,6b,f4,a7,14,3b,0a,85,99,92,a5,84,fd,94,db,29,98,36,5b,44,12,44,c9,d8,\
4e,de,ea,b8,93,b7,f2,78,ca,5b,1e,82,b7,ce,24,0a,b9,04,87,d1,b8,26,dc,9d,68,\
8c,f6,87,e7,32,ec,22,c7,6a,07,f2,5e,7b,a3,95,8c,a9,67,58,68,f4,a6,ef,2c,ec,\
b8,c5,f8,aa,4a,fe,19,97,30,ab,d7,49,5c,e5,c2,69,7e,f3,4c,44,f2,9c,8b,49,c1,\
16,2b,6f,bf,54,f4,6a,1f,01,72,b8,97,60,af,c3,b8,c9,9a,eb,02,4c,39,9c,b8,ef,\
c5,94,f3,9d,8a,6d,fa,45,c9,cb,bd,dd,9d,58,89,67,56,11,ec,db,ad,01,67,04,9e,\
3e,d1,f6,5f,af,b7,66,eb,17,8d,f2,ba,e8,e6,ea,86,5d,94,fd,4d,82,b7,f7,35,da,\
7c,2b,32,14,8d,c0,1b,2b,ff,a6,b4,08,d6,a0,1b,90,37,be,db,2c,06,5b,95,1c,1e,\
b6,48,b8,82,0d,91,8d,ab,46,97,44,b6,64,67,b2,62,4c,70,9d,88,c7,21,4a,6e,02,\
c4,17,86,35,28,da,73,91,c7,17,45,fc,4e,78,04,34,6f,1d,93,45,06,6f,3f,64,44,\
d6,94,a4,56,9f,85,0a,6d,10,da,e6,ff,2f,b8,dd,37,3d,46,e4,ef,07,6a,ea,3c,da,\
9d,de,2a,85,f6,a2,45,4e,ef,0e,24,6b,f8,48,84,8f,af,93,69,c3,c5,5e,a2,06,ba,\
2f,37,36,00,b0,4b,22,24,e4,1b,cd,21,42,29,cc,a8,d9,ac,d8,fd,de,1e,38,93,fb,\
e1,ce,40,be,19,81,15,53,32,16,8a,f7,0f,14,53,9e,0c,fc,d5,99,fe,df,b5,be,60,\
cb,37,a8,a7,fa,8d,e9,99,37,32,ba,2e,bc,15,2b,4a,4b,59,b2,e4,bb,3d,d7,46,8a,\
2f,7e,c6,1a,88,a0,98,d8,a6,5c,57,d3,17,6d,32,db,84,5c,c1,2f,55,31,22,1c,99,\
f5,ad,d7,f3,3e,7a,d7,01,aa,f5,a5,78,3d,e2,c2,fd,fb,2d,93,b8,bc,e7,40,30,69,\
07,5f,d7,1f,d6,d5,7b,3c,9c,d3,ff,96,cf,0d,7c,b5,20,a7,2f,47,0c,65,57,12,15,\
02,ed,3a,ab,07,66,99,f1,a1,46,fb,e4,fc,26,19,af,5a,a2,34,99,3b,29,76,74,f8,\
68,ba,75,43,33,af,b1,52,00,1a,24,30,70,f6,31,0f,ea,aa,82,3f,b0,74,f3,a4,8b,\
18,65,cc,8f,ec,88,04,83,03,f5,46,4f,47,22,f5,2f,a5,be,65,af,f2,5c,4c,6a,40,\
d5,8b,49,79,fb,4a,09,4c,1b,75,53,76,93,2e,cb,8d,ca,9b,5f,f4,08,29,47,22,fe,\
a1,7e,34,43,8a,8b,34,05,3e,95,dd,78,66,0b,6d,ca,ec,c2,6a,a8,81,d1,2a,1b,75,\
ff,7d,10,98,b6,c8,a9,56,13,1b,37,ad,61,82,13,f7,4e,2d,3b,2e,19,e2,35,3e,25,\
fc,6f,d5,b1,8d,ef,21,0a,db,75,c0,b4,87,2a,24,f5,9c,eb,35,40,58,69,fe,9f,50,\
23,e1,d3,ae,ca,7e,c1,17,a2,c2,f7,e5,28,aa,b2,2b,02,58,2b,d3,59,e1,0b,76,3f,\
94,d3,7f,ab,a6,a1,93,50,3f,00,1e,c1,94,0c,0d,79,d7,5e,c8,0f,a3,89,67,14,2c,\
b2,2b,36,f9,b6,1c,fb,e6,f7,84,85,76,e1,c4,2b,56,5a,95,4a,37,24,54,db,4c,03,\
ca,39,24,13,45,37,d9,e6,b0,c7,f3,dd,80,ae,7d,4d,fa,9d,20,68,22,80,88,94,a4,\
a0,7c,e5,23,b2,99,3f,07,cb,f1,48,b6,83,be,b4,75,69,f1,59,4b,af,cc,54,6e,e5,\
9a,b3,71,f8,1b,31,60,9f,42,74,97,dc,5e,e8,d2,fa,9d,59,bd,0e,15,2a,bf,a8,34,\
bf,3a,96,f8,80,9e,75,4c,98,02,09,a1,70,12,1f,e1,3e,4b,85,c5,cc,75,7d,02,f7,\
58,57,7c,b0,4b,6a,52,64,af,ed,90,fd,e3,b0,b6,cb,26,60,7a,21,b5,cf,3a,25,1c,\
ef,26,5f,7c,96,cb,ab,49,cc,1a,d3,38,d7,d6,80,40,bb,e3,79,f2,63,1f,a2,6c,ea,\
d7,6a,74,7e,96,f6,6b,af,03,de,68,8c,39,04,05,c7,9f,43,f3,f1,89,76,30,da,b0,\
50,5b,a1,f7,ab,b5,f0,1d,8c,b2,3f,43,8f,f5,d7,3a,81,a2,02,20,5b,22,3c,8b,97,\
33,d9,af,8f,85,41,e8,62,14,3c,8f,40,2b,64,3e,b4,f6,bc,78,a0,fc,65,8c,99,4a,\
81,6e,1e,0b,5e,a8,52,1a,5b,de,56,4a,60,cf,4d,2c,b3,d0,6d,f4,4f,69,46,27,45,\
3c,27,3d,c4,53,73,63,75,90,6f,3e,00,ab,c4,e3,6c,a5,a2,1f,04,89,db,77,fd,d9,\
02,3c,4f,4c,2f,99,52,84,24,ea,3b,e9,d1,7a,91,0a,80,f6,e3,5d,5d,c7,ab,06,1e,\
2e,43,6b,60,36,fe,1b,f5,44,2e,ca,ac,75,bc,14,23,63,1c,86,69,80,cc,ee,08,2b,\
ae,a2,9e,a5,22,bb,41,95,ab,cb,33,5f,82,04,f4,bb,28,8d,5f,e4,ea,79,65,d8,76,\
6d,45,2f,ab,28,fb,22,c4,92,ab,c9,4f,eb,5a,17,8c,6c,35,4b,49,c4,05,43,52,c4,\
57,16,af,a3,92,76,d5,db,be,51,55,f0,b8,a1,bb,bc,5c,cd,4c,b6,04,c7,67,10,a0,\
e8,25,8c,08,56,42,e7,bb,dc,4d,15,7e,38,85,71,31,69,ff,df,cf,6d,cc,2f,48,aa,\
c4,e3,c4,00,5c,7f,e8,1b,02,fc,0d,0a,3d,3d,d0,0d,6f,fb,0e,5b,21,39,e6,21,68,\
7f,6b,47,59,ff,4c,cf,28,bb,26,a4,a8,58,2b,11,79,16,94,43,1c,86,08,62,6e,a4,\
85,dd,62,96,23,7c,09,25,c8,ed,6a,f2,19,8b,e0,f6,f1,2a,f9,da,69,ca,ab,04,d3,\
c9,fe,a4,14,80,af,3f,d2,c5,47,02,27,fc,ea,32,c5,6d,30,76,1b,a1,9f,be,bf,7d,\
01,26,45,26,d1,16,f8,d7,4c,74,0e,6c,17,92,80,cd,a7,42,9b,ea,ff,7a,4f,0b,32,\
98,4d,7f,dd,f0,26,7c,3e,94,1b,e6,b9,37,b0,90,f4,15,ed,ae,3d,51,c2,b3,ee,1d,\
34,45,41,cb,f8,66,82,fa,14,59,b8,c3,7b,7c,9d,6a,13,c4,2b,ac,0d,44,9f,ae,98,\
cb,04,78,48,06,9c,2a,08,a1,8c,61,c0,47,ba,8c,76,b3,48,b2,61,67,bd,ec,f2,61,\
75,de,aa,a8,34,fc,06,7a,dc,d1,27,f7,bf,07,37,1d,0e,79,a6,91,3b,e8,c5,93,21,\
20,81,8e,6a,ec,5d,55,55,04,7c,f0,89,b8,98,29,87,88,57,92,f4,fc,2d,76,c0,e3,\
9e,c6,74,66,b7,3d,d0,9c,46,1a,e6,e9,8d,eb,84,7c,0a,bf,6e,ec,eb,7d,c5,49,eb,\
c7,26,7a,c1,96,68,c6,af,2f,ec,86,76,32,e6,fd,a8,c9,9c,6b,a2,3a,cd,08,4b,4f,\
63,75,c8,80,8a,7c,ef,ea,ad,1f,9c,29,2c,49,79,b6,da,d9,af,e5,b8,bd,a2,74,7e,\
7d,78,d5,82,80,ea,29,a4,a3,61,4a,1a,da,22,c1,ef,0b,3b,6d,82,db,44,ff,86,60,\
27,80,5a,e9,a4,a1,99,d2,ed,87,f6,7c,ee,52,83,71,9e,b4,76,13,47,fc,f6,55,1c,\
ea,0e,10,35,0a,45,8e,4d,3d,88,5e,3d,6e,ed,66,ab,fe,95,77,3a,fe,5b,37,24,d2,\
81,34,cc,a7,d8,39,90,87,4e,33,97,40,75,06,93,7d,25,78,01,34,e6,c9,20,b1,79,\
39,3f,14,8c,33,2b,4d,1c,57,37,06,5c,99,39,47,ad,ab,86,c9,60,d7,65,fe,fe,29,\
9e,fb,91,b4,ac,eb,ba,0e,2e,ac,b5,9e,f2,bc,1b,a2,65,2a,69,5e,8d,42,47,35,0c,\
68,25,74,38,84,0a,fe,52,c5,7a,c8,94,a5,2d,14,c4,d6,22,10,c8,e5,f0,2a,e9,94,\
3d,95,a4,7b,77,01,f7,5f,74,6d,43,41,51,46,c7,22,11,89,4a,ac,dd,61,fc,87,26,\
bb,78,ca,19,bd,fb,44,d8,3c,f6,1e,37,9a,9c,66,cc,d4,b7,ad,8a,53,2f,75,f0,93,\
36,aa,bd,95,61,70,da,5a,51,64,19,5c,08,a0,50,71,2b,c2,ef,13,f4,4f,4e,4e,4c,\
18,c1,15,a3,13,fd,91,21,e3,c0,27,7b,55,b4,80,33,f8,c9,16,85,be,2d,b2,14,a3,\
5b,c4,d9,29,ef,e4,3d,9e,f2,7e,ca,12,8e,04,e1,e0,3d,31,71,ea,86,52,74,39,a6,\
08,9d,9f,c5,85,52,cf,53,91,24,3d,68,49,fb,93,12,52,f4,b7,45,6f,5d,d2,3c,c6,\
5a,a4,bf,95,47,b4,b0,a0,49,09,6d,a9,e2,71,66,d9,2b,8f,40,29,65,ad,86,5c,89,\
a1,35,d3,09,72,ca,98,e5,b1,99,f8,7f,20,0b,90,7b,7e,fa,2a,a2,12,bd,51,bd,a4,\
e7,6f,f9,94,be,c7,9b,b7,7f,ff,e6,a4,a3,04,90,47,a4,be,2c,64,52,7a,e7,ce,90,\
75,9a,61,e6,94,8e,90,f0,14,47,f4,10,98,5b,9a,10,3f,a5,dd,98,f9,7d,01,5e,62,\
72,86,6b,78,19,d1,6c,95,e6,91,e9,fd,ea,9d,93,99,d3,cd,cf,ce,93,3d,3e,d3,4a,\
f1,ed,8b,2e,9a,f3,ac,cc,27,d9,64,6e,66,16,76,13,bc,de,00,cf,9e,bd,50,1e,bb,\
31,cc,ec,26,32,c7,c5,60,b3,2d,95,ea,38,f0,b8,61,da,86,14,e4,36,b7,01,be,98,\
34,02,ca,53,a3,3f,6e,7b,ed,45,01,78,28,01,04,99,46,1a,98,95,51,ed,05,2a,ba,\
46,a0,34,10,9b,d5,4c,c4,9b,c6,9e,4e,06,d7,9d,91,cc,bf,74,22,80,6c,03,0a,14,\
c0,2f,bc,f3,20,3b,41,25,e7,d7,63,3f,e2,94,44,dd,cf,c0,46,a9,74,df,5f,fb,1b,\
ae,83,73,0b,9a,9b,ee,5f,a0,d4,3e,1f,e5,9f,39,be,5d,29,d7,1c,c7,bf,fe,d3,c1,\
e4,dd,e5,fb,a3,47,62,3f,b2,44,54,16,3f,02,3c,ee,cb,5a,89,e2,f9,73,3b,96,b8,\
a3,8c,89,2f,da,81,a4,fc,1c,9e,2a,6b,53,d0,f3,3f,a2,9a,70,9d,69,5c,11,dd,3c,\
6e,6d,de,84,27,b1,bc,78,85,06,13,c6,92,b8,74,0e,9c,e3,7e,53,4d,fa,6d,03,89,\
fd,b0,04,cf,9f,e9,e8,57,55,df,8e,d0,c6,6d,68,67,e4,79,1e,15,e1,a1,fd,2a,67,\
68,9c,a0,6b,d1,63,ec,f5,68,e3,06,52,4d,b7,bc,5a,f7,2a,ef,ea,53,83,3a,60,4d,\
13,ff,f7,1c,fd,ba,f7,ca,6d,44,34,01,7f,a1,a5,83,55,c5,f7,f7,47,17,83,c3,d6,\
fa,c8,f4,d4,c4,83,7a,16,f7,79,c1,09,e7,bb,51,d4,48,5b,78,bd,37,1f,fd,a9,89,\
f4,a9,7c,3d,01,a4,86,c2,59,02,43,05,cb,03,a0,b5,da,51,99,0b,07,87,ca,44,3e,\
fa,77,8c,ad,50,9b,a4,ab,31,bb,7a,a7,6a,ca,c2,39,80,f0,ac,39,cb,60,ba,6d,3c,\
84,44,9f,2d,c6,4d,b8,c7,ca,2a,a4,ab,c4,9f,65,6c,4f,b3,5c,e8,67,f2,d3,69,22,\
58,58,69,57,a8,16,ab,f6,07,6d,f1,80,4a,a9,4b,9e,63,4d,8d,9d,25,62,dc,de,40,\
b2,e2,04,28,71,8e,22,04,dc,90,a8,69,27,7a,77,32,fa,35,92,3e,0e,d0,1c,fa,ed,\
31,2d,c3,31,05,7b,d0,58,e8,ad,60,bb,aa,c2,de,59,1a,91,b6,97,65,31,e9,c2,cc,\
30,68,3d,1a,00,09,fe,bb,a5,c9,f9,45,32,dd,14,2f,93,e6,71,25,8a,8b,cf,60,8a,\
4e,66,4a,34,66,71,32,d7,7c,7d,b8,33,38,9d,0a,65,ba,0c,f5,5a,e5,15,29,e4,fd,\
ee,62,4c,46,93,19,79,97,79,fb,11,c8,55,1c,16,fe,fb,d4,28,e0,6f,d3,b1,7e,99,\
b8,17,7c,4b,d1,fa,fc,dc,ae,a1,73,80,8b,85,fb,b1,3a,db,71,fe,97,c3,03,db,13,\
dc,93,04,c3,8e,45,84,4c,7b,44,35,04,d9,8c,12,4f,a9,fb,6d,9e,d6,27,89,6a,0c,\
c8,94,df,cc,da,e1,e7,e1,0d,4a,21,f0,3b,e1,24,c9,75,d0,f9,f7,26,fc,e6,e5,89,\
86,0d,43,ce,28,54,e8,d6,93,04,43,14,11,d5,d4,a0,f0,0b,c5,61,06,04,43,b7,7e,\
c2,1a,27,27,87,e0,4c,8a,9b,99,cd,7c,e3,b9,11,70,a0,c8,1f,25,05,bf,67,13,fe,\
79,7d,42,33,d7,b5,cb,f9,16,4f,6d,c6,6a,15,e8,82,ad,4f,07,9c,85,7f,03,1c,57,\
b8,d8,8d,d1,66,6d,3e,77,3b,3e,ee,4c,61,ea,f5,45,9e,89,74,d2,e1,16,06,3d,38,\
69,c7,da,75,cd,24,2f,d3,68,18,61,a3,5d,63,ad,69,10,4d,71,82,d8,05,79,d3,09,\
07,ef,15,1b,67,b7,d5,5b,89,62,ec,9e,87,f6,22,59,30,90,f2,fe,e7,e1,b4,57,79,\
89,ea,3c,55,f9,b7,c8,dd,b4,5c,3d,c6,3b,b1,35,dd,70,1d,bd,19,9b,92,29,70,7c,\
40,e6,82,3f,36,60,5d,c8,9c,83,b6,ca,d0,5a,50,24,77,2c,79,4e,f0,2a,f2,57,85,\
e6,f1,bf,e2,2e,4b,dc,3e,5e,44,c8,f6,cd,4e,d7,79,b9,7e,af,84,7c,39,8a,f8,6b,\
15,4c,52,37,ef,18,3d,d3,c9,8c,bf,4d,e7,e3,b9,0b,a0,39,96,05,fe,8b,80,5b,f4,\
46,50,1c,2a,d5,b4,73,96,8e,3a,f9,e0,fe,3b,53,f1,45,7a,0b,3b,c9,e6,1c,78,1f,\
93,ba,05,f4,ca,89,67,24,8e,c4,a5,72,97,26,77,21,9f,3e,8f
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-01-02 14:52:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-02 19:52:36
ComboFix2.txt 2009-01-02 19:20:01
ComboFix3.txt 2009-01-02 18:53:24

Pre-Run: 14,022,254,592 bytes free
Post-Run: 14,007,955,456 bytes free

660 --- E O F --- 2008-12-19 03:42:30


HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:49 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\bladehappy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJAtuUM - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11560 bytes

[Shaba]

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.