ComboFix Log:
ComboFix 09-01-01.02 - Michael 2009-01-02 14:40:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1512 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: Outpost Firewall Pro *disabled*
* Created a new restore point
FILE ::
c:\windows\Tasks\awckpjzv.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Michael\Application Data\Twain
c:\documents and settings\Michael\Application Data\uTorrent
c:\documents and settings\Michael\Application Data\uTorrent\(PC Game) WarCraft III - Reign of Chaos - (Plus Serial & Crack).torrent
c:\documents and settings\Michael\Application Data\uTorrent\[DB]_Naruto_133_[B1F3ED83].avi.torrent
c:\documents and settings\Michael\Application Data\uTorrent\[DB]_Naruto_134_[BBF21131].avi.torrent
c:\documents and settings\Michael\Application Data\uTorrent\[oS] [Full PC Games] Grand Theft Auto San Andreas.torrent
c:\documents and settings\Michael\Application Data\uTorrent\10,000serials.torrent
c:\documents and settings\Michael\Application Data\uTorrent\2004 - Wintersun.torrent
c:\documents and settings\Michael\Application Data\uTorrent\3D??????.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Adobe Photoshop Pro CS2 v9.0 Full ISO + WORKING Keygen.torrent
c:\documents and settings\Michael\Application Data\uTorrent\age of empires 2 + conqueror & all in one !!.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\age of empires 2 + conqueror & all in one !!.torrent
c:\documents and settings\Michael\Application Data\uTorrent\AMV Hell 4 - The Last One.mp4.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Bathory - Nordland.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Binktopia_Bleach_304.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\BIOSHOCK.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Blind Guardian - A Night At The Opera - L.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\C_SKIES_102.mdf.torrent
c:\documents and settings\Michael\Application Data\uTorrent\COD4 Call of Duty 4 Free Hamachi Online Multiplayer Kit 1.5 by Bozo.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\COMBATFS.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Conquer_v4354_10.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Conquer070405.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Crimson.Skies.Eng.Single.Or.Multiplayer.Air.War.Simmulator-mIrAkElHuMlAn.torrent
c:\documents and settings\Michael\Application Data\uTorrent\dht.dat
c:\documents and settings\Michael\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\Dropkick_Murphys-The_Gangs_All_Here-1999.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Dropkick_Murphys-The_Meanest_Of_Times-(Advance)-2007-RTB.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Ensiferum - Iron (2004).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Everquest Titanium.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\EverQuest Titanium.torrent
c:\documents and settings\Michael\Application Data\uTorrent\FirstStrike_V1.1_Full.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Flight Unlimited.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Forgotten Hope 2.0.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Frets on Fire.rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\FretsOnFire.7z.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\FretsOnFire.7z.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Full Metal Jacket[1987][Remastered 2007][Eng][Dvdrip]-freakzilla.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Giants Citizen Kabuto.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Giants Citizen Kabuto.torrent
c:\documents and settings\Michael\Application Data\uTorrent\granadoespada.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\granadoespada.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand Theft Auto San Andreas HOODLUM.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand Theft Auto San Andreas HOODLUM.2.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand Theft Auto San Andreas HOODLUM.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.2.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.3.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.4.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.5.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-HOODLUM.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas-Steffmeister.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Grand.Theft.Auto.San.Andreas.CRACK-HOODLUM.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry Potter And The Deathly Hallows.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry.Potter.&.The.Order.Of.The.Phoenix(2007).XViD[Eng].Fantastic.Quality.zip.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry.Potter.And.The.Order.Of.The.Phoenix - Good Quality - Full Length - Sample Included.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry.Potter.And.The.Order.Of.The.Phoenix.CAM.XviD-CANALSTREET.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Harry_Potter_7_-_And_The_Deathly_Hallows_EBOOK-KG.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Hellsing.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Iced Earth - Something Wicked This Way Comes [for
www.p2p-world.dl.am].rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Iced_Earth_-_Tribute_To_The_Gods_-_Released_By_LuCaS_SoAd.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kamelot - The Black Halo - 2005.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Korpiklaani.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator - 1999 - Endorama.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator - Pleasure To Kill.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator Enemy of God.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kreator Enemy of God.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Kung Pow, Enter The Fist (2002) (Dvd Rip OF) (Eng).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Lamb Of God - Sacrament.torrent
c:\documents and settings\Michael\Application Data\uTorrent\machine head-through the ashes of empires.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Medieval.2.Total.War-RELOADED.torrent
c:\documents and settings\Michael\Application Data\uTorrent\MERCENARY - 4 (All) Studio Albums^WaPo (Melodic Death Metal).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Mercenary_-_Architect_Of_Lies_(2008).torrent
c:\documents and settings\Michael\Application Data\uTorrent\Microsoft Office 2007 Enterprise - Full Version.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Monty Python and the Holy Grail (Darkside_RG).1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Monty Python and the Holy Grail (Darkside_RG).torrent
c:\documents and settings\Michael\Application Data\uTorrent\MS Office 2007.iso.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Outworld-Outworld-Promo-2006-DJH_INT.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Pack 2.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Picture Publisher 10 Pro.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Radmin Remote Administrator 3.2 With Crack(Working).rar.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Rage Against The Machine - Battle Of Duesseldorf.torrent
c:\documents and settings\Michael\Application Data\uTorrent\resume.dat
c:\documents and settings\Michael\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\Rome Total War.torrent
c:\documents and settings\Michael\Application Data\uTorrent\rose_rr_764.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\rss.dat
c:\documents and settings\Michael\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\SAK_SETUP1010.exe.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\SAK_SETUP1010.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\settings.dat
c:\documents and settings\Michael\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Michael\Application Data\uTorrent\Setup_Atlantica_Beta.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Slayer - God Hates Us All.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Sonata Arctica -- Unia [2007] JP Edition (3 Bonus Tracks) + Covers.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Star Wars Knights of the Old Republic II The Sith Lords [English][4CD][
www.pctorrent.com].torrent
c:\documents and settings\Michael\Application Data\uTorrent\Starcraft DVD v1.15.1.iso.torrent
c:\documents and settings\Michael\Application Data\uTorrent\The Black Halo.torrent
c:\documents and settings\Michael\Application Data\uTorrent\The Elder Scrolls IV OBLIVION.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Transformers.CaM.XViD-THS.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Transformers.CaM.XViD-THS.torrent
c:\documents and settings\Michael\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Michael\Application Data\uTorrent\Warcraft 3 1.21 cracks and online play - torrent by 3LANCER.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Warhammer 40,000 - Dawn of War.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Warhammer 40k - Dawn of War Collection - Torrent.torrent
c:\documents and settings\Michael\Application Data\uTorrent\Warhammer.40000.Dawn.of.War.Soulstorm-RELOADED.torrent
c:\documents and settings\Michael\Application Data\uTorrent\wic_openMPbeta.exe.torrent
c:\documents and settings\Michael\Application Data\uTorrent\zx.hellsing.1.torrent
c:\documents and settings\Michael\Application Data\uTorrent\zx.hellsing.torrent
c:\program files\FrostWire
c:\program files\FrostWire\clink.jar
c:\program files\FrostWire\commons-httpclient.jar
c:\program files\FrostWire\commons-logging.jar
c:\program files\FrostWire\commons-net.jar
c:\program files\FrostWire\commons-pool.jar
c:\program files\FrostWire\COPYING
c:\program files\FrostWire\daap.jar
c:\program files\FrostWire\FrostWire.exe
c:\program files\FrostWire\FrostWire.ico
c:\program files\FrostWire\FrostWire.jar
c:\program files\FrostWire\hashes
c:\program files\FrostWire\hs_err_pid1600.log
c:\program files\FrostWire\hs_err_pid1816.log
c:\program files\FrostWire\hs_err_pid2268.log
c:\program files\FrostWire\hs_err_pid2440.log
c:\program files\FrostWire\hs_err_pid2580.log
c:\program files\FrostWire\hs_err_pid3172.log
c:\program files\FrostWire\hs_err_pid3224.log
c:\program files\FrostWire\hs_err_pid3240.log
c:\program files\FrostWire\hs_err_pid3388.log
c:\program files\FrostWire\hs_err_pid3552.log
c:\program files\FrostWire\hs_err_pid3624.log
c:\program files\FrostWire\hs_err_pid548.log
c:\program files\FrostWire\hs_err_pid5596.log
c:\program files\FrostWire\hs_err_pid5960.log
c:\program files\FrostWire\hs_err_pid604.log
c:\program files\FrostWire\hs_err_pid740.log
c:\program files\FrostWire\hs_err_pid744.log
c:\program files\FrostWire\i18n.jar
c:\program files\FrostWire\icu4j.jar
c:\program files\FrostWire\id3v2.jar
c:\program files\FrostWire\irc.jar
c:\program files\FrostWire\jcraft.jar
c:\program files\FrostWire\jdic.dll
c:\program files\FrostWire\jdic.jar
c:\program files\FrostWire\jdic_stub.jar
c:\program files\FrostWire\jl011.jar
c:\program files\FrostWire\jmdns.jar
c:\program files\FrostWire\log4j.jar
c:\program files\FrostWire\log4j.properties
c:\program files\FrostWire\looks.jar
c:\program files\FrostWire\MessagesBundle.properties
c:\program files\FrostWire\MessagesBundles.jar
c:\program files\FrostWire\mp3sp14.jar
c:\program files\FrostWire\MRJAdapter.jar
c:\program files\FrostWire\pmf.ico
c:\program files\FrostWire\ProgressTabs.jar
c:\program files\FrostWire\root\magnet10\badge.img
c:\program files\FrostWire\root\magnet10\canHandle.img
c:\program files\FrostWire\root\magnet10\limewire.gif
c:\program files\FrostWire\root\magnet10\options.js
c:\program files\FrostWire\root\magnet10\silentdetect.js
c:\program files\FrostWire\spacer.gif
c:\program files\FrostWire\SystemUtilities.dll
c:\program files\FrostWire\themes.jar
c:\program files\FrostWire\Thumbs.db
c:\program files\FrostWire\tray.dll
c:\program files\FrostWire\tritonus.jar
c:\program files\FrostWire\Uninstall.exe
c:\program files\FrostWire\update.ver
c:\program files\FrostWire\vorbis.jar
c:\program files\FrostWire\xml-apis.jar
c:\program files\FrostWire\xml.war
c:\program files\uTorrent
c:\program files\uTorrent\Uninstall.exe
c:\program files\uTorrent\utorrent.exe
c:\program files\Webtools
c:\windows\Tasks\awckpjzv.job
.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.
2008-12-28 17:56 . 2008-12-28 17:56 <DIR> d-------- c:\program files\Trend Micro
2008-12-28 14:18 . 2008-12-28 14:18 95 --a------ c:\windows\wininit.ini
2008-12-28 13:45 . 2008-12-28 14:23 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 13:45 . 2008-12-28 15:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 17:35 . 2004-08-04 00:56 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-20 17:35 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-20 17:35 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-11 15:37 . 2008-12-11 15:37 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-12-08 18:54 . 2008-12-08 18:54 <DIR> d-------- c:\program files\foobar2000
2008-12-08 18:54 . 2009-01-02 09:11 <DIR> d-------- c:\documents and settings\Michael\Application Data\foobar2000
2008-12-07 16:42 . 2008-12-07 16:42 <DIR> d-------- c:\program files\UnH Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-02 19:47 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-02 19:47 --------- d-----w c:\program files\Steam
2009-01-01 18:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-31 01:32 --------- d-----w c:\program files\War Craft III
2008-12-29 22:59 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-26 19:22 94,208 ----a-w c:\windows\ScUnin.exe
2008-12-21 05:04 --------- d-----w c:\documents and settings\Michael\Application Data\OpenOffice.org2
2008-12-20 23:31 --------- d-----w c:\documents and settings\Michael\Application Data\Xfire
2008-12-19 02:14 --------- d-s---w c:\program files\Xfire
2008-12-15 19:38 --------- d-----w c:\program files\WinVorbis
2008-12-15 19:38 --------- d-----w c:\program files\SpeedFan
2008-11-17 20:50 --------- d-----w c:\program files\Lavasoft
2008-11-17 20:50 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-17 20:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-11 06:10 --------- d-----w c:\program files\MSXML 6.0
2008-11-10 01:06 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-10 01:06 --------- d-----w c:\program files\Bethesda Softworks
2008-11-10 01:06 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-10 01:04 --------- d-----w c:\program files\MSBuild
2008-11-10 01:02 --------- d-----w c:\program files\Reference Assemblies
2007-12-30 00:51 22,328 ----a-w c:\documents and settings\Michael\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\steam\steam.exe" [2008-10-18 1410296]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-10-04 50528]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-07-16 4670704]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-24 8527872]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-09-23 2494464]
"ANIWZCSService"="c:\program files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 32768]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2007-04-29 4376328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-24 81920]
"Outpost Firewall"="c:\progra~1\Agnitum\OUTPOS~1.0\outpost.exe" [2006-03-30 91648]
"OutpostFeedBack"="c:\progra~1\Agnitum\OUTPOS~1.0\feedback.exe" [2006-05-11 356420]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-18 113152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"SoundMan"="SOUNDMAN.EXE" [2005-08-17 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-10-24 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2007-05-03 303104]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJAtuUM]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0lsdelete
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Cossacks\\dmcr.exe"=
"c:\\Program Files\\D-Link\\Air Utility\\AirCFG.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\BYOND\\bin\\byond.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\jakejhunter@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Aspyr\\Guitar Hero III\\GH3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\War Craft III\\Frozen Throne.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AeriaGames\\Project Torque\\ProjectTorque.bin"=
"c:\\AeriaGames\\12Sky\\TwelveSky.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mpHAMACHI 1.5.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\softsd\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\bladehappy\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Rohan\\rohanclient.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Documents and Settings\\Michael\\Desktop\\LackeyCCG\\LackeyCCG\\LackeyCCG.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\alaplaya\\S4League\\S4Client.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\GunzLauncher.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\Gunz\\Gunz\\Gunz.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Ntreev\\Grand Chase\\main.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Documents and Settings\\Michael\\My Documents\\My Completed Downloads\\zunesetuppkg-x86(2).exe"=
"f:\\Program Files\\Starcraft\\StarCraft.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-06 97928]
R1 raddrvv3;raddrvv3;\??\c:\windows\system32\rserver30\raddrvv3.sys [2008-04-24 45848]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-03 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-03 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-06 76040]
R2 RServer3;Radmin Server V3;"c:\windows\system32\rserver30\RServer3.exe" /service [2008-04-24 1238344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-24 24652]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 PRISM;D-Link Air Wireless Prism3 Adapter Driver;c:\windows\system32\DRIVERS\PRISMNDS.sys [2007-04-28 652288]
S3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ADBLOCK.DLL [2006-03-30 33600]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\ARP.DLL [2006-03-30 17440]
S3 CCCP106;D-Link CIF Webcam;c:\windows\system32\DRIVERS\cccp106.sys [2007-12-22 227200]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 4896]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 14304]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 9024]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 11552]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 13248]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 7200]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 14912]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 6752]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 9984]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 16960]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);\??\c:\progra~1\Agnitum\OUTPOS~1.0\kernel\SECRET.DLL [2006-03-30 9696]
S3 XDva011;XDva011;\??\c:\windows\system32\XDva011.sys []
S3 XDva037;XDva037;\??\c:\windows\system32\XDva037.sys []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []
.
Contents of the 'Scheduled Tasks' folder
2009-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
2009-01-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 16:39]
2008-12-26 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{61D0D3D0-8771-4276-80E8-D54A10BE3BE8} - (no file)
BHO-{B09EEFB1-0E56-4091-9D59-80459C00EC74} - (no file)
BHO-{BF606CAD-3F81-499F-A54E-7081DD94BCCB} - (no file)
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
www.msn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\n6wz7q8e.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-02 14:46:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\DirectInput\ôu"oD’.*NULL*E*NULL*X*NULL*E*NULL*4*NULL*7*NULL*1*NULL*1*NULL*9*NULL*1*NULL*E*NULL*A*NULL*0*NULL*0*NULL*1*NULL*6*NULL*2*NULL*0*NULL*0*NULL*0*NULL*]
"Name"="???.EXE"
"UsesMapper"=hex:00,00,00,00
[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:ec,8e,8c,78,f6,42,bb,21,bd,2d,bd,b7,d9,da,b6,c8,af,9b,bd,28,4b,75,44,\
e4,37,f0,96,6a,06,94,22,30,1f,0d,41,29,23,0f,22,b8,de,b0,25,e5,a9,0d,2d,85,\
18,3c,d3,08,b1,f7,d2,24,fc,af,ea,f7,81,d2,21,62,ea,0c,db,5d,e2,31,5b,10,c6,\
21,8b,77,07,ad,12,c3,3e,46,a0,d3,0b,51,8c,32,6a,1f,60,c8,52,68,e3,e0,8f,36,\
00,c5,ff,02,72,f9,5e,15,27,bb,4e,a0,f4,c2,6d,98,60,43,1a,09,24,49,29,98,3a,\
f0,b4,16,72,97,e9,60,8d,f5,83,a3,32,5a,28,8b,12,0b,6a,4d,5c,df,c3,b1,8d,b7,\
81,f4,85,66,d3,2d,43,c0,29,c3,3d,f8,59,77,f3,2b,08,3c,a9,26,34,91,26,2d,8e,\
ba,a4,56,05,dc,e4,73,9a,6f,70,c0,4c,a0,08,4e,6d,ef,20,86,a6,8a,5c,d1,70,82,\
15,89,d1,aa,13,62,52,df,fc,10,2f,ba,aa,b7,41,55,f7,d9,25,91,49,9c,ec,8b,7f,\
5c,48,6c,4d,e7,de,6f,e4,db,df,86,70,98,34,f7,2e,51,d4,3a,f3,95,8c,ea,bb,7d,\
34,41,1b,b9,37,b3,bc,40,0c,34,4a,44,33,fa,41,ea,a3,f8,a8,46,c3,e6,2e,e1,92,\
41,7e,da,38,3c,a3,fe,71,04,8c,65,14,da,57,52,0a,a3,82,05,07,ad,a2,be,02,52,\
38,a2,48,d1,c1,eb,82,ba,44,fd,24,1a,b2,6b,75,a5,6b,f8,c6,28,b6,12,bf,4c,19,\
b8,8e,11,2b,25,d0,d4,db,f8,91,94,3f,d4,7c,ec,ce,ce,52,e7,1f,7b,a1,de,6c,6c,\
da,17,ba,b6,a8,14,0f,58,cd,1d,7e,e5,d1,11,01,6c,54,b3,7c,91,1a,d8,be,ad,ac,\
52,a3,85,56,71,be,7f,da,88,6c,5a,2a,90,13,85,d9,cd,55,a9,ee,8e,5b,4b,3e,8f,\
7c,a4,7c,b3,7b,9f,cb,0f,97,f0,31,8c,7a,f3,23,5f,4a,7f,00,85,5d,73,b7,bd,cb,\
6b,14,cd,4f,b4,ae,2f,1b,8d,b5,29,9e,9a,ec,5f,53,16,bf,c0,95,e6,19,99,d3,cf,\
a6,3c,9f,fc,13,a4,e8,34,60,65,c9,9a,0f,fe,2c,8e,dd,68,de,2a,10,f6,e5,e4,1b,\
d3,ab,7a,2d,c6,06,09,70,b5,c3,c9,10,19,8c,b2,c3,b2,5e,ef,d9,a6,20,88,f1,63,\
54,aa,83,91,53,00,7c,1a,19,88,e3,3f,db,d1,c0,21,15,59,12,44,d4,55,71,2a,4e,\
a2,57,cd,47,32,ec,67,1c,9d,b5,67,46,de,20,a9,98,d9,3c,d9,6f,7e,5a,dd,8c,94,\
73,3d,9f,a7,4d,d9,0d,45,94,47,8a,e4,08,18,d4,c7,5e,43,b6,ac,2e,ee,c8,b9,2c,\
9e,e5,35,e0,3e,c2,23,9f,11,99,18,5e,dc,b5,46,b2,c2,ae,d1,ca,b4,3b,de,b2,98,\
b1,da,22,78,b5,58,57,33,db,b6,96,dc,b3,09,4b,36,fa,a7,b3,b7,1a,2e,9e,ec,ff,\
3d,1e,a0,d3,4a,4c,4d,2c,04,ba,b2,1e,a5,1b,c0,9e,77,ba,10,48,5e,0d,49,8f,f4,\
ef,32,88,6e,6c,61,e4,07,68,00,19,9b,83,a4,42,c5,5a,7a,bc,44,95,00,99,e5,0d,\
96,bd,b3,7b,2c,65,2c,a7,ad,f8,da,8d,c8,22,5c,1f,ec,ee,b7,2c,4b,b8,61,0c,18,\
1f,53,0d,6b,3a,a7,c5,a3,55,4e,a8,25,07,93,9c,62,d2,28,5c,fc,66,46,68,0c,53,\
48,52,9b,c9,46,15,16,5f,9c,aa,4f,54,b5,4a,23,35,8b,90,0e,cc,4b,be,a9,8a,f6,\
e6,28,52,ed,24,dc,82,dc,8c,9f,b7,f3,dd,1e,ed,c0,ed,9d,03,65,03,3b,69,96,90,\
f4,f2,0c,f0,9a,82,4e,d7,19,ba,f6,91,7e,66,91,4f,3d,b1,d2,d2,bb,ef,0e,9c,01,\
69,9c,d2,65,4b,24,92,74,aa,55,51,c8,ab,4d,14,fd,3c,95,e7,97,10,93,da,56,ed,\
89,33,1a,a0,91,af,9a,37,8a,69,35,d4,6f,28,c6,14,e5,3c,97,ca,90,0a,a8,0f,46,\
16,71,c3,98,a8,d7,62,80,2c,96,5b,6c,8e,52,2c,3f,d7,79,2b,fc,bc,77,73,2e,72,\
de,77,66,0c,33,42,0b,39,8b,bf,57,30,11,18,a5,60,a3,6a,ee,24,e8,b5,b1,37,19,\
3d,2c,99,4c,80,d9,97,54,66,49,d3,88,74,8a,ec,c4,22,6f,8d,12,5d,22,e1,07,0d,\
28,e4,01,83,25,8e,61,e9,54,29,20,d6,a0,ce,f3,3f,9f,21,40,be,31,a3,ae,53,b2,\
fc,25,d4,8e,5b,8e,c4,9b,43,15,c7,ab,d0,89,42,08,5b,8b,59,fe,1f,c1,f9,b4,ae,\
9a,94,25,b2,4a,19,24,b4,44,4d,d9,a7,a4,08,d5,e9,5e,70,29,1b,09,07,cb,04,b1,\
0a,21,ee,2c,1d,74,9a,a8,21,84,0f,d0,1a,65,c8,b3,73,dd,1e,27,4e,1f,0d,a9,e8,\
3d,90,47,21,83,f7,df,03,9f,73,97,64,6d,46,ed,05,2e,93,e6,6a,26,ab,66,42,4f,\
a2,35,0e,eb,74,d3,66,69,12,69,32,62,27,cb,55,1e,93,e4,4a,6c,b6,c4,0d,af,b8,\
bd,2c,f0,a0,d3,a5,5b,6b,c2,9d,2f,b4,0c,16,47,12,36,ce,c8,41,ae,f4,1c,90,71,\
db,63,3b,ea,64,ee,9d,ab,0f,33,cf,43,91,ad,37,39,ff,78,5b,ba,67,e5,5c,ed,74,\
89,78,e6,a4,3b,40,20,95,0b,28,4b,54,cb,ab,49,38,0d,9c,a4,5d,02,81,fd,8b,d0,\
70,fe,f9,1e,0e,d9,72,d8,69,15,88,85,94,28,bc,71,5d,f8,e7,72,fc,66,37,07,f2,\
c4,ea,50,0e,0e,72,0b,51,1a,9f,0e,31,19,95,2e,c1,d2,b9,6a,97,c1,84,35,17,34,\
43,d5,77,4d,48,e2,e2,75,85,73,3e,7c,f2,b0,30,1b,98,1a,5b,d0,a2,e2,96,71,77,\
33,e2,ed,80,10,06,97,5b,99,e4,13,27,05,be,25,84,88,2e,d1,d1,d3,29,82,ea,af,\
70,0b,55,c4,aa,34,cf,84,0e,e2,e0,53,ce,e4,fe,ea,04,e2,f2,bc,65,4b,40,73,57,\
19,32,47,f5,8b,b9,c4,2a,39,f1,bf,d1,48,a5,8d,44,b9,03,b8,b8,27,cd,86,d2,6a,\
f3,ee,4a,c0,e6,5b,b9,41,51,7f,f8,db,7e,69,43,3c,27,46,78,2c,60,07,e0,d2,d0,\
9f,68,f3,d5,a0,58,bd,35,7f,76,75,49,5b,c6,b0,03,cf,22,4a,e7,a9,86,15,6e,af,\
c0,84,5b,da,e2,29,75,84,32,3a,48,23,d6,98,c4,b9,64,cb,a1,2a,15,1f,8c,20,4f,\
98,dd,01,f3,f1,bd,ab,70,7a,f7,b7,98,39,3f,6a,02,9d,d6,99,99,19,f9,21,04,28,\
52,6e,7c,cf,48,28,9c,79,e6,53,64,97,cc,a0,7d,10,91,04,79,4b,65,97,84,93,18,\
0b,5e,26,47,0b,9c,ec,74,02,a1,8a,1c,8b,70,61,14,a5,65,66,3c,38,6c,0a,28,b4,\
09,c9,22,71,d1,fd,33,30,06,95,b8,83,21,09,71,58,8c,ed,8d,4c,b2,53,32,9d,53,\
8e,35,34,74,37,7f,23,92,5e,ef,99,1d,17,b6,c9,1e,75,1a,d6,4b,7c,d3,bc,7b,4e,\
58,6f,ae,35,a6,5a,79,b4,fa,dc,2c,cb,1e,93,10,9c,6f,24,85,e2,1e,bd,16,4b,86,\
7e,30,c5,2f,3b,52,27,9c,32,30,6c,35,c3,0c,12,93,4c,88,ec,ea,7b,3c,22,ca,cc,\
64,54,8a,cf,39,47,e3,61,8d,ae,c2,21,1d,33,e6,23,6d,5b,df,c7,8a,8d,6a,48,04,\
2a,41,ac,8e,9f,6f,ef,ae,ef,46,e6,9c,48,c6,c1,e4,7c,75,4f,65,2d,b8,c9,02,df,\
61,05,e8,61,b3,96,14,5d,12,c5,94,df,67,09,60,2e,cd,c1,94,e5,b6,6a,92,02,5d,\
14,98,eb,64,e5,e3,06,bc,8c,0b,86,ec,00,16,5d,5d,6e,05,cc,ff,6e,6f,7b,7f,83,\
44,bb,2b,c4,8a,6f,05,10,0f,31,e1,df,cc,9f,d9,96,d6,64,a4,56,61,0e,4e,d3,06,\
9a,da,5d,61,ac,fb,cd,73,a7,97,fd,d2,8f,c0,24,ea,5b,77,73,29,46,46,08,bb,22,\
4c,8e,cd,59,b9,35,5a,a2,cd,a2,4e,7d,de,82,64,72,fd,b7,a6,99,5e,21,f0,61,2a,\
b0,e8,42,b7,19,4c,9d,0c,a5,0b,1a,27,04,e2,dd,ba,b1,af,d9,d9,d0,bf,01,17,80,\
2c,37,dc,ee,7e,3a,6b,5a,22,0a,45,d2,10,d5,c3,b2,89,2d,aa,36,b9,fb,58,ce,51,\
a3,8d,e9,d1,01,f2,1b,22,3c,76,af,49,05,9c,8a,0a,8e,2b,93,ce,49,e0,ed,57,91,\
97,f6,fe,83,2f,75,b4,fe,d6,14,56,1a,b7,0d,e2,1a,21,53,1f,59,be,a9,a6,7e,9d,\
fb,e6,34,5a,ea,86,4f,47,eb,47,8f,82,f6,bf,e4,94,e9,5c,bc,0e,cb,ca,d9,ce,41,\
37,07,03,f4,6f,04,d7,6f,5c,85,81,36,88,65,ee,1e,9a,f0,23,19,4b,eb,6e,5a,ed,\
8f,9b,c2,85,3f,b3,c1,29,58,cd,c9,34,41,f0,02,8f,f7,88,fc,8f,65,6c,3b,8f,60,\
1c,bf,0b,ef,75,e7,54,0a,99,1b,01,ca,a2,bf,5f,6e,f6,14,14,cb,1e,03,25,ee,61,\
36,11,14,e9,a7,bc,ff,67,fc,84,92,c0,6e,48,f4,53,5a,25,ae,e4,82,d4,ce,ec,7c,\
81,aa,26,b3,68,c5,dd,a2,d5,d2,02,6d,7c,40,d3,b7,c0,40,97,d9,f9,ee,d2,2b,82,\
fd,b6,2f,8f,d3,e8,b1,84,93,2d,e9,6d,55,73,54,63,09,d5,0a,cd,f6,d9,19,b8,d3,\
84,2d,ea,90,7c,74,5c,14,01,a4,e9,5c,0c,fa,0a,33,1c,7e,fe,e1,0e,97,2c,f3,20,\
10,f6,9c,de,0b,36,2f,8e,1b,28,75,8b,47,62,9d,cd,2b,52,e3,ac,2a,be,c8,47,56,\
92,c7,78,3d,32,1d,8c,40,bc,f5,02,c3,57,26,e2,b1,a5,19,55,e8,44,82,d7,09,be,\
57,48,bd,22,9e,e7,dc,eb,31,e2,41,13,c6,2d,4a,2f,c0,32,06,80,49,2c,b3,be,34,\
82,48,40,61,40,55,ef,ab,f7,c4,fa,e8,df,d0,ab,0c,ba,fc,f1,de,86,fe,ab,f9,1a,\
f0,20,66,84,5b,f7,94,92,42,b1,0b,89,00,e1,e3,6b,a8,bd,49,54,f4,70,57,4e,54,\
c3,cc,f9,4c,c3,c4,e9,b4,c3,bc
"??"=hex:bb,40,94,9c,6a,80,2e,00,eb,37,9f,34,fd,35,40,bb
[HKEY_USERS\S-1-5-21-1659004503-1757981266-725345543-1003\Software\SecuROM\License information*NULL*]
"datasecu"=hex:1c,1b,96,36,82,0c,8b,5a,8b,ae,d2,b5,af,c9,0b,34,05,61,70,cf,83,\
5e,6a,df,85,ad,ee,ad,5e,f3,60,2a,e9,d4,7e,22,b8,14,2f,b2,96,c9,6c,4f,1a,8a,\
3a,8a,4e,b1,68,fb,c7,60,da,e6,88,74,db,f3,40,02,a0,f2,20,60,bf,f5,ff,46,8b,\
42,4d,21,db,1d,66,e5,b0,a3,50,7e,69,ca,fa,cb,eb,9f,23,43,53,2e,8e,55,06,6f,\
95,e1,05,d4,f2,54,e0,bc,5a,31,c4,21,86,38,49,c9,8e,de,2f,01,80,ec,57,7d,b2,\
1d,9f,ab,74,3c,25,fd,78,8b,2f,f7,01,fc,a4,74,8c,a0,7a,c8,fb,89,ab,4c,a9,29,\
c2,61,fa,ee,1a,08,7b,81,c5,6b,61,04,3a,bb,54,3b,ab,11,17,e8,bc,10,a1,e8,1e,\
0b,64,25,ff,6e,0d,53,cc,86,e6,34,f4,ff,6a,f1,c2,9e,a5,2c,7c,6e,5a,44,56,3f,\
f6,01,6b,f4,a7,14,3b,0a,85,99,92,a5,84,fd,94,db,29,98,36,5b,44,12,44,c9,d8,\
4e,de,ea,b8,93,b7,f2,78,ca,5b,1e,82,b7,ce,24,0a,b9,04,87,d1,b8,26,dc,9d,68,\
8c,f6,87,e7,32,ec,22,c7,6a,07,f2,5e,7b,a3,95,8c,a9,67,58,68,f4,a6,ef,2c,ec,\
b8,c5,f8,aa,4a,fe,19,97,30,ab,d7,49,5c,e5,c2,69,7e,f3,4c,44,f2,9c,8b,49,c1,\
16,2b,6f,bf,54,f4,6a,1f,01,72,b8,97,60,af,c3,b8,c9,9a,eb,02,4c,39,9c,b8,ef,\
c5,94,f3,9d,8a,6d,fa,45,c9,cb,bd,dd,9d,58,89,67,56,11,ec,db,ad,01,67,04,9e,\
3e,d1,f6,5f,af,b7,66,eb,17,8d,f2,ba,e8,e6,ea,86,5d,94,fd,4d,82,b7,f7,35,da,\
7c,2b,32,14,8d,c0,1b,2b,ff,a6,b4,08,d6,a0,1b,90,37,be,db,2c,06,5b,95,1c,1e,\
b6,48,b8,82,0d,91,8d,ab,46,97,44,b6,64,67,b2,62,4c,70,9d,88,c7,21,4a,6e,02,\
c4,17,86,35,28,da,73,91,c7,17,45,fc,4e,78,04,34,6f,1d,93,45,06,6f,3f,64,44,\
d6,94,a4,56,9f,85,0a,6d,10,da,e6,ff,2f,b8,dd,37,3d,46,e4,ef,07,6a,ea,3c,da,\
9d,de,2a,85,f6,a2,45,4e,ef,0e,24,6b,f8,48,84,8f,af,93,69,c3,c5,5e,a2,06,ba,\
2f,37,36,00,b0,4b,22,24,e4,1b,cd,21,42,29,cc,a8,d9,ac,d8,fd,de,1e,38,93,fb,\
e1,ce,40,be,19,81,15,53,32,16,8a,f7,0f,14,53,9e,0c,fc,d5,99,fe,df,b5,be,60,\
cb,37,a8,a7,fa,8d,e9,99,37,32,ba,2e,bc,15,2b,4a,4b,59,b2,e4,bb,3d,d7,46,8a,\
2f,7e,c6,1a,88,a0,98,d8,a6,5c,57,d3,17,6d,32,db,84,5c,c1,2f,55,31,22,1c,99,\
f5,ad,d7,f3,3e,7a,d7,01,aa,f5,a5,78,3d,e2,c2,fd,fb,2d,93,b8,bc,e7,40,30,69,\
07,5f,d7,1f,d6,d5,7b,3c,9c,d3,ff,96,cf,0d,7c,b5,20,a7,2f,47,0c,65,57,12,15,\
02,ed,3a,ab,07,66,99,f1,a1,46,fb,e4,fc,26,19,af,5a,a2,34,99,3b,29,76,74,f8,\
68,ba,75,43,33,af,b1,52,00,1a,24,30,70,f6,31,0f,ea,aa,82,3f,b0,74,f3,a4,8b,\
18,65,cc,8f,ec,88,04,83,03,f5,46,4f,47,22,f5,2f,a5,be,65,af,f2,5c,4c,6a,40,\
d5,8b,49,79,fb,4a,09,4c,1b,75,53,76,93,2e,cb,8d,ca,9b,5f,f4,08,29,47,22,fe,\
a1,7e,34,43,8a,8b,34,05,3e,95,dd,78,66,0b,6d,ca,ec,c2,6a,a8,81,d1,2a,1b,75,\
ff,7d,10,98,b6,c8,a9,56,13,1b,37,ad,61,82,13,f7,4e,2d,3b,2e,19,e2,35,3e,25,\
fc,6f,d5,b1,8d,ef,21,0a,db,75,c0,b4,87,2a,24,f5,9c,eb,35,40,58,69,fe,9f,50,\
23,e1,d3,ae,ca,7e,c1,17,a2,c2,f7,e5,28,aa,b2,2b,02,58,2b,d3,59,e1,0b,76,3f,\
94,d3,7f,ab,a6,a1,93,50,3f,00,1e,c1,94,0c,0d,79,d7,5e,c8,0f,a3,89,67,14,2c,\
b2,2b,36,f9,b6,1c,fb,e6,f7,84,85,76,e1,c4,2b,56,5a,95,4a,37,24,54,db,4c,03,\
ca,39,24,13,45,37,d9,e6,b0,c7,f3,dd,80,ae,7d,4d,fa,9d,20,68,22,80,88,94,a4,\
a0,7c,e5,23,b2,99,3f,07,cb,f1,48,b6,83,be,b4,75,69,f1,59,4b,af,cc,54,6e,e5,\
9a,b3,71,f8,1b,31,60,9f,42,74,97,dc,5e,e8,d2,fa,9d,59,bd,0e,15,2a,bf,a8,34,\
bf,3a,96,f8,80,9e,75,4c,98,02,09,a1,70,12,1f,e1,3e,4b,85,c5,cc,75,7d,02,f7,\
58,57,7c,b0,4b,6a,52,64,af,ed,90,fd,e3,b0,b6,cb,26,60,7a,21,b5,cf,3a,25,1c,\
ef,26,5f,7c,96,cb,ab,49,cc,1a,d3,38,d7,d6,80,40,bb,e3,79,f2,63,1f,a2,6c,ea,\
d7,6a,74,7e,96,f6,6b,af,03,de,68,8c,39,04,05,c7,9f,43,f3,f1,89,76,30,da,b0,\
50,5b,a1,f7,ab,b5,f0,1d,8c,b2,3f,43,8f,f5,d7,3a,81,a2,02,20,5b,22,3c,8b,97,\
33,d9,af,8f,85,41,e8,62,14,3c,8f,40,2b,64,3e,b4,f6,bc,78,a0,fc,65,8c,99,4a,\
81,6e,1e,0b,5e,a8,52,1a,5b,de,56,4a,60,cf,4d,2c,b3,d0,6d,f4,4f,69,46,27,45,\
3c,27,3d,c4,53,73,63,75,90,6f,3e,00,ab,c4,e3,6c,a5,a2,1f,04,89,db,77,fd,d9,\
02,3c,4f,4c,2f,99,52,84,24,ea,3b,e9,d1,7a,91,0a,80,f6,e3,5d,5d,c7,ab,06,1e,\
2e,43,6b,60,36,fe,1b,f5,44,2e,ca,ac,75,bc,14,23,63,1c,86,69,80,cc,ee,08,2b,\
ae,a2,9e,a5,22,bb,41,95,ab,cb,33,5f,82,04,f4,bb,28,8d,5f,e4,ea,79,65,d8,76,\
6d,45,2f,ab,28,fb,22,c4,92,ab,c9,4f,eb,5a,17,8c,6c,35,4b,49,c4,05,43,52,c4,\
57,16,af,a3,92,76,d5,db,be,51,55,f0,b8,a1,bb,bc,5c,cd,4c,b6,04,c7,67,10,a0,\
e8,25,8c,08,56,42,e7,bb,dc,4d,15,7e,38,85,71,31,69,ff,df,cf,6d,cc,2f,48,aa,\
c4,e3,c4,00,5c,7f,e8,1b,02,fc,0d,0a,3d,3d,d0,0d,6f,fb,0e,5b,21,39,e6,21,68,\
7f,6b,47,59,ff,4c,cf,28,bb,26,a4,a8,58,2b,11,79,16,94,43,1c,86,08,62,6e,a4,\
85,dd,62,96,23,7c,09,25,c8,ed,6a,f2,19,8b,e0,f6,f1,2a,f9,da,69,ca,ab,04,d3,\
c9,fe,a4,14,80,af,3f,d2,c5,47,02,27,fc,ea,32,c5,6d,30,76,1b,a1,9f,be,bf,7d,\
01,26,45,26,d1,16,f8,d7,4c,74,0e,6c,17,92,80,cd,a7,42,9b,ea,ff,7a,4f,0b,32,\
98,4d,7f,dd,f0,26,7c,3e,94,1b,e6,b9,37,b0,90,f4,15,ed,ae,3d,51,c2,b3,ee,1d,\
34,45,41,cb,f8,66,82,fa,14,59,b8,c3,7b,7c,9d,6a,13,c4,2b,ac,0d,44,9f,ae,98,\
cb,04,78,48,06,9c,2a,08,a1,8c,61,c0,47,ba,8c,76,b3,48,b2,61,67,bd,ec,f2,61,\
75,de,aa,a8,34,fc,06,7a,dc,d1,27,f7,bf,07,37,1d,0e,79,a6,91,3b,e8,c5,93,21,\
20,81,8e,6a,ec,5d,55,55,04,7c,f0,89,b8,98,29,87,88,57,92,f4,fc,2d,76,c0,e3,\
9e,c6,74,66,b7,3d,d0,9c,46,1a,e6,e9,8d,eb,84,7c,0a,bf,6e,ec,eb,7d,c5,49,eb,\
c7,26,7a,c1,96,68,c6,af,2f,ec,86,76,32,e6,fd,a8,c9,9c,6b,a2,3a,cd,08,4b,4f,\
63,75,c8,80,8a,7c,ef,ea,ad,1f,9c,29,2c,49,79,b6,da,d9,af,e5,b8,bd,a2,74,7e,\
7d,78,d5,82,80,ea,29,a4,a3,61,4a,1a,da,22,c1,ef,0b,3b,6d,82,db,44,ff,86,60,\
27,80,5a,e9,a4,a1,99,d2,ed,87,f6,7c,ee,52,83,71,9e,b4,76,13,47,fc,f6,55,1c,\
ea,0e,10,35,0a,45,8e,4d,3d,88,5e,3d,6e,ed,66,ab,fe,95,77,3a,fe,5b,37,24,d2,\
81,34,cc,a7,d8,39,90,87,4e,33,97,40,75,06,93,7d,25,78,01,34,e6,c9,20,b1,79,\
39,3f,14,8c,33,2b,4d,1c,57,37,06,5c,99,39,47,ad,ab,86,c9,60,d7,65,fe,fe,29,\
9e,fb,91,b4,ac,eb,ba,0e,2e,ac,b5,9e,f2,bc,1b,a2,65,2a,69,5e,8d,42,47,35,0c,\
68,25,74,38,84,0a,fe,52,c5,7a,c8,94,a5,2d,14,c4,d6,22,10,c8,e5,f0,2a,e9,94,\
3d,95,a4,7b,77,01,f7,5f,74,6d,43,41,51,46,c7,22,11,89,4a,ac,dd,61,fc,87,26,\
bb,78,ca,19,bd,fb,44,d8,3c,f6,1e,37,9a,9c,66,cc,d4,b7,ad,8a,53,2f,75,f0,93,\
36,aa,bd,95,61,70,da,5a,51,64,19,5c,08,a0,50,71,2b,c2,ef,13,f4,4f,4e,4e,4c,\
18,c1,15,a3,13,fd,91,21,e3,c0,27,7b,55,b4,80,33,f8,c9,16,85,be,2d,b2,14,a3,\
5b,c4,d9,29,ef,e4,3d,9e,f2,7e,ca,12,8e,04,e1,e0,3d,31,71,ea,86,52,74,39,a6,\
08,9d,9f,c5,85,52,cf,53,91,24,3d,68,49,fb,93,12,52,f4,b7,45,6f,5d,d2,3c,c6,\
5a,a4,bf,95,47,b4,b0,a0,49,09,6d,a9,e2,71,66,d9,2b,8f,40,29,65,ad,86,5c,89,\
a1,35,d3,09,72,ca,98,e5,b1,99,f8,7f,20,0b,90,7b,7e,fa,2a,a2,12,bd,51,bd,a4,\
e7,6f,f9,94,be,c7,9b,b7,7f,ff,e6,a4,a3,04,90,47,a4,be,2c,64,52,7a,e7,ce,90,\
75,9a,61,e6,94,8e,90,f0,14,47,f4,10,98,5b,9a,10,3f,a5,dd,98,f9,7d,01,5e,62,\
72,86,6b,78,19,d1,6c,95,e6,91,e9,fd,ea,9d,93,99,d3,cd,cf,ce,93,3d,3e,d3,4a,\
f1,ed,8b,2e,9a,f3,ac,cc,27,d9,64,6e,66,16,76,13,bc,de,00,cf,9e,bd,50,1e,bb,\
31,cc,ec,26,32,c7,c5,60,b3,2d,95,ea,38,f0,b8,61,da,86,14,e4,36,b7,01,be,98,\
34,02,ca,53,a3,3f,6e,7b,ed,45,01,78,28,01,04,99,46,1a,98,95,51,ed,05,2a,ba,\
46,a0,34,10,9b,d5,4c,c4,9b,c6,9e,4e,06,d7,9d,91,cc,bf,74,22,80,6c,03,0a,14,\
c0,2f,bc,f3,20,3b,41,25,e7,d7,63,3f,e2,94,44,dd,cf,c0,46,a9,74,df,5f,fb,1b,\
ae,83,73,0b,9a,9b,ee,5f,a0,d4,3e,1f,e5,9f,39,be,5d,29,d7,1c,c7,bf,fe,d3,c1,\
e4,dd,e5,fb,a3,47,62,3f,b2,44,54,16,3f,02,3c,ee,cb,5a,89,e2,f9,73,3b,96,b8,\
a3,8c,89,2f,da,81,a4,fc,1c,9e,2a,6b,53,d0,f3,3f,a2,9a,70,9d,69,5c,11,dd,3c,\
6e,6d,de,84,27,b1,bc,78,85,06,13,c6,92,b8,74,0e,9c,e3,7e,53,4d,fa,6d,03,89,\
fd,b0,04,cf,9f,e9,e8,57,55,df,8e,d0,c6,6d,68,67,e4,79,1e,15,e1,a1,fd,2a,67,\
68,9c,a0,6b,d1,63,ec,f5,68,e3,06,52,4d,b7,bc,5a,f7,2a,ef,ea,53,83,3a,60,4d,\
13,ff,f7,1c,fd,ba,f7,ca,6d,44,34,01,7f,a1,a5,83,55,c5,f7,f7,47,17,83,c3,d6,\
fa,c8,f4,d4,c4,83,7a,16,f7,79,c1,09,e7,bb,51,d4,48,5b,78,bd,37,1f,fd,a9,89,\
f4,a9,7c,3d,01,a4,86,c2,59,02,43,05,cb,03,a0,b5,da,51,99,0b,07,87,ca,44,3e,\
fa,77,8c,ad,50,9b,a4,ab,31,bb,7a,a7,6a,ca,c2,39,80,f0,ac,39,cb,60,ba,6d,3c,\
84,44,9f,2d,c6,4d,b8,c7,ca,2a,a4,ab,c4,9f,65,6c,4f,b3,5c,e8,67,f2,d3,69,22,\
58,58,69,57,a8,16,ab,f6,07,6d,f1,80,4a,a9,4b,9e,63,4d,8d,9d,25,62,dc,de,40,\
b2,e2,04,28,71,8e,22,04,dc,90,a8,69,27,7a,77,32,fa,35,92,3e,0e,d0,1c,fa,ed,\
31,2d,c3,31,05,7b,d0,58,e8,ad,60,bb,aa,c2,de,59,1a,91,b6,97,65,31,e9,c2,cc,\
30,68,3d,1a,00,09,fe,bb,a5,c9,f9,45,32,dd,14,2f,93,e6,71,25,8a,8b,cf,60,8a,\
4e,66,4a,34,66,71,32,d7,7c,7d,b8,33,38,9d,0a,65,ba,0c,f5,5a,e5,15,29,e4,fd,\
ee,62,4c,46,93,19,79,97,79,fb,11,c8,55,1c,16,fe,fb,d4,28,e0,6f,d3,b1,7e,99,\
b8,17,7c,4b,d1,fa,fc,dc,ae,a1,73,80,8b,85,fb,b1,3a,db,71,fe,97,c3,03,db,13,\
dc,93,04,c3,8e,45,84,4c,7b,44,35,04,d9,8c,12,4f,a9,fb,6d,9e,d6,27,89,6a,0c,\
c8,94,df,cc,da,e1,e7,e1,0d,4a,21,f0,3b,e1,24,c9,75,d0,f9,f7,26,fc,e6,e5,89,\
86,0d,43,ce,28,54,e8,d6,93,04,43,14,11,d5,d4,a0,f0,0b,c5,61,06,04,43,b7,7e,\
c2,1a,27,27,87,e0,4c,8a,9b,99,cd,7c,e3,b9,11,70,a0,c8,1f,25,05,bf,67,13,fe,\
79,7d,42,33,d7,b5,cb,f9,16,4f,6d,c6,6a,15,e8,82,ad,4f,07,9c,85,7f,03,1c,57,\
b8,d8,8d,d1,66,6d,3e,77,3b,3e,ee,4c,61,ea,f5,45,9e,89,74,d2,e1,16,06,3d,38,\
69,c7,da,75,cd,24,2f,d3,68,18,61,a3,5d,63,ad,69,10,4d,71,82,d8,05,79,d3,09,\
07,ef,15,1b,67,b7,d5,5b,89,62,ec,9e,87,f6,22,59,30,90,f2,fe,e7,e1,b4,57,79,\
89,ea,3c,55,f9,b7,c8,dd,b4,5c,3d,c6,3b,b1,35,dd,70,1d,bd,19,9b,92,29,70,7c,\
40,e6,82,3f,36,60,5d,c8,9c,83,b6,ca,d0,5a,50,24,77,2c,79,4e,f0,2a,f2,57,85,\
e6,f1,bf,e2,2e,4b,dc,3e,5e,44,c8,f6,cd,4e,d7,79,b9,7e,af,84,7c,39,8a,f8,6b,\
15,4c,52,37,ef,18,3d,d3,c9,8c,bf,4d,e7,e3,b9,0b,a0,39,96,05,fe,8b,80,5b,f4,\
46,50,1c,2a,d5,b4,73,96,8e,3a,f9,e0,fe,3b,53,f1,45,7a,0b,3b,c9,e6,1c,78,1f,\
93,ba,05,f4,ca,89,67,24,8e,c4,a5,72,97,26,77,21,9f,3e,8f
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-01-02 14:52:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-02 19:52:36
ComboFix2.txt 2009-01-02 19:20:01
ComboFix3.txt 2009-01-02 18:53:24
Pre-Run: 14,022,254,592 bytes free
Post-Run: 14,007,955,456 bytes free
660 --- E O F --- 2008-12-19 03:42:30
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:49 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\bladehappy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump
s_startup
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b4bd0312e54140748f27610d61498a2d
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b4bd0312e54140748f27610d61498a2d
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) -
http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlJAtuUM - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11560 bytes
