Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Seneka Trojan


  • Please log in to reply
5 replies to this topic

#1 Zaraph

Zaraph

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 07 January 2009 - 04:29 PM

Hello! I had a rather large vundo infection several days ago, and after removing all the Trojans I still have a seneka trojan left. I have tried to use Malwarebytes to remove it, but every time it is 'removed', when I restart my computer it reappears. The main file that keeps reappearing is C:\WINDOWS\system32\senekalog.dat, and occasionally seneka.dat and senekadf.dat appear as well. I have looked this trojan up on the internet, but there seems to be little to no information on it. A few days after my initial infection a few more trojans were downloaded onto my system, which I then removed (except for the seneka one). I am unsure if the seneka is causing this, or if it is another malicious programme I cannot find. The only other effect I have noticed so far is the fact that I am occasionally redirected to an advertisement (usually from Shopica.com) when I am using Google.

Thanks for any and all help.



DDS (Ver_09-01-07.01) - NTFSx86
Run by Zaraph at 15:18:38.40 on Wed 01/07/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1445 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Documents and Settings\Zaraph\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [EA Core] c:\program files\electronic arts\eadm\Core.exe -silent
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\zaraph\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: avgrsstx.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\kHAstSIB

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zaraph\applic~1\mozilla\firefox\profiles\oeqz9qvk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - HiddenExtension: XUL Cache: {AB234247-C573-4CCE-B5F0-8AE56F76863F} - c:\documents and settings\administrator\local settings\application data\{ab234247-c573-4cce-b5f0-8ae56f76863f}\
FF - HiddenExtension: XUL Cache: {78DE670F-FE5F-412E-AAD1-D25B58829AAA} - c:\windows\system32\config\systemprofile\local settings\application data\{78de670f-fe5f-412e-aad1-d25b58829aaa}\

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-6 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-6 26824]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2007-10-16 31784]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
R3 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2007-10-16 144704]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-4-1 72680]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-4-1 33960]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-4-1 171272]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-6 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-6 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-6 76040]
R4 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-4-1 104000]
R4 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2007-10-16 54608]
S0 jlIiyzo;jlIiyzo;c:\windows\system32\drivers\krpxd.sys --> c:\windows\system32\drivers\krpxd.sys [?]
S0 ppcispkq;ppcispkq;c:\windows\system32\drivers\iqdlqww.sys --> c:\windows\system32\drivers\iqdlqww.sys [?]
S3 AntexWAV;Antex Digital Audio Driver;c:\windows\system32\drivers\AntexWAV.sys [2008-4-2 231104]
S3 iMSPCLOj;iMSPCLOj;c:\docume~1\zaraph\locals~1\temp\iMSPCLOj.sys [2006-3-11 15872]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva197;XDva197;\??\c:\windows\system32\xdva197.sys --> c:\windows\system32\XDva197.sys [?]

=============== Created Last 30 ================

2009-01-07 13:24 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-01-07 13:24 73,216 a------- c:\windows\system32\ffkuz.dll
2009-01-06 14:17 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-06 13:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-06 13:55 76,040 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-06 13:55 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-06 13:55 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-06 13:55 <DIR> --d----- c:\program files\AVG
2009-01-06 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-06 02:26 502 a------- c:\windows\system32\win32hlp.cnf
2009-01-06 01:25 1 a------- c:\windows\system32\uniq.tll
2009-01-05 01:49 <DIR> --d----- c:\program files\FileASSASSIN
2009-01-05 01:46 <DIR> --d----- c:\program files\Trend Micro
2009-01-05 00:44 <DIR> --d----- c:\windows\pss
2009-01-05 00:41 2,792 a------- c:\windows\system32\tmp.reg
2008-12-27 15:50 <DIR> --d----- c:\program files\EA GAMES
2008-12-27 15:50 445,504 a----r-- c:\windows\system32\vp6vfw.dll
2008-12-25 17:04 <DIR> --d----- c:\windows\system32\scripting
2008-12-25 17:04 <DIR> --d----- c:\windows\l2schemas
2008-12-25 17:04 <DIR> --d----- c:\windows\system32\en
2008-12-25 17:04 <DIR> --d----- c:\windows\system32\bits
2008-12-25 17:03 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-25 17:00 <DIR> --d----- c:\windows\network diagnostic
2008-12-25 16:55 <DIR> --d----- c:\windows\EHome
2008-12-17 21:57 <DIR> --d----- c:\program files\Ventrilo
2008-12-17 21:57 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-14 11:52 <DIR> --d----- c:\program files\common files\INCA Shared
2008-12-14 11:52 4,682 a------- c:\windows\system32\npptNT2.sys
2008-12-14 11:52 5,174 a------- c:\windows\system32\nppt9x.vxd
2008-12-14 11:43 <DIR> --d----- c:\program files\Gpotato
2008-12-11 16:20 <DIR> --d----- c:\program files\common files\DirectX
2008-12-11 13:14 <DIR> --d----- C:\AeriaGames
2008-12-09 22:34 <DIR> --d----- c:\docume~1\zaraph\applic~1\Malwarebytes
2008-12-09 22:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-09 22:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 22:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 22:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-09 22:12 <DIR> --d----- C:\VundoFix Backups

==================== Find3M ====================

2009-01-06 02:25 111,616 a------- c:\windows\system32\userinit.old.exe
2008-12-25 17:06 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-12 00:57 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2008-11-29 17:58 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll

============= FINISH: 15:18:57.09 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:55 AM

Posted 07 January 2009 - 05:36 PM

Hello Zaraph and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Zaraph

Zaraph
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 07 January 2009 - 07:33 PM

Hello, and thanks for your help! Here are the two logs:


GooredFix v1.72 by jpshortstuff
Log created at 17:52 on 07/01/2009 running Option #2 (Zaraph)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{AB234247-C573-4CCE-B5F0-8AE56F76863F}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{AB234247-C573-4CCE-B5F0-8AE56F76863F}\"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Administrator\Local Settings\Application Data\{AB234247-C573-4CCE-B5F0-8AE56F76863F}\
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Failed.
->Delete on reboot... Set.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{78DE670F-FE5F-412E-AAD1-D25B58829AAA}"="C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{78DE670F-FE5F-412E-AAD1-D25B58829AAA}\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"

=====Reboot=====


ComboFix 09-01-07.01 - Zaraph 2009-01-07 18:08:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1652 [GMT -6:00]
Running from: c:\documents and settings\Zaraph\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Zaraph\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\404Fix.exe
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekawlrrqjnq.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekahbdlmyob.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekatavrymxe.dll
c:\windows\system32\senekavdhgfium.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\trxeeoux.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-07 13:24 . 2009-01-07 13:30 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-01-07 13:24 . 2009-01-07 13:24 73,216 --a------ c:\windows\system32\ffkuz.dll
2009-01-06 14:17 . 2009-01-06 14:49 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-06 13:55 . 2009-01-07 15:10 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-06 13:55 . 2009-01-06 13:55 <DIR> d-------- c:\program files\AVG
2009-01-06 13:55 . 2009-01-06 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-06 13:55 . 2009-01-06 13:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-06 13:55 . 2009-01-06 13:55 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-06 13:55 . 2009-01-06 13:55 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-06 13:13 . 2009-01-06 13:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ATI
2009-01-05 01:49 . 2009-01-05 01:49 <DIR> d-------- c:\program files\FileASSASSIN
2009-01-05 01:46 . 2009-01-05 01:46 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 01:06 . 2009-01-05 01:06 <DIR> d-------- c:\documents and settings\Test Account.SARAHCOMPY\Application Data\CiscoCAA
2009-01-05 01:06 . 2009-01-05 01:06 <DIR> d-------- c:\documents and settings\Test Account.SARAHCOMPY\Application Data\ATI
2009-01-05 01:06 . 2009-01-06 13:56 <DIR> d-------- c:\documents and settings\Test Account.SARAHCOMPY
2009-01-05 00:59 . 2009-01-05 00:59 <DIR> d-------- c:\documents and settings\Test Account
2009-01-05 00:40 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 00:23 . 2009-01-05 00:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-04 23:00 . 2009-01-05 00:40 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-04 22:57 . 2009-01-04 22:57 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-04 22:18 . 2009-01-06 13:56 <DIR> d-------- c:\documents and settings\Administrator
2008-12-27 15:50 . 2008-12-27 15:50 <DIR> d-------- c:\program files\EA GAMES
2008-12-27 15:50 . 2008-03-12 17:38 445,504 -ra------ c:\windows\system32\vp6vfw.dll
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\system32\scripting
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\system32\en
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\system32\bits
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\l2schemas
2008-12-25 17:03 . 2008-12-25 17:03 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-25 16:55 . 2008-12-25 16:55 <DIR> d-------- c:\windows\EHome
2008-12-17 21:57 . 2008-12-17 21:57 <DIR> d-------- c:\program files\Ventrilo
2008-12-17 21:57 . 2008-12-17 21:57 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-14 11:52 . 2008-12-14 11:52 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-14 11:52 . 2003-07-20 21:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-12-14 11:52 . 2005-01-04 12:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-14 11:43 . 2008-12-14 11:43 <DIR> d-------- c:\program files\Gpotato
2008-12-11 16:20 . 2008-12-11 16:20 <DIR> d-------- c:\program files\Common Files\DirectX
2008-12-11 13:14 . 2008-12-11 13:14 <DIR> d-------- C:\AeriaGames
2008-12-09 22:34 . 2008-12-09 22:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 22:34 . 2008-12-09 22:34 <DIR> d-------- c:\documents and settings\Zaraph\Application Data\Malwarebytes
2008-12-09 22:34 . 2008-12-09 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 22:34 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 22:34 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 22:12 . 2008-12-09 22:12 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 00:13 --------- d-----w c:\program files\Steam
2009-01-08 00:13 --------- d-----w c:\documents and settings\Zaraph\Application Data\OpenOffice.org2
2009-01-06 23:44 --------- d-----w c:\documents and settings\Zaraph\Application Data\Bioshock
2008-12-30 21:55 --------- d-----w c:\program files\Diablo II
2008-12-25 23:12 --------- d-----w c:\program files\MSN Messenger
2008-12-18 04:02 --------- d-----w c:\documents and settings\Zaraph\Application Data\Ventrilo
2008-12-18 03:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-06-13 2752512]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-06 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

c:\documents and settings\Zaraph\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-26 2048074]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave2"= AntexWAV.DLL
"Midi2"= AntexWAV.DLL
"Mixer2"= AntexWAV.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\grel69\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-06 97928]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-06 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-06 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-06 76040]
S0 jlIiyzo;jlIiyzo;c:\windows\system32\drivers\krpxd.sys --> c:\windows\system32\drivers\krpxd.sys [?]
S0 ppcispkq;ppcispkq;c:\windows\system32\drivers\iqdlqww.sys --> c:\windows\system32\drivers\iqdlqww.sys [?]
S3 AntexWAV;Antex Digital Audio Driver;c:\windows\system32\drivers\AntexWAV.sys [2008-04-02 231104]
S3 iMSPCLOj;iMSPCLOj;\??\c:\docume~1\Zaraph\LOCALS~1\Temp\iMSPCLOj.sys --> c:\docume~1\Zaraph\LOCALS~1\Temp\iMSPCLOj.sys [?]
S3 XDva190;XDva190;\??\c:\windows\system32\XDva190.sys --> c:\windows\system32\XDva190.sys [?]
S3 XDva197;XDva197;\??\c:\windows\system32\XDva197.sys --> c:\windows\system32\XDva197.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-msiexec.exe - msiconf.exe
MSConfigStartUp-Npefolininoz - c:\windows\Dxozinixigo.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Zaraph\Application Data\Mozilla\Firefox\Profiles\oeqz9qvk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 18:13:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-117609710-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:6f,4e,cc,b2,54,f8,69,6a,91,73,aa,6c,e5,b0,59,89,fa,45,05,7f,fd,22,09,\
d4,42,33,4e,3d,e9,29,47,ae,ed,40,46,0f,51,1f,0b,14,ea,25,f9,26,91,8d,61,c5,\
a6,8f,75,f0,ad,ae,93,44,1d,70,a1,a5,92,77,aa,c2,2e,f6,49,f5,c2,df,d9,58,06,\
38,d3,62,30,b4,89,5a,66,1f,f6,3f,f2,8e,9c,4b,68,28,c4,d5,5b,5b,7f,d1,f5,c4,\
38,f5,1b,30,07,7e,b0,4a,7b,93,6d,fd,7a,eb,1f,08,e1,21,a4,83,c0,5a,64,80,31,\
51,57,76,43,79,58,e3,68,ad,db,99,d9,4e,c7,94,22,af,e3,01,e8,99,cd,38,6f,c9,\
58,69,7d,e7,ba,43,e1,db,e2,2d,81,82,7c,01,8a,e0,f0,d6,b4,6f,9a,10,da,ea,d9,\
64,e5,29,0d,b9,8e,a1,c1,b2,61,de,b1,4d,ff,f2,cf,b3,96,49,45,f6,67,ce,b8,7b,\
06,ee,8f,9a,9b,ef,75,34,78,97,8c,0f,d6,c4,46,be,36,e4,7f,8f,a7,c9,a3,5c,2e,\
25,f6,2d,fd,5f,d3,56,9d,88,cb,6b,6e,85,ec,ae,de,e3,8f,53,dc,1d,cc,d4,4b,21,\
06,00,6b,cc,88,62,52,80,f5,03,33,ac,8e,c5,f0,30,a1,05,94,10,84,6c,b6,e1,2e,\
15,af,cf,50,c5,26,7b,3c,f6,20,20,54,10,92,57,ab,7a,09,89,4b,9a,cf,09,05,6d,\
eb,60,49,35,39,3b,83,28,de,fa,11,cf,24,de,a2,f2,c2,8e,6e,34,b0,e3,4c,ea,3c,\
b4,9b,9d,b3,46,12,7a,cf,93,ec,15,e2,5a,af,77,a6,e7,b8,13,22,58,c6,b5,eb,09,\
d7,13,0c,e4,4f,92,e0,41,c3,2b,bf,77,1d,97,d9,e5,a2,00,94,20,0c,b4,f9,6b,ec,\
d2,25,63,45,a3,0e,53,97,8f,27,a1,d2,f7,18,86,b2,4b,72,95,ea,75,e8,e6,88,69,\
c3,c9,64,56,11,b2,d7,5f,e4,c7,1b,e8,d9,45,fc,23,e7,81,90,8d,8b,7a,72,31,b9,\
95,85,da,62,41,4b,3a,df,ff,05,b6,a6,e5,a9,17,2e,f5,43,dd,5e,1d,73,3d,3f,af,\
2e,de,47,82,f0,ea,2e,46,73,a5,38,f0,41,4d,81,be,f8,5f,18,25,69,7b,3f,b9,d3,\
b7,07,07,06,3f,39,eb,a9,31,9d,3c,83,2d,e3,c4,2e,5f,91,94,57,15,44,37,ba,04,\
bb,46,1e,98,97,22,b3,c9,32,47,4f,cc,73,97,be,ee,f9,78,03,c9,a2,75,d9,81,06,\
fe,5c,6d,42,6c,b0,e4,59,8a,97,aa,c0,b4,3f,51,17,18,64,fb,d1,ae,fe,56,f6,ed,\
2b,61,ff,26,21,e1,45,2f,f6,a2,f5,ff,9a,13,bd,f1,06,59,91,c0,61,b7,99,f7,c9,\
f0,14,58,45,08,10,9a,f6,f7,5a,69,58,f1,28,de,df,0f,25,02,77,2e,b0,76,e5,3e,\
1b,3e,82,f8,88,3d,64,a3,e3,37,7f,31,9e,01,13,24,0e,07,86,1a,f4,5b,bb,1c,7e,\
d4,68,e0,36,ef,49,81,05,89,28,aa,b8,07,8c,39,bd,35,91,4b,6f,64,ae,7b,13,0f,\
21,32,ab,eb,2a,05,81,b2,61,c5,70,a6,1e,8f,21,5c,9d,f4,c4,28,d6,10,d1,51,5d,\
d9,b7,97,ae,10,4b,11,be,e3,e5,2e,3a,af,e1,89,0c,bd,47,16,fc,40,77,d4,b6,71,\
6f,c8,29,96,d0,a1,1f,0d,90,b3,5a,55,cb,fb,36,c2,fe,d8,e3,38,fe,a8,ff,b9,b3,\
63,18,47,73,84,35,ab,6a,8f,b0,89,21,16,3a,5c,b6,71,14,36,fb,1e,c3,44,54,de,\
59,5c,d8,77,e1,1a,0f,56,bd,cc,9c,c7,74,9d,cd,18,80,8e,c9,9c,40,3f,0c,ed,04,\
4b,b8,61,84,ae,90,06,74,c7,9a,fe,12,b1,0a,a7,46,66,96,76,ee,7d,9f,73,b8,6f,\
34,87,57,f2,bd,c0,e3,44,5b,3a,73,1a,21,7a,72,de,a0,cb,d3,de,e4,c5,96,61,ed,\
a2,e0,db,5b,d6,0d,12,5f,22,a6,fc,10,b4,e8,47,04,52,23,e9,71,69,f0,e6,41,7b,\
21,b2,37,fd,a5,6c,90,ce,e3,30,e0,e7,66,c4,0b,2e,8b,89,a1,36,9c,0f,48,55,fd,\
58,d5,00,a2,fe,6c,05,ca,be,ec,27,7b,c3,34,a7,57,57,cf,77,5e,65,3b,16,89,1d,\
8a,b2,98,f2,08,57,b9,63,77,93,d3,41,2e,5b,93,3e,22,55,37,97,68,e8,e0,95,b6,\
e9,88,2d,69,96,87,79,cf,20,c2,2c,40,01,c0,62,91,b7,38,a7,94,7f,8b,be,2d,c4,\
e5,6b,54,8a,c3,6d,5e,c5,89,fd,e6,fd,16,52,02,c3,01,1e,87,22,f8,49,0e,3e,32,\
1f,32,ba,2e,d2,1d,80,52,c0,fd,46,57,6f,47,34,4d,80,4c,f1,1a,ca,76,35,54,d6,\
2e,ef,29,49,49,52,01,4e,dd,87,f8,4c,ca,a1,f6,91,80,dd,17,b4,75,b3,e8,b9,ff,\
ac,21,2c,7c,4e,50,0f,5b,58,b9,f1,33,85,6f,a2,46,d4,1a,1a,cf,ec,2d,3f,b2,3f,\
43,17,b6,11,75,dc,52,fd,8e,9b,5f,ef,c6,8b,af,64,1f,38,fe,83,14,96,c0,91,b3,\
01,df,2a,4d,1a,94,46,c0,85,96,3c,bd,e2,ae,3c,3f,83,fa,d5,8b,2b,5d,70,fb,b1,\
ec,34,99,1f,b3,ba,8f,c3,03,26,bb,08,11,91,73,b9,4f,af,a6,d4,68,ca,13,e0,ac,\
64,69,9b,9d,c0,be,f6,1f,58,e9,70,e4,dd,af,6f,2e,ee,55,e3,c7,f2,d4,d6,91,5d,\
a3,d3,01,4f,78,3f,ba,57,21,75,d8,23,ef,5b,b0,f7,3d,72,f3,fc,ba,4f,90,40,c8,\
dc,12,9b,43,f8,7f,a3,e5,a2,8e,1c,34,33,c4,3c,54,02,d1,4e,7d,c2,65,ef,bc,17,\
8a,52,48,97,9c,da,e2,94,4c,3f,37,42,ab,78,45,2a,d8,00,45,b5,f9,b0,22,d2,7b,\
a0,89,c4,3f,2b,8f,55,75,e2,59,c3,17,2c,b0,bc,db,a5,30,b8,b4,2e,93,b7,26,19,\
e2,b7,38,0f,12,42,1a,13,b4,09,1c,4d,16,6f,c1,db,dc,d6,e0,d7,d7,5f,3c,ef,13,\
cb,f9,77,ca,78,fd,8b,50,b9,1d,d1,66,d7,61,79,49,70,1f,15,c3,50,7e,e8,4d,e0,\
89,44,14,3c,13,f5,3e,48,cc,62,b8,b3,f3,c6,5e,35,49,f3,87,d8,b1,4e,9e,15,59,\
7f,49,e6,c5,83,c4,f9,b3,f6,dd,19,37,f0,fe,8a,06,78,99,4f,cf,db,d9,bd,8a,31,\
c9,40,6a,b6,dc,a9,fe,cd,53,70,6d,36,4c,1a,4e,b7,03,f3,85,c5,07,e1,bb,82,8e,\
96,a6,4d,c3,79,14,66,38,50,21,ad,18,48,c3,23,36,f7,d7,25,92,76,a4,5b,5f,8a,\
33,3b,e3,cb,7b,03,e4,fa,71,4a,af,d5,32,50,d0,eb,e6,f0,b6,7c,fa,13,18,ad,92,\
f4,5a,5d,47,40,02,fe,28,d1,e7,f8,1b,52,6c,1f,6f,00,e8,32,69,21,fa,3e,01,d2,\
6c,aa,0a,6a,4f,1b,9c,28,cd,25,d4,3f,5e,7e,a6,bf,e6,06,19,d2,d8,5b,84,ef,83,\
5a,b4,b2,b8,3d,15,db,d6,e4,83,a0,cf,49,9d,31,30,17,9d,b6,73,90,7c,f6,8a,b0,\
96,34,c2,7b,68,66,4b,15,33,53,67,49,46,c2,6a,25,84,ae,4e,7f,8c,7b,7c,c5,8f,\
28,b9,bf,38,c1,95,56,02,4c,5e,44,07,c0,ec,34,bb,a4,dc,87,d6,f8,01,7e,35,a4,\
c9,7c,ac,cd,1f,a9,ad,63,c8,c6,95,6b,67,30,3d,07,9d,16,50,23,c4,3e,b9,3b,c6,\
b0,3d,ec,fa,b5,c3,bd,48,aa,a9,89,89,c5,57,b9,bb,0f,fa,92,c6,4e,a4,b9,46,aa,\
7a,52,fc,28,15,80,73,b8,c8,36,a8,eb,50,5c,a5,a0,60,0b,70,09,e8,ce,1d,c7,b4,\
80,db,70,ba,ba,ed,a9,9a,7b,95,8d,98,5c,95,ba,5f,6d,e5,66,e9,78,e2,26,7d,24,\
40,92,44,17,77,a6,72,2f,83,e9,fd,a6,98,df,83,68,59,9e,b7,3a,bc,28,dd,4e,dd,\
27,c1,70,6c,38,a3,2c,2c,1b,56,91,a2,85,cf,2f,59,1b,72,97,a8,b1,75,62,fa,11,\
c3,56,8e,a8,73,ee,cc,24,15,99,dd,9c,70,e2,3a,75,fd,63,f2,34,00,73,31,4d,e7,\
77,86,74,3a,5e,fa,8e,72,5a,41,47,0b,1d,5f,bc,69,5e,07,fa,f6,3f,3c,f6,59,17,\
2b,07,31,bf,5f,66,e2,ac,c7,ae,5d,c2,34,71,db,a9,99,4d,90,57,45,98,f3,f0,b7,\
ed,04,bf,51,0e,c3,a0,70,b8,51,d5,c0,5b,ec,41,83,ea,ef,1f,36,98,67,91,3a,72,\
5a,96,e4,0c,cc,b3,22,9f,87,d4,db,28,e1,4b,0a,dd,4e,ee,6c,47,f9,95,4d,e5,eb,\
59,c1,34,46,03,a8,f5,f3,1e,0e,74,0d,58,a6,98,20,e8,e5,05,ad,d4,06,36,5d,2c,\
99,d5,52,6c,a4,c0,38,0a,9d,fd,d0,6a,31,13,69,8a,ef,d4,d5,be,bb,0e,89,b0,3a,\
eb,eb,3a,33,36,23,cc,2e,ba,9c,50,53,65,51,69,8f,d6,90,c6,c6,a0,0b,ed,cf,e0,\
ec,12,ec,92,40,0e,eb,bc,1d,fa,57,37,5c,39,2e,53,f6,7a,80,3b,f2,45,c3,ae,c6,\
56,94,15,70,6f,93,61,2d,bf,39,61,d7,55,76,09,86,dc,a1,0e,ba,62,df,66,ef,cd,\
55,87,a5,1b,69,a6,b6,06,6a,e5,2b,50,54,09,5c,5d,aa,ac,1d,ee,cd,73,f1,d0,12,\
08,cb,fb,93,22,75,68,61,be,a0,a7,8a,37,d4,6f,92,a0,a3,3f,e7,a5,c9,e9,38,5e,\
ff,22,17,40,e6,93,c2,20,5f,53,92,f6,05,e6,29,23,f7,1e,38,9d,e1,9b,40,d8,3a,\
98,45,b7,64,18,f0,6e,71,10,8d,d5,fe,8a,51,2e,af,1a,01,2d,2e,1e,b6,f7,d4,02,\
41,f7,6c,d4,ce,5e,20,20,fa,5c,48,fc,9f,fa,a7,54,b9,15,22,2d,80,23,98,8d,0b,\
17,54,63,f5,66,e0,45,18,3b,f6,40,5e,9d,a1,92,00,94,cc,e4,76,8f,ed,20,41,47,\
a5,c2,56,38,b6,fb,f6,e1,1e,32,a4,b2,f2,6a,02,a5,ac,b7,f4,7d,ef,79,06,63,57,\
65,bd,33,6d,1e,04,09,4c,f9,65,48,f2,87,91,45,06,33,8c,31,e2,47,e3,41,00,46,\
de,dd,b9,42,98,59,2a,c6,f4,43,3e,f0,a2,cf,d1,5f,73,d9,2f,70,6a,1a,f1,cd,4d,\
e0,ac,aa,3b,17,a6,c5,a4,48,f7,b8,af,81,10,0b,08,98,19,b6,35,b5,30,43,33,42,\
d9,62,e1,55,02,f7,f9,b9,e8,e7,8b,0e,1b,f8,10,c5,b6,35,25,66,df,be,2f,13,77,\
79,16,7e,00,9c,b3,71,b2,e7,73,ac,d4,9f,9a,38,56,cb,5d,68,58,76,37,1a,7c,c8,\
7e,8e,bc,08,de,59,02,0c,cf,60,e8,b2,8d,d3,dc,19,2b,03,fd,4f,4b,c1,8e,6e,6a,\
fa,c3,b2,67,dd,b9,a4,9b,b1,f5,6d,f2,a3,09,90,3e,36,fc,a1,f3,61,da,84,80,2c,\
e7,53,52,36,12,23,43,e3,51,35,85,97,40,74,45,e5,eb,1e,7b,dd,0b,4d,c6,91,12,\
09,33,05,7a,8d,05,d2,d2,d8,97,9e,6f,00,e2,52,77,82,36,42,49,93,92,31,0a,66,\
0e,2c,05,9d,43,6f,ff,f7,f5,1a,db,7f,81,56,1a,a4,89,a1,1b,82,3e,ec,36,62,05,\
08,b3,0b,8d,55,59,61,23,99,e0,1c,e9,86,e8,d8,20,dc,23,98,fb,af,da,e2,91,18,\
79,ed,40,df,81,da,2a,d9,29,55,57,1f,8d,a1,c5,e6,24,e5,2e,95,fc,78,4b,f9,56,\
fd,26,ef,14,80,4e,cc,e3,d0,5b,88,f4,c5,39,be,e2,71,8c,c4,8b,ea,41,1c,10,80,\
66,ca,b3,bf,03,a1,07,3a,89,28,42,df,a2,bc,54,21,bb,d7,9a,40,1d,fc,63,0e,0b,\
55,95,17,c7,02,6c,68,ef,ed,a2,5a,2d,69,fc,88,e5,81,64,69,c4,f3,21,d6,51,de,\
97,ba,7e,aa,77,94,fc,a1,27,ff,2b,7a,3d,ee,70,0a,3d,25,7f,cf,41,74,99,9a,ab,\
8c,ae,60,2a,76,59,59,f2,23,62,b0,e6,1e,98,c1,75,bd,7c,32,be,ea,3f,15,de,ca,\
ac,4a,a1,3e,3b,9b,85,9f,09,39,52,37,c4,c6,5c,0c,08,9a,9e,99,16,4e,12,b6,2c,\
30,cf,3d,47,eb,52,4d,57,df,7e,4a,87,be,97,ec,6a,ef,74,cb,1a,13,a0,2e,0f,ad,\
48,45,7b,ec,19,e3,ca,83,8a,81,3f,45,71,b7,e4,c6,54,c5,51,34,9f,87,e9,86,c2,\
54,53,c2,65,9a,a0,96,32,ae,4b,60,14,db,cf,aa,f1,b3,f8,e4,78,ad,15,d6,34,80,\
f4,cf,e8,03,eb,6c,65,c6,7b,9e,ab,84,7e,a5,c8,9c,c0,b3,b9,37,c7,f5,95,b3,30,\
f3,2e,22,2a,63,65,53,a7,e4,31,be,aa,29,d4,37,51,31,f2,cb,78,ed,8c,42,f3,e7,\
9f,49,12,53,a9,80,78,2b,aa,e4,0f,4a,ef,11,c4,83,f8,11,ed,6f,20,35,1e,68,93,\
07,b0,6d,1d,ce,ca,a2,76,31,de,e8,6c,89,21,8a,ac,47,ef,f2,e7,45,db,1e,6a,4e,\
d7,93,0a,aa,88,dc,04,fa,b7,f7,02,ff,5c,b7,1e,91,41,21,60,5f,f8,1b,01,bf,2a,\
a7,f1,b3,a8,7f,b3,40,c1,d1,22,83,a7,24,44,5d,94,93,83,08,8e,3f,8c,33,8f,d7,\
73,b0,09,67,52,a6,8d,69,e8,c5,2d,9c,bd,dd,1a,90,40,9d,4d,bf,39,1b,39,f0,63,\
f9,ac,a1,1c,50,a5,b2,a5,6d,df,4c
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-1085031214-117609710-725345543-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:5d,d7,54,f4,68,03,0d,e6,0c,2b,23,41,73,64,a8,9f,b8,c2,70,b7,5f,\
cf,4a,c5,1e,39,21,a5,e0,15,07,b8,04,42,9c,f1,d5,cd,22,4f,09,ec,53,ad,8e,95,\
f9,77,5f,ec,00,f0,cb,6a,fd,a3,d0,d4,ee,a2,d8,f8,4c,0b,2c,2c,5e,57,e3,fe,ac,\
5c,6b,14,1f,c3,d2,9c,8e,d7,3e,5f,0a,fc,28,7f,8a,5d,f6,0e,58,48,8f,85,65,89,\
c2,94,0b,44,18,eb,43,34,f2,ed,23,37,6c,f3,48,7c,1a,c0,4f,0f,0c,0e,bc,e1,6f,\
53,d4,51,de,51,b6,9a,00,ab,03,96,dd,11,7a,21,94,6a,90,3c,9e,ce,5d,2d,0a,41,\
7f,bd,d3,a2,30,24,68,09,d0,85,61,53,c6,a3,28,cb,7a,2c,ec,49,ec,96,86,c3,35,\
60,ab,c2,cd,82,92,dc,3c,ed,c3,de,8e,9e,86,0f,6b,f5,ac,ea,b9,fc,83,b8,64,9c,\
b0,65,ff,88,28,7c,7d,88,ed,aa,ca,f2,47,98,2d,86,5b,d0,66,bd,b4,7c,a6,60,18,\
77,e4,20,61,88,eb,de,aa,5c,e6,2b,00,77,9f,d0,c0,90,75,24,f0,fb,23,49,da,35,\
70,7f,5e,46,4a,05,11,aa,79,b8,12,c8,8c,50,4a,31,ed,51,ab,91,2e,1b,24,b3,a1,\
3f,70,12,76,3e,3f,43,d1,2d,90,2c,48,bd,e7,55,be,e7,df,be,07,f3,cc,67,35,1b,\
b1,f4,1b,bb,87,ac,cd,2e,dd,92,c4,d4,c0,fc,39,46,6c,2d,77,40,2e,7b,67,ea,8d,\
8a,65,67,d5,5c,35,5d,ea,4e,8c,b8,2d,81,77,61,8c,65,1b,8e,57,d3,f0,31,60,1f,\
26,ce,a5,d5,f1,eb,bd,17,b1,a1,4e,07,4b,6d,ab,09,4c,b4,3b,80,2b,85,0a,1c,d6,\
4e,4f,a6,7a,ae,66,87,4a,22,82,e4,4c,e8,f7,ad,89,bb,90,c4,f6,bb,5d,22,e3,a8,\
e4,15,33,63,2b,aa,a0,60,27,8a,5a,90,55,2e,e4,23,db,e9,a0,5b,48,85,26,a3,e2,\
bb,b0,71,3f,d5,77,35,c5,96,aa,ab,fc,16,eb,fb,c4,eb,1d,7d,e8,fc,b3,df,73,3a,\
22,51,88,b1,c5,0c,b9,5c,37,c2,67,25,76,81,91,9b,f8,11,cd,68,4a,62,89,a8,5f,\
85,32,25,34,64,0b,1d,04,58,5d,10,84,42,5d,0f,89,88,8b,60,c8,2c,20,5d,df,84,\
c1,22,68,96,8d,7b,41,dc,e9,6e,04,87,c6,a5,fd,0a,45,7f,c6,40,6e,8c,aa,ae,69,\
3e,b2,e9,d1,04,3f,9b,41,03,c4,f5,4f,26,6b,7d,6b,d3,dc,6d,f8,51,24,6a,90,d1,\
1a,6f,0b,6e,56,48,85,a0,03,f7,8c,6b,2f,71,1e,e8,64,60,c5,27,ba,d8,3a,73,be,\
70,b4,75,2d,5e,55,c4,a3,f2,25,dc,9e,d5,c1,7a,fa,9a,25,0d,61,09,eb,c6,ed,c5,\
31,e2,70,f2,95,f9,db,85,f7,6b,24,10,da,e7,84,ae,65,1a,54,13,d1,3a,96,f5,89,\
c5,a4,55,95,eb,2b,fc,33,da,90,09,6e,51,19,be,0c,7a,c9,5a,48,a8,6f,99,e4,1f,\
c8,99,f5,a6,4d,59,90,55,9d,8c,6f,d0,a5,29,57,99,e8,3c,1a,b0,d6,66,55,4f,74,\
96,74,3a,6a,da,40,c5,d3,b3,d6,70,49,82,50,9e,91,e8,a0,23,98,0f,9c,63,fd,89,\
26,18,8c,da,c8,31,dd,ee,68,c7,02,40,c0,c3,cf,e2,b1,9a,c7,64,d9,a5,94,9e,a9,\
f6,f7,35,5b,43,72,64,23,34,1b,f2,b8,21,2c,53,ba,9d,e7,c8,81,3e,ce,19,eb,a2,\
b3,9f,90,19,9a,50,36,96,9b,ce,04,23,a0,6d,b6,0e,bd,7b,84,61,c6,d0,d2,56,b8,\
99,37,05,ae,c9,58,27,d3,2b,42,af,e9,b0,28,4a,a4,f3,e7,48,d9,f8,29,2b,61,8b,\
05,94,fa,5a,d0,1c,ea,96,cc,67,8b,32,fe,71,fe,4d,61,69,f5,8a,64,22,50,cb,b0,\
8b,da,13,18,19,ed,43,0f,58,ff,3f,76,35,9e,41,4e,86,4f,b4,01,74,65,cf,b6,46,\
e4,61,10,90,7d,0a,b9,e1,ec,ea,ce,a3,17,88,c4,43,39,2e,62,ac,99,a6,96,ab,85,\
04,97,b9,9e,90,8c,b3,a0,38,aa,48,ae,ea,a6,bc,6f,ca,d9,bf,9c,d7,cb,d1,09,37,\
19,a5,9b,a5,91,1b,a8,ce,9a,d3,52,b5,01,7a,f6,ba,2d,f7,9d,0e,7b,82,fc,f6,fa,\
3c,62,0b,b8,ea,e7,45,b4,3d,78,fc,ea,e0,30,88,c8,2a,2e,a6,6a,43,52,3d,de,0e,\
74,00,37,3b,94,86,19,cc,f4,65,dc,95,e8,93,20,c2,79,67,65,5f,d0,b3,aa,34,7c,\
7a,6c,7e,85,45,af,b3,2e,13,fc,ad,53,1d,25,9a,dd,64,05,8d,85,01,d2,41,e1,65,\
0b,26,f3,49,e8,96,d3,e9,8e,7d,08,57,c8,3b,56,87,c0,70,81,ac,db,c5,db,d9,09,\
8b,93,20,2f,55,80,b7,bf,28,f7,40,a2,3c,8a,79,2d,26,82,70,c7,49,b3,7a,5e,44,\
8e,30,ee,c5,c2,c3,e6,e9,68,27,ac,ac,11,f8,54,ac,d8,11,94,b9,7f,e6,ce,79,70,\
ca,0e,e6,1d,cd,27,e8,b2,44,ca,dc,9f,a6,5c,13,76,07,22,df,35,69,2f,e8,0a,b0,\
32,c0,9b,d6,0b,cc,17,d3,e2,41,5c,b6,0b,35,d5,f8,03,89,4e,91,00,c6,f2,d0,8f,\
e1,81,8a,97,f5,ce,75,25,6b,cb,24,93,6c,df,bd,fd,63,be,e3,a4,b1,77,e6,f3,99,\
aa,02,fb,b8,e9,30,d4,dd,0c,a6,c5,c7,37,a8,af,7d,84,63,45,56,31,36,3f,17,05,\
e7,58,9a,a8,d2,08,c4,e3,68,09,dd,46,2b,17,3e,db,12,9e,c5,18,a5,b5,05,ff,d9,\
8c,9d,b4,bc,f9,77,df,e2,ed,a7,a0,46,db,4c,a5,8f,c5,42,4f,0b,f4,6c,32,3d,e9,\
78,85,1a,8e,15,e6,ff,19,85,55,22,ce,3e,84,4a,be,81,8c,a6,0d,5f,1e,0c,8e,b6,\
62,fc,1f,28,d7,f0,cd,ea,e3,01,ff,0b,bc,19,ef,34,a3,3d,14,e8,8f,45,e6,cc,8c,\
f9,c1,73,73,4b,12,5e,57,67,04,f3,c3,85,04,28,d5,4f,66,20,5f,f5,00,a9,69,82,\
e8,3d,1f,ed,62,57,00,e1,ab,04,cf,af,18,6e,6b,cf,f9,39,9f,1a,96,09,fd,80,79,\
f4,2d,3c,f4,1a,26,33,0c,c1,6a,c8,75,b6,a6,9d,07,e0,53,68,02,71,c4,4b,ed,cd,\
e7,59,dc,4a,ac,fd,52,9d,bb,0b,dd,4e,cf,8e,1c,ff,3e,19,97,eb,56,ea,cb,49,d8,\
20,45,ea,f6,6f,4f,d6,24,ac,bd,46,3f,39,42,1d,94,a7,01,3d,b0,03,87,e7,dd,5b,\
91,09,74,89,19,1a,be,b2,ee,9b,90,4e,04,ca,85,ef,a1,75,49,ba,dd,73,57,2f,27,\
10,5d,b4,39,f5,67,93,b2,54,20,7f,ff,fa,a6,9a,fe,6e,b1,63,ee,76,83,94,4f,af,\
54,95,9b,28,fa,44,a0,f3,5d,c7,f0,03,27,29,dc,41,f1,82,5b,f5,1e,a5,f2,82,2b,\
f3,90,a2,20,a7,33,20,48,5a,63,c1,1e,79,8c,8b,41,c7,01,66,41,49,f2,58,b9,42,\
6c,90,97,64,38,64,bd,0e,f7,f9,36,94,a7,67,bb,60,95,d9,ee,c9,a1,3b,dc,4d,81,\
fe,c3,dc,a5,b7,79,16,32,97,5a,2d,6c,8e,07,50,61,d7,ef,83,32,12,38,6b,4f,6a,\
d8,7a,a9,4d,4c,b8,1c,c9,3a,0a,76,40,07,5b,64,e3,ab,ae,b2,1e,c2,87,2f,3f,25,\
74,af,d5,92,51,27,b7,43,df,89,90,d1,71,26,57,1b,60,d1,91,c3,71,f1,64,cd,a7,\
71,9e,87,36,a4,6c,6d,df,9d,67,5d,2c,0b,78,04,91,ee,3e,66,91,eb,1a,1a,d8,f7,\
53,1f,83,d9,cb,dc,ef,50,e2,fb,5a,58,be,96,82,56,ca,9b,29,08,76,6a,9c,96,59,\
8b,d5,3a,3c,e5,16,62,82,14,ad,4e,05,8a,6f,59,b2,32,6d,bb,fd,39,f2,17,4e,ed,\
a9,74,86,24,2d,88,bd,93,3d,8d,76,3d,84,38,fb,0a,79,8e,f9,19,3d,22,d6,8c,1c,\
7a,7b,cb,1c,45,26,bf,b1,f8,63,91,fa,1e,5b,13,eb,1b,26,7e,f5,89,1a,21,99,9b,\
d3,35,f3,8f,d0,93,b4,a6,ad,9b,d4,1d,6b,3f,ef,59,37,53,0a,93,07,da,1c,b2,46,\
60,20,b5,0f,8d,3a,4e,e0,7d,27,7d,b9,24,83,a0,b0,fa,70,f0,ca,fe,0a,b0,90,0d,\
ac,3a,33,ce,1b,df,2a,cb,e8,11,cd,0f,eb,44,14,5e,f0,66,01,f6,74,46,41,a4,83,\
38,01,b7,7e,30,84,73,5e,1e,18,cd,42,34,bf,45,7f,12,f4,4d,7e,e7,38,1b,ff,c2,\
28,12,17,1d,27,bb,86,ef,17,d6,f1,ab,0d,f8,6b,4b,bc,b8,88,ff,25,50,0f,03,93,\
72,81,b8,ba,d9,4f,e0,1c,df,2c,f2,4a,f6,2e,b3,40,bd,e1,49,78,5b,bc,e7,01,e6,\
a6,41,5c,b9,2f,55,f6,a6,9d,40,97,04,db,a1,7d,e8,64,61,32,07,5a,64,5d,d0,04,\
3e,73,0a,ed,e8,fb,15,16,6c,3b,2c,ea,2e,20,ad,85,36,4b,f8,65,6c,e8,a5,4c,18,\
4c,2d,3d,ae,b9,c2,d2,20,78,89,9d,22,56,22,74,f9,62,75,5b,3f,63,16,46,d5,ae,\
2a,87,0d,06,92,2a,30,94,c8,14,95,0c,c3,39,f9,f1,9f,7f,46,90,f9,aa,53,96,76,\
37,df,1d,0c,d9,ae,75,ef,36,42,c1,e2,60,df,57,f9,8c,0e,82,69,bd,a3,ec,04,1b,\
ad,78,1b,79,db,c9,2c,57,b8,41,79,43,50,c1,c6,83,5d,1e,3e,d3,1b,19,94,32,0d,\
8a,00,18,11,c8,24,29,96,50,ef,70,4f,68,b9,ba,51,27,d5,f1,49,bb,01,7a,b0,78,\
26,48,79,25,df,43,5a,25,dd,ed,1e,13,f1,da,8b,53,ed,4d,94,75,36,5d,12,a9,71,\
d0,98,68,04,67,f7,e9,f2,b3,8d,57,2e,39,7a,6f,5f,03,88,56,d6,f2,21,08,e8,82,\
f4,ff,10,10,22,c5,89,e9,b1,76,29,56,cb,dd,b1,4a,63,2a,c6,72,45,25,59,bc,05,\
53,78,8f,9c,54,35,a9,29,ac,4a,8f,dc,72,90,53,0f,4a,a7,65,dc,f3,7a,9e,aa,6e,\
52,80,85,ce,0b,f6,f1,a3,c9,ff,77,35,f7,e5,c0,a0,4c,a0,f3,01,42,e0,ed,ed,71,\
d1,3d,85,d5,fc,fa,1c,e7,2a,e8,3b,dc,db,c5,c0,d8,80,55,2d,26,6e,10,3d,f1,87,\
46,4e,21,02,8b,ed,95,22,05,1b,9c,ad,38,c2,44,8f,2c,a3,5f,7c,76,e8,04,0c,51,\
b2,d5,96,36,2f,d9,24,04,2a,b9,ff,2e,81,5f,36,e1,73,ac,53,e8,af,ff,63,12,ed,\
7a,06,d8,8b,be,a1,f5,a7,68,ca,7e,e0,a1,67,af,b7,32,83,63,31,97,51,de,5b,fa,\
5d,78,7d,8a,e5,e9,03,ba,02,ba,a1,49,72,c1,ef,aa,06,05,58,de,dd,1d,06,63,07,\
f4,c9,8b,9d,72,6e,a4,cf,b8,0d,79,7e,7f,f2,5e,94,e6,a9,00,dc,ce,c0,1d,b9,7d,\
cb,b8,68,16,00,af,dc,8f,1c,42,b6,58,28,57,58,9e,45,ad,b0,38,fc,df,fd,5b,e4,\
d5,7f,02,a2,6a,1c,b2,56,e7,e1,78,c0,04,d8,3d,52,e2,2b,69,8f,8a,57,0c,63,31,\
af,3b,07,0a,9d,79,ac,6b,e0,98,12,54,cb,90,2e,8a,a7,d6,f2,e9,fc,8e,b8,35,e9,\
95,31,2f,d1,ef,36,cb,1c,e0,bc,76,b2,23,75,0f,89,69,6e,fc,1d,d4,60,b4,6e,be,\
24,37,65,cc,92,b5,9c,16,e9,80,35,c1,67,5b,e9,3f,71,e9,d7,78,8b,91,6a,0f,3b,\
2b,d0,12,87,75,57,f0,ce,62,34,2b,38,4a,ed,6d,88,45,f6,4f,18,28,7e,ce,93,be,\
94,fe,15,81,d3,34,1d,67,be,04,9f,00,22,4d,96,17,6c,3c,ad,8f,85,76,c2,fc,cf,\
61,7e,8e,3f,9c,ab,25,d0,b7,83,4c,5c,33,27,b8,2f,28,e7,d3,7c,3e,b8,a1,72,0e,\
4f,ad,05,21,aa,3b,fd,86,22,8c,a3,75,96,6c,9b,d6,0c,a2,61,75,37,27,39,e7,d0,\
ec,e0,b9,16,66,a3,51,a0,78,f9,c9,bd,7b,07,f9,a8,ce,cf,52,5d,86,05,a3,b2,2a,\
cf,e3,32,3d,ae,e3,cd,ca,93,af,3e,70,c6,e8,f3,16,33,c5,9a,56,09,58,33,87,be,\
2b,63,42,03,62,27,a1,a4,16,ad,d7,b8,39,38,70,f8,39,93,0a,a0,d6,ed,7b,38,e6,\
52,91,10,69,66,29,1f,10,d4,5d,5d,8a,9e,ad,e4,a6,54,84,98,fe,8e,ed,70,30,81,\
3d,db,ef,88,66,b4,7e,16,bc,59,b8,51,f3,4b,d0,3a,5e,8f,dc,f7,f9,ef,ea,df,d4,\
e2,af,af,13,99,56,de,99,bd,ad,96,ba,a5,a6,50,c2,13,49,2c,d6,4b,f0,4a,37,d2,\
78,9f,23,83,cc,02,77,2b,dc,e3,9d,f2,8c,04,fd,ad,b5,26,ff,70,97,c7,72,20,3b,\
11,c8,dd,df,a7,6a,6e,3b,bb,91,15,84,09,c9,3d,e7,cc,60,52,49,10,22,4c,50,1d,\
5b,5f,31,9a,15,df,38,a6,39,42,c0,fc,dc,74,66,3e,ae,1c,81,63,6a,4e,1f,4f,b8,\
ba,1c,97,2d,0b,46,d0,95,90,6d,15,d0,87,e8,2d,c1,9d,98,0b,6d,d8,36,99,51,10,\
da,d0,06,11,47,f5,af,49,fc,94,d9,0c,94,ec,23,61,8f,f6,05,2e,aa,d6,7d,75,13,\
a0,bf,95,95,38,14,87,5a,03,5d,2c,24,8d
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-01-07 18:16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 00:16:49

Pre-Run: 248,814,055,424 bytes free
Post-Run: 249,440,313,344 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

456 --- E O F --- 2008-12-27 06:04:50

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:55 AM

Posted 08 January 2009 - 05:46 PM

Hello Zaraph,

Let's clean up some more :

Open Notepad - don't use any other texteditor than Notepad or the script will fail !
Copy/paste the bold, blue text below into an empty notepad window:http://www.bleepingcomputer.com/forums/t/193172/infected-with-seneka-trojan/
Collect::[9]
c:\windows\system32\ffkuz.dll
Driver::
jlIiyzo
ppcispkq
iMSPCLOj
XDva190
XDva197

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. Upon reboot, (in case it asks to reboot), post the contents of the Combofix log in your next reply, as well as a fresh HijackThislog.

ComboFix has generated a zipped file at C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip.
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/submit-malware.php?channel=9 :1. In the first window (Link to topic where this file was requested:) copy and paste this link :http://www.bleepingcomputer.com/forums/topic193172
2. In the second window (Browse to the file you want to submit: ) browse to the C:\Qoobox\Quarantine\[9]Submit@Date_Time.zip file
3. Click the Send file button :thumbsup:
Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Zaraph

Zaraph
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 08 January 2009 - 07:00 PM

Hello! I don't seem to be having any problems as of now- the advertisements have stopped and no new trojans have been downloaded on my computer.

Here are the two logs:

ComboFix 09-01-08.01 - Zaraph 2009-01-08 17:33:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1509 [GMT -6:00]
Running from: c:\documents and settings\Zaraph\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Zaraph\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ffkuz.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IMSPCLOJ
-------\Legacy_XDVA190
-------\Legacy_XDVA197
-------\Service_iMSPCLOj
-------\Service_jlIiyzo
-------\Service_ppcispkq
-------\Service_XDva190
-------\Service_XDva197


((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-08 17:38 . 2009-01-08 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-01-07 20:09 . 2008-10-16 14:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-01-07 20:09 . 2007-04-17 03:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-07 20:09 . 2007-03-07 23:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-07 20:09 . 2008-10-16 14:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-01-07 20:09 . 2008-10-16 14:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-07 20:09 . 2008-10-16 14:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-01-07 20:09 . 2008-10-16 14:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-01-07 20:09 . 2008-10-16 14:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-07 20:09 . 2008-10-16 07:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-01-07 13:24 . 2009-01-07 13:30 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2009-01-06 14:17 . 2009-01-06 14:49 <DIR> d--h----- C:\$AVG8.VAULT$
2009-01-06 13:55 . 2009-01-08 13:04 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-06 13:55 . 2009-01-06 13:55 <DIR> d-------- c:\program files\AVG
2009-01-06 13:55 . 2009-01-06 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-06 13:55 . 2009-01-06 13:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-06 13:55 . 2009-01-06 13:55 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-06 13:55 . 2009-01-06 13:55 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-06 13:13 . 2009-01-06 13:13 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ATI
2009-01-05 01:49 . 2009-01-05 01:49 <DIR> d-------- c:\program files\FileASSASSIN
2009-01-05 01:46 . 2009-01-05 01:46 <DIR> d-------- c:\program files\Trend Micro
2009-01-05 01:06 . 2009-01-05 01:06 <DIR> d-------- c:\documents and settings\Test Account.SARAHCOMPY\Application Data\CiscoCAA
2009-01-05 01:06 . 2009-01-05 01:06 <DIR> d-------- c:\documents and settings\Test Account.SARAHCOMPY\Application Data\ATI
2009-01-05 01:06 . 2009-01-06 13:56 <DIR> d-------- c:\documents and settings\Test Account.SARAHCOMPY
2009-01-05 00:59 . 2009-01-05 00:59 <DIR> d-------- c:\documents and settings\Test Account
2009-01-05 00:40 . 2008-12-12 00:57 78,336 --a------ c:\windows\system32\Agent.OMZ.Fix.exe
2009-01-05 00:23 . 2009-01-05 00:23 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-04 23:00 . 2009-01-05 00:40 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-04 22:57 . 2009-01-04 22:57 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-04 22:18 . 2009-01-06 13:56 <DIR> d-------- c:\documents and settings\Administrator
2008-12-27 15:50 . 2008-12-27 15:50 <DIR> d-------- c:\program files\EA GAMES
2008-12-27 15:50 . 2008-03-12 17:38 445,504 -ra------ c:\windows\system32\vp6vfw.dll
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\system32\scripting
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\system32\en
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\system32\bits
2008-12-25 17:04 . 2008-12-25 17:04 <DIR> d-------- c:\windows\l2schemas
2008-12-25 17:03 . 2008-12-25 17:03 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-25 16:55 . 2008-12-25 16:55 <DIR> d-------- c:\windows\EHome
2008-12-17 21:57 . 2008-12-17 21:57 <DIR> d-------- c:\program files\Ventrilo
2008-12-17 21:57 . 2008-12-17 21:57 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2008-12-14 11:52 . 2008-12-14 11:52 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-14 11:52 . 2003-07-20 21:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-12-14 11:52 . 2005-01-04 12:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-14 11:43 . 2008-12-14 11:43 <DIR> d-------- c:\program files\Gpotato
2008-12-11 16:20 . 2008-12-11 16:20 <DIR> d-------- c:\program files\Common Files\DirectX
2008-12-11 13:14 . 2008-12-11 13:14 <DIR> d-------- C:\AeriaGames
2008-12-09 22:34 . 2008-12-09 22:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-09 22:34 . 2008-12-09 22:34 <DIR> d-------- c:\documents and settings\Zaraph\Application Data\Malwarebytes
2008-12-09 22:34 . 2008-12-09 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-09 22:34 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 22:34 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-09 22:12 . 2008-12-09 22:12 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 23:38 --------- d-----w c:\program files\Steam
2009-01-08 23:38 --------- d-----w c:\documents and settings\Zaraph\Application Data\OpenOffice.org2
2009-01-06 23:44 --------- d-----w c:\documents and settings\Zaraph\Application Data\Bioshock
2008-12-30 21:55 --------- d-----w c:\program files\Diablo II
2008-12-25 23:12 --------- d-----w c:\program files\MSN Messenger
2008-12-18 04:02 --------- d-----w c:\documents and settings\Zaraph\Application Data\Ventrilo
2008-12-18 03:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_18.16.20.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:11:48 61,440 -c--a-w c:\windows\ie7\admparse.dll
+ 2008-04-14 00:11:48 99,840 -c--a-w c:\windows\ie7\advpack.dll
+ 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\ie7\custsat.dll
+ 2008-04-14 00:11:52 357,888 -c--a-w c:\windows\ie7\dxtmsft.dll
+ 2008-04-14 00:11:52 205,312 -c--a-w c:\windows\ie7\dxtrans.dll
+ 2008-04-14 00:11:53 55,808 -c--a-w c:\windows\ie7\extmgr.dll
+ 2008-04-14 00:11:54 38,912 -c--a-w c:\windows\ie7\hmmapi.dll
+ 2008-04-14 00:12:22 34,304 -c--a-w c:\windows\ie7\ie4uinit.exe
+ 2008-04-14 00:11:54 143,360 -c--a-w c:\windows\ie7\ieakeng.dll
+ 2008-04-14 00:11:54 216,576 -c--a-w c:\windows\ie7\ieaksie.dll
+ 2006-02-28 12:00:00 221,184 -c--a-w c:\windows\ie7\ieakui.dll
+ 2008-04-14 00:11:54 323,584 -c--a-w c:\windows\ie7\iedkcs32.dll
+ 2008-04-14 00:12:22 18,432 -c--a-w c:\windows\ie7\iedw.exe
+ 2008-04-14 00:11:54 251,904 -c--a-w c:\windows\ie7\iepeers.dll
+ 2008-04-14 00:11:54 48,640 -c--a-w c:\windows\ie7\iernonce.dll
+ 2008-04-14 00:11:54 62,976 -c--a-w c:\windows\ie7\iesetup.dll
+ 2008-04-14 00:12:22 93,184 -c--a-w c:\windows\ie7\iexplore.exe
+ 2008-04-14 00:11:54 35,840 -c--a-w c:\windows\ie7\imgutil.dll
+ 2008-04-14 00:11:55 96,256 -c--a-w c:\windows\ie7\inseng.dll
+ 2008-04-14 00:11:56 15,872 -c--a-w c:\windows\ie7\jsproxy.dll
+ 2008-04-14 00:11:56 22,016 -c--a-w c:\windows\ie7\licmgr10.dll
+ 2008-04-14 00:12:27 29,184 -c--a-w c:\windows\ie7\mshta.exe
+ 2008-12-12 17:01:00 3,067,904 -c--a-w c:\windows\ie7\mshtml.dll
+ 2008-04-14 00:11:59 449,024 -c--a-w c:\windows\ie7\mshtmled.dll
+ 2008-04-13 16:26:26 56,832 -c--a-w c:\windows\ie7\mshtmler.dll
+ 2006-02-28 12:00:00 146,432 -c--a-w c:\windows\ie7\msls31.dll
+ 2008-04-14 00:12:00 146,432 -c--a-w c:\windows\ie7\msrating.dll
+ 2008-04-14 00:12:00 532,480 -c--a-w c:\windows\ie7\mstime.dll
+ 2008-04-14 00:12:02 96,256 -c--a-w c:\windows\ie7\occache.dll
+ 2008-04-14 00:12:02 39,424 -c--a-w c:\windows\ie7\pngfilt.dll
+ 2007-08-14 00:54:42 32,960 -c--a-w c:\windows\ie7\spuninst\iecustom.dll
+ 2007-08-14 00:52:06 66,048 -c--a-w c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 23:43:16 213,216 -c--a-w c:\windows\ie7\spuninst\spuninst.exe
+ 2006-09-06 23:43:18 371,424 -c--a-w c:\windows\ie7\spuninst\updspapi.dll
+ 2008-04-14 00:12:08 37,888 -c--a-w c:\windows\ie7\url.dll
+ 2008-10-16 01:00:11 619,520 -c--a-w c:\windows\ie7\urlmon.dll
+ 2008-04-14 00:12:08 851,968 -c--a-w c:\windows\ie7\vgx.dll
+ 2008-04-14 00:12:08 276,480 -c--a-w c:\windows\ie7\webcheck.dll
+ 2008-10-16 01:00:11 666,112 -c--a-w c:\windows\ie7\wininet.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2007-08-14 00:54:10 765,952 -c----w c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2007-08-14 00:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2007-08-14 00:39:00 123,904 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll.000
+ 2007-08-14 00:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2007-08-14 00:35:46 346,624 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll.000
+ 2007-08-14 00:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2007-08-14 00:35:38 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll.000
+ 2007-08-14 00:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2007-08-14 00:54:10 131,584 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll.000
+ 2007-08-14 00:36:26 61,952 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2007-08-14 00:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2007-08-14 00:39:06 54,784 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe.000
+ 2007-08-14 00:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2007-08-14 00:39:26 152,064 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll.000
+ 2007-08-14 00:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2007-08-14 00:39:54 229,376 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll.000
+ 2007-08-13 23:56:54 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2007-02-12 22:10:12 2,451,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dat
+ 2007-07-11 18:27:48 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2007-08-14 00:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2007-08-14 00:39:50 382,976 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll.000
+ 2007-08-14 00:54:10 6,049,280 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2007-08-14 00:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2007-08-14 00:39:10 43,008 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll.000
+ 2007-08-14 00:34:04 266,752 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2007-08-14 00:39:10 13,312 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2007-08-14 00:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2007-08-14 00:43:56 622,080 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe.000
+ 2007-08-14 00:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2007-08-14 00:54:10 27,136 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll.000
+ 2007-08-14 00:54:10 458,752 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2007-08-14 00:54:10 50,688 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2007-08-14 00:54:12 3,578,368 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2007-08-14 00:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2007-08-14 00:54:10 475,648 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll.000
+ 2007-08-14 00:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2007-08-14 00:44:26 192,000 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll.000
+ 2007-08-14 00:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2007-08-14 00:54:10 670,720 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll.000
+ 2007-08-14 00:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2007-08-14 00:44:06 101,376 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll.000
+ 2007-08-14 00:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-08-14 00:36:12 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2007-08-14 00:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2007-08-14 00:44:30 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll.000
+ 2007-08-14 00:54:10 1,162,240 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2007-08-14 00:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2007-08-14 00:54:10 231,424 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll.000
+ 2007-08-14 00:54:10 818,688 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll.000
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll.000
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dat
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll.000
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll.000
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll.000
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll.000
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll.000
+ 2008-08-27 19:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-27 19:54:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll.000
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll.000
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll.000
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll.000
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll.000
+ 2008-10-17 08:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
- 2008-04-14 00:11:48 61,440 ----a-w c:\windows\system32\admparse.dll
+ 2007-08-14 00:39:20 71,680 ----a-w c:\windows\system32\admparse.dll
- 2008-04-14 00:11:48 99,840 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2007-08-14 00:39:20 71,680 -c----w c:\windows\system32\dllcache\admparse.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2006-09-23 19:12:50 1,022,976 -c----w c:\windows\system32\dllcache\browseui.dll
+ 2007-08-14 00:42:54 17,408 -c----w c:\windows\system32\dllcache\corpol.dll
- 2008-04-14 00:11:51 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2007-08-14 00:54:10 33,792 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 00:18:02 60,416 -c----w c:\windows\system32\dllcache\hmmapi.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2006-02-28 12:00:00 221,184 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 00:44:02 69,120 -c----w c:\windows\system32\dllcache\iedw.exe
+ 2007-08-14 00:45:18 78,336 -c----w c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 00:54:10 191,488 -c----w c:\windows\system32\dllcache\iepeers.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-14 00:39:12 55,296 -c----w c:\windows\system32\dllcache\iesetup.dll
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-14 00:36:06 36,352 -c----w c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-14 00:39:02 92,672 -c----w c:\windows\system32\dllcache\inseng.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 00:44:18 40,960 -c----w c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-14 00:32:30 45,568 -c----w c:\windows\system32\dllcache\mshta.exe
- 2008-12-12 17:01:00 3,067,904 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 00:01:12 48,128 -c----w c:\windows\system32\dllcache\mshtmler.dll
- 2006-02-28 12:00:00 146,432 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2007-08-14 00:54:10 156,160 -c--a-w c:\windows\system32\dllcache\msls31.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2006-09-23 19:12:50 474,112 -c----w c:\windows\system32\dllcache\shlwapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-10-16 01:00:11 619,520 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-27 17:23:58 765,952 -c----w c:\windows\system32\dllcache\vgx.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 01:00:11 666,112 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 00:11:52 357,888 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-04-14 00:11:52 205,312 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-04-14 00:11:53 55,808 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2006-06-29 14:05:44 26,112 ------w c:\windows\system32\idndl.dll
- 2008-04-14 00:12:22 34,304 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-04-14 00:11:54 143,360 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-04-14 00:11:54 216,576 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2006-02-28 12:00:00 221,184 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\system32\ieapfltr.dat
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-14 00:11:54 323,584 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-14 00:11:54 251,904 ----a-w c:\windows\system32\iepeers.dll
+ 2007-08-14 00:54:10 191,488 ----a-w c:\windows\system32\iepeers.dll
- 2008-04-14 00:11:54 48,640 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-14 00:11:54 62,976 ----a-w c:\windows\system32\iesetup.dll
+ 2007-08-14 00:39:12 55,296 ----a-w c:\windows\system32\iesetup.dll
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2007-08-14 00:54:10 180,736 ------w c:\windows\system32\ieui.dll
- 2008-04-14 00:11:54 35,840 ----a-w c:\windows\system32\imgutil.dll
+ 2007-08-14 00:36:06 36,352 ----a-w c:\windows\system32\imgutil.dll
- 2008-04-14 00:11:55 96,256 ----a-w c:\windows\system32\inseng.dll
+ 2007-08-14 00:39:02 92,672 ----a-w c:\windows\system32\inseng.dll
- 2008-04-14 00:11:56 15,872 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll
- 2008-04-14 00:11:56 22,016 ----a-w c:\windows\system32\licmgr10.dll
+ 2007-08-14 00:44:18 40,960 ----a-w c:\windows\system32\licmgr10.dll
- 2008-09-03 04:15:32 74,649 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2009-01-08 19:05:47 74,137 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:36:40 12,288 ------w c:\windows\system32\msfeedssync.exe
- 2008-04-14 00:12:27 29,184 ----a-w c:\windows\system32\mshta.exe
+ 2007-08-14 00:32:30 45,568 ----a-w c:\windows\system32\mshta.exe
- 2008-12-12 17:01:00 3,067,904 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-14 00:11:59 449,024 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\mshtmled.dll
- 2008-04-13 16:26:26 56,832 ----a-w c:\windows\system32\mshtmler.dll
+ 2007-08-14 00:01:12 48,128 ----a-w c:\windows\system32\mshtmler.dll
- 2006-02-28 12:00:00 146,432 ----a-w c:\windows\system32\msls31.dll
+ 2007-08-14 00:54:10 156,160 ----a-w c:\windows\system32\msls31.dll
- 2008-04-14 00:12:00 146,432 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
- 2008-04-14 00:12:00 532,480 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
+ 2006-06-28 23:59:26 24,576 ------w c:\windows\system32\nlsdl.dll
+ 2006-06-29 14:05:44 23,552 ------w c:\windows\system32\normaliz.dll
- 2008-04-14 00:12:02 96,256 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2008-04-14 00:12:02 39,424 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\pngfilt.dll
- 2008-04-14 00:12:08 37,888 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 01:00:11 619,520 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-14 00:12:08 276,480 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2007-08-14 00:45:16 206,336 ------w c:\windows\system32\WinFXDocObj.exe
- 2008-10-16 01:00:11 666,112 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Steam"="c:\program files\Steam\Steam.exe" [2008-10-08 1410296]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-01-07 3321856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-02 185896]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-06 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

c:\documents and settings\Zaraph\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-04-26 2048074]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Wave2"= AntexWAV.DLL
"Midi2"= AntexWAV.DLL
"Mixer2"= AntexWAV.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Steam\\steamapps\\grel69\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-06 97928]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-06 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-06 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-06 76040]
S3 AntexWAV;Antex Digital Audio Driver;c:\windows\system32\drivers\AntexWAV.sys [2008-04-02 231104]
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Zaraph\Application Data\Mozilla\Firefox\Profiles\oeqz9qvk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 17:37:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1085031214-117609710-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
"??"=hex:6f,4e,cc,b2,54,f8,69,6a,91,73,aa,6c,e5,b0,59,89,fa,45,05,7f,fd,22,09,\
d4,42,33,4e,3d,e9,29,47,ae,ed,40,46,0f,51,1f,0b,14,ea,25,f9,26,91,8d,61,c5,\
a6,8f,75,f0,ad,ae,93,44,1d,70,a1,a5,92,77,aa,c2,2e,f6,49,f5,c2,df,d9,58,06,\
38,d3,62,30,b4,89,5a,66,1f,f6,3f,f2,8e,9c,4b,68,28,c4,d5,5b,5b,7f,d1,f5,c4,\
38,f5,1b,30,07,7e,b0,4a,7b,93,6d,fd,7a,eb,1f,08,e1,21,a4,83,c0,5a,64,80,31,\
51,57,76,43,79,58,e3,68,ad,db,99,d9,4e,c7,94,22,af,e3,01,e8,99,cd,38,6f,c9,\
58,69,7d,e7,ba,43,e1,db,e2,2d,81,82,7c,01,8a,e0,f0,d6,b4,6f,9a,10,da,ea,d9,\
64,e5,29,0d,b9,8e,a1,c1,b2,61,de,b1,4d,ff,f2,cf,b3,96,49,45,f6,67,ce,b8,7b,\
06,ee,8f,9a,9b,ef,75,34,78,97,8c,0f,d6,c4,46,be,36,e4,7f,8f,a7,c9,a3,5c,2e,\
25,f6,2d,fd,5f,d3,56,9d,88,cb,6b,6e,85,ec,ae,de,e3,8f,53,dc,1d,cc,d4,4b,21,\
06,00,6b,cc,88,62,52,80,f5,03,33,ac,8e,c5,f0,30,a1,05,94,10,84,6c,b6,e1,2e,\
15,af,cf,50,c5,26,7b,3c,f6,20,20,54,10,92,57,ab,7a,09,89,4b,9a,cf,09,05,6d,\
eb,60,49,35,39,3b,83,28,de,fa,11,cf,24,de,a2,f2,c2,8e,6e,34,b0,e3,4c,ea,3c,\
b4,9b,9d,b3,46,12,7a,cf,93,ec,15,e2,5a,af,77,a6,e7,b8,13,22,58,c6,b5,eb,09,\
d7,13,0c,e4,4f,92,e0,41,c3,2b,bf,77,1d,97,d9,e5,a2,00,94,20,0c,b4,f9,6b,ec,\
d2,25,63,45,a3,0e,53,97,8f,27,a1,d2,f7,18,86,b2,4b,72,95,ea,75,e8,e6,88,69,\
c3,c9,64,56,11,b2,d7,5f,e4,c7,1b,e8,d9,45,fc,23,e7,81,90,8d,8b,7a,72,31,b9,\
95,85,da,62,41,4b,3a,df,ff,05,b6,a6,e5,a9,17,2e,f5,43,dd,5e,1d,73,3d,3f,af,\
2e,de,47,82,f0,ea,2e,46,73,a5,38,f0,41,4d,81,be,f8,5f,18,25,69,7b,3f,b9,d3,\
b7,07,07,06,3f,39,eb,a9,31,9d,3c,83,2d,e3,c4,2e,5f,91,94,57,15,44,37,ba,04,\
bb,46,1e,98,97,22,b3,c9,32,47,4f,cc,73,97,be,ee,f9,78,03,c9,a2,75,d9,81,06,\
fe,5c,6d,42,6c,b0,e4,59,8a,97,aa,c0,b4,3f,51,17,18,64,fb,d1,ae,fe,56,f6,ed,\
2b,61,ff,26,21,e1,45,2f,f6,a2,f5,ff,9a,13,bd,f1,06,59,91,c0,61,b7,99,f7,c9,\
f0,14,58,45,08,10,9a,f6,f7,5a,69,58,f1,28,de,df,0f,25,02,77,2e,b0,76,e5,3e,\
1b,3e,82,f8,88,3d,64,a3,e3,37,7f,31,9e,01,13,24,0e,07,86,1a,f4,5b,bb,1c,7e,\
d4,68,e0,36,ef,49,81,05,89,28,aa,b8,07,8c,39,bd,35,91,4b,6f,64,ae,7b,13,0f,\
21,32,ab,eb,2a,05,81,b2,61,c5,70,a6,1e,8f,21,5c,9d,f4,c4,28,d6,10,d1,51,5d,\
d9,b7,97,ae,10,4b,11,be,e3,e5,2e,3a,af,e1,89,0c,bd,47,16,fc,40,77,d4,b6,71,\
6f,c8,29,96,d0,a1,1f,0d,90,b3,5a,55,cb,fb,36,c2,fe,d8,e3,38,fe,a8,ff,b9,b3,\
63,18,47,73,84,35,ab,6a,8f,b0,89,21,16,3a,5c,b6,71,14,36,fb,1e,c3,44,54,de,\
59,5c,d8,77,e1,1a,0f,56,bd,cc,9c,c7,74,9d,cd,18,80,8e,c9,9c,40,3f,0c,ed,04,\
4b,b8,61,84,ae,90,06,74,c7,9a,fe,12,b1,0a,a7,46,66,96,76,ee,7d,9f,73,b8,6f,\
34,87,57,f2,bd,c0,e3,44,5b,3a,73,1a,21,7a,72,de,a0,cb,d3,de,e4,c5,96,61,ed,\
a2,e0,db,5b,d6,0d,12,5f,22,a6,fc,10,b4,e8,47,04,52,23,e9,71,69,f0,e6,41,7b,\
21,b2,37,fd,a5,6c,90,ce,e3,30,e0,e7,66,c4,0b,2e,8b,89,a1,36,9c,0f,48,55,fd,\
58,d5,00,a2,fe,6c,05,ca,be,ec,27,7b,c3,34,a7,57,57,cf,77,5e,65,3b,16,89,1d,\
8a,b2,98,f2,08,57,b9,63,77,93,d3,41,2e,5b,93,3e,22,55,37,97,68,e8,e0,95,b6,\
e9,88,2d,69,96,87,79,cf,20,c2,2c,40,01,c0,62,91,b7,38,a7,94,7f,8b,be,2d,c4,\
e5,6b,54,8a,c3,6d,5e,c5,89,fd,e6,fd,16,52,02,c3,01,1e,87,22,f8,49,0e,3e,32,\
1f,32,ba,2e,d2,1d,80,52,c0,fd,46,57,6f,47,34,4d,80,4c,f1,1a,ca,76,35,54,d6,\
2e,ef,29,49,49,52,01,4e,dd,87,f8,4c,ca,a1,f6,91,80,dd,17,b4,75,b3,e8,b9,ff,\
ac,21,2c,7c,4e,50,0f,5b,58,b9,f1,33,85,6f,a2,46,d4,1a,1a,cf,ec,2d,3f,b2,3f,\
43,17,b6,11,75,dc,52,fd,8e,9b,5f,ef,c6,8b,af,64,1f,38,fe,83,14,96,c0,91,b3,\
01,df,2a,4d,1a,94,46,c0,85,96,3c,bd,e2,ae,3c,3f,83,fa,d5,8b,2b,5d,70,fb,b1,\
ec,34,99,1f,b3,ba,8f,c3,03,26,bb,08,11,91,73,b9,4f,af,a6,d4,68,ca,13,e0,ac,\
64,69,9b,9d,c0,be,f6,1f,58,e9,70,e4,dd,af,6f,2e,ee,55,e3,c7,f2,d4,d6,91,5d,\
a3,d3,01,4f,78,3f,ba,57,21,75,d8,23,ef,5b,b0,f7,3d,72,f3,fc,ba,4f,90,40,c8,\
dc,12,9b,43,f8,7f,a3,e5,a2,8e,1c,34,33,c4,3c,54,02,d1,4e,7d,c2,65,ef,bc,17,\
8a,52,48,97,9c,da,e2,94,4c,3f,37,42,ab,78,45,2a,d8,00,45,b5,f9,b0,22,d2,7b,\
a0,89,c4,3f,2b,8f,55,75,e2,59,c3,17,2c,b0,bc,db,a5,30,b8,b4,2e,93,b7,26,19,\
e2,b7,38,0f,12,42,1a,13,b4,09,1c,4d,16,6f,c1,db,dc,d6,e0,d7,d7,5f,3c,ef,13,\
cb,f9,77,ca,78,fd,8b,50,b9,1d,d1,66,d7,61,79,49,70,1f,15,c3,50,7e,e8,4d,e0,\
89,44,14,3c,13,f5,3e,48,cc,62,b8,b3,f3,c6,5e,35,49,f3,87,d8,b1,4e,9e,15,59,\
7f,49,e6,c5,83,c4,f9,b3,f6,dd,19,37,f0,fe,8a,06,78,99,4f,cf,db,d9,bd,8a,31,\
c9,40,6a,b6,dc,a9,fe,cd,53,70,6d,36,4c,1a,4e,b7,03,f3,85,c5,07,e1,bb,82,8e,\
96,a6,4d,c3,79,14,66,38,50,21,ad,18,48,c3,23,36,f7,d7,25,92,76,a4,5b,5f,8a,\
33,3b,e3,cb,7b,03,e4,fa,71,4a,af,d5,32,50,d0,eb,e6,f0,b6,7c,fa,13,18,ad,92,\
f4,5a,5d,47,40,02,fe,28,d1,e7,f8,1b,52,6c,1f,6f,00,e8,32,69,21,fa,3e,01,d2,\
6c,aa,0a,6a,4f,1b,9c,28,cd,25,d4,3f,5e,7e,a6,bf,e6,06,19,d2,d8,5b,84,ef,83,\
5a,b4,b2,b8,3d,15,db,d6,e4,83,a0,cf,49,9d,31,30,17,9d,b6,73,90,7c,f6,8a,b0,\
96,34,c2,7b,68,66,4b,15,33,53,67,49,46,c2,6a,25,84,ae,4e,7f,8c,7b,7c,c5,8f,\
28,b9,bf,38,c1,95,56,02,4c,5e,44,07,c0,ec,34,bb,a4,dc,87,d6,f8,01,7e,35,a4,\
c9,7c,ac,cd,1f,a9,ad,63,c8,c6,95,6b,67,30,3d,07,9d,16,50,23,c4,3e,b9,3b,c6,\
b0,3d,ec,fa,b5,c3,bd,48,aa,a9,89,89,c5,57,b9,bb,0f,fa,92,c6,4e,a4,b9,46,aa,\
7a,52,fc,28,15,80,73,b8,c8,36,a8,eb,50,5c,a5,a0,60,0b,70,09,e8,ce,1d,c7,b4,\
80,db,70,ba,ba,ed,a9,9a,7b,95,8d,98,5c,95,ba,5f,6d,e5,66,e9,78,e2,26,7d,24,\
40,92,44,17,77,a6,72,2f,83,e9,fd,a6,98,df,83,68,59,9e,b7,3a,bc,28,dd,4e,dd,\
27,c1,70,6c,38,a3,2c,2c,1b,56,91,a2,85,cf,2f,59,1b,72,97,a8,b1,75,62,fa,11,\
c3,56,8e,a8,73,ee,cc,24,15,99,dd,9c,70,e2,3a,75,fd,63,f2,34,00,73,31,4d,e7,\
77,86,74,3a,5e,fa,8e,72,5a,41,47,0b,1d,5f,bc,69,5e,07,fa,f6,3f,3c,f6,59,17,\
2b,07,31,bf,5f,66,e2,ac,c7,ae,5d,c2,34,71,db,a9,99,4d,90,57,45,98,f3,f0,b7,\
ed,04,bf,51,0e,c3,a0,70,b8,51,d5,c0,5b,ec,41,83,ea,ef,1f,36,98,67,91,3a,72,\
5a,96,e4,0c,cc,b3,22,9f,87,d4,db,28,e1,4b,0a,dd,4e,ee,6c,47,f9,95,4d,e5,eb,\
59,c1,34,46,03,a8,f5,f3,1e,0e,74,0d,58,a6,98,20,e8,e5,05,ad,d4,06,36,5d,2c,\
99,d5,52,6c,a4,c0,38,0a,9d,fd,d0,6a,31,13,69,8a,ef,d4,d5,be,bb,0e,89,b0,3a,\
eb,eb,3a,33,36,23,cc,2e,ba,9c,50,53,65,51,69,8f,d6,90,c6,c6,a0,0b,ed,cf,e0,\
ec,12,ec,92,40,0e,eb,bc,1d,fa,57,37,5c,39,2e,53,f6,7a,80,3b,f2,45,c3,ae,c6,\
56,94,15,70,6f,93,61,2d,bf,39,61,d7,55,76,09,86,dc,a1,0e,ba,62,df,66,ef,cd,\
55,87,a5,1b,69,a6,b6,06,6a,e5,2b,50,54,09,5c,5d,aa,ac,1d,ee,cd,73,f1,d0,12,\
08,cb,fb,93,22,75,68,61,be,a0,a7,8a,37,d4,6f,92,a0,a3,3f,e7,a5,c9,e9,38,5e,\
ff,22,17,40,e6,93,c2,20,5f,53,92,f6,05,e6,29,23,f7,1e,38,9d,e1,9b,40,d8,3a,\
98,45,b7,64,18,f0,6e,71,10,8d,d5,fe,8a,51,2e,af,1a,01,2d,2e,1e,b6,f7,d4,02,\
41,f7,6c,d4,ce,5e,20,20,fa,5c,48,fc,9f,fa,a7,54,b9,15,22,2d,80,23,98,8d,0b,\
17,54,63,f5,66,e0,45,18,3b,f6,40,5e,9d,a1,92,00,94,cc,e4,76,8f,ed,20,41,47,\
a5,c2,56,38,b6,fb,f6,e1,1e,32,a4,b2,f2,6a,02,a5,ac,b7,f4,7d,ef,79,06,63,57,\
65,bd,33,6d,1e,04,09,4c,f9,65,48,f2,87,91,45,06,33,8c,31,e2,47,e3,41,00,46,\
de,dd,b9,42,98,59,2a,c6,f4,43,3e,f0,a2,cf,d1,5f,73,d9,2f,70,6a,1a,f1,cd,4d,\
e0,ac,aa,3b,17,a6,c5,a4,48,f7,b8,af,81,10,0b,08,98,19,b6,35,b5,30,43,33,42,\
d9,62,e1,55,02,f7,f9,b9,e8,e7,8b,0e,1b,f8,10,c5,b6,35,25,66,df,be,2f,13,77,\
79,16,7e,00,9c,b3,71,b2,e7,73,ac,d4,9f,9a,38,56,cb,5d,68,58,76,37,1a,7c,c8,\
7e,8e,bc,08,de,59,02,0c,cf,60,e8,b2,8d,d3,dc,19,2b,03,fd,4f,4b,c1,8e,6e,6a,\
fa,c3,b2,67,dd,b9,a4,9b,b1,f5,6d,f2,a3,09,90,3e,36,fc,a1,f3,61,da,84,80,2c,\
e7,53,52,36,12,23,43,e3,51,35,85,97,40,74,45,e5,eb,1e,7b,dd,0b,4d,c6,91,12,\
09,33,05,7a,8d,05,d2,d2,d8,97,9e,6f,00,e2,52,77,82,36,42,49,93,92,31,0a,66,\
0e,2c,05,9d,43,6f,ff,f7,f5,1a,db,7f,81,56,1a,a4,89,a1,1b,82,3e,ec,36,62,05,\
08,b3,0b,8d,55,59,61,23,99,e0,1c,e9,86,e8,d8,20,dc,23,98,fb,af,da,e2,91,18,\
79,ed,40,df,81,da,2a,d9,29,55,57,1f,8d,a1,c5,e6,24,e5,2e,95,fc,78,4b,f9,56,\
fd,26,ef,14,80,4e,cc,e3,d0,5b,88,f4,c5,39,be,e2,71,8c,c4,8b,ea,41,1c,10,80,\
66,ca,b3,bf,03,a1,07,3a,89,28,42,df,a2,bc,54,21,bb,d7,9a,40,1d,fc,63,0e,0b,\
55,95,17,c7,02,6c,68,ef,ed,a2,5a,2d,69,fc,88,e5,81,64,69,c4,f3,21,d6,51,de,\
97,ba,7e,aa,77,94,fc,a1,27,ff,2b,7a,3d,ee,70,0a,3d,25,7f,cf,41,74,99,9a,ab,\
8c,ae,60,2a,76,59,59,f2,23,62,b0,e6,1e,98,c1,75,bd,7c,32,be,ea,3f,15,de,ca,\
ac,4a,a1,3e,3b,9b,85,9f,09,39,52,37,c4,c6,5c,0c,08,9a,9e,99,16,4e,12,b6,2c,\
30,cf,3d,47,eb,52,4d,57,df,7e,4a,87,be,97,ec,6a,ef,74,cb,1a,13,a0,2e,0f,ad,\
48,45,7b,ec,19,e3,ca,83,8a,81,3f,45,71,b7,e4,c6,54,c5,51,34,9f,87,e9,86,c2,\
54,53,c2,65,9a,a0,96,32,ae,4b,60,14,db,cf,aa,f1,b3,f8,e4,78,ad,15,d6,34,80,\
f4,cf,e8,03,eb,6c,65,c6,7b,9e,ab,84,7e,a5,c8,9c,c0,b3,b9,37,c7,f5,95,b3,30,\
f3,2e,22,2a,63,65,53,a7,e4,31,be,aa,29,d4,37,51,31,f2,cb,78,ed,8c,42,f3,e7,\
9f,49,12,53,a9,80,78,2b,aa,e4,0f,4a,ef,11,c4,83,f8,11,ed,6f,20,35,1e,68,93,\
07,b0,6d,1d,ce,ca,a2,76,31,de,e8,6c,89,21,8a,ac,47,ef,f2,e7,45,db,1e,6a,4e,\
d7,93,0a,aa,88,dc,04,fa,b7,f7,02,ff,5c,b7,1e,91,41,21,60,5f,f8,1b,01,bf,2a,\
a7,f1,b3,a8,7f,b3,40,c1,d1,22,83,a7,24,44,5d,94,93,83,08,8e,3f,8c,33,8f,d7,\
73,b0,09,67,52,a6,8d,69,e8,c5,2d,9c,bd,dd,1a,90,40,9d,4d,bf,39,1b,39,f0,63,\
f9,ac,a1,1c,50,a5,b2,a5,6d,df,4c
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-1085031214-117609710-725345543-1004\Software\SecuROM\License information*NULL*]
"datasecu"=hex:5d,d7,54,f4,68,03,0d,e6,0c,2b,23,41,73,64,a8,9f,b8,c2,70,b7,5f,\
cf,4a,c5,1e,39,21,a5,e0,15,07,b8,04,42,9c,f1,d5,cd,22,4f,09,ec,53,ad,8e,95,\
f9,77,5f,ec,00,f0,cb,6a,fd,a3,d0,d4,ee,a2,d8,f8,4c,0b,2c,2c,5e,57,e3,fe,ac,\
5c,6b,14,1f,c3,d2,9c,8e,d7,3e,5f,0a,fc,28,7f,8a,5d,f6,0e,58,48,8f,85,65,89,\
c2,94,0b,44,18,eb,43,34,f2,ed,23,37,6c,f3,48,7c,1a,c0,4f,0f,0c,0e,bc,e1,6f,\
53,d4,51,de,51,b6,9a,00,ab,03,96,dd,11,7a,21,94,6a,90,3c,9e,ce,5d,2d,0a,41,\
7f,bd,d3,a2,30,24,68,09,d0,85,61,53,c6,a3,28,cb,7a,2c,ec,49,ec,96,86,c3,35,\
60,ab,c2,cd,82,92,dc,3c,ed,c3,de,8e,9e,86,0f,6b,f5,ac,ea,b9,fc,83,b8,64,9c,\
b0,65,ff,88,28,7c,7d,88,ed,aa,ca,f2,47,98,2d,86,5b,d0,66,bd,b4,7c,a6,60,18,\
77,e4,20,61,88,eb,de,aa,5c,e6,2b,00,77,9f,d0,c0,90,75,24,f0,fb,23,49,da,35,\
70,7f,5e,46,4a,05,11,aa,79,b8,12,c8,8c,50,4a,31,ed,51,ab,91,2e,1b,24,b3,a1,\
3f,70,12,76,3e,3f,43,d1,2d,90,2c,48,bd,e7,55,be,e7,df,be,07,f3,cc,67,35,1b,\
b1,f4,1b,bb,87,ac,cd,2e,dd,92,c4,d4,c0,fc,39,46,6c,2d,77,40,2e,7b,67,ea,8d,\
8a,65,67,d5,5c,35,5d,ea,4e,8c,b8,2d,81,77,61,8c,65,1b,8e,57,d3,f0,31,60,1f,\
26,ce,a5,d5,f1,eb,bd,17,b1,a1,4e,07,4b,6d,ab,09,4c,b4,3b,80,2b,85,0a,1c,d6,\
4e,4f,a6,7a,ae,66,87,4a,22,82,e4,4c,e8,f7,ad,89,bb,90,c4,f6,bb,5d,22,e3,a8,\
e4,15,33,63,2b,aa,a0,60,27,8a,5a,90,55,2e,e4,23,db,e9,a0,5b,48,85,26,a3,e2,\
bb,b0,71,3f,d5,77,35,c5,96,aa,ab,fc,16,eb,fb,c4,eb,1d,7d,e8,fc,b3,df,73,3a,\
22,51,88,b1,c5,0c,b9,5c,37,c2,67,25,76,81,91,9b,f8,11,cd,68,4a,62,89,a8,5f,\
85,32,25,34,64,0b,1d,04,58,5d,10,84,42,5d,0f,89,88,8b,60,c8,2c,20,5d,df,84,\
c1,22,68,96,8d,7b,41,dc,e9,6e,04,87,c6,a5,fd,0a,45,7f,c6,40,6e,8c,aa,ae,69,\
3e,b2,e9,d1,04,3f,9b,41,03,c4,f5,4f,26,6b,7d,6b,d3,dc,6d,f8,51,24,6a,90,d1,\
1a,6f,0b,6e,56,48,85,a0,03,f7,8c,6b,2f,71,1e,e8,64,60,c5,27,ba,d8,3a,73,be,\
70,b4,75,2d,5e,55,c4,a3,f2,25,dc,9e,d5,c1,7a,fa,9a,25,0d,61,09,eb,c6,ed,c5,\
31,e2,70,f2,95,f9,db,85,f7,6b,24,10,da,e7,84,ae,65,1a,54,13,d1,3a,96,f5,89,\
c5,a4,55,95,eb,2b,fc,33,da,90,09,6e,51,19,be,0c,7a,c9,5a,48,a8,6f,99,e4,1f,\
c8,99,f5,a6,4d,59,90,55,9d,8c,6f,d0,a5,29,57,99,e8,3c,1a,b0,d6,66,55,4f,74,\
96,74,3a,6a,da,40,c5,d3,b3,d6,70,49,82,50,9e,91,e8,a0,23,98,0f,9c,63,fd,89,\
26,18,8c,da,c8,31,dd,ee,68,c7,02,40,c0,c3,cf,e2,b1,9a,c7,64,d9,a5,94,9e,a9,\
f6,f7,35,5b,43,72,64,23,34,1b,f2,b8,21,2c,53,ba,9d,e7,c8,81,3e,ce,19,eb,a2,\
b3,9f,90,19,9a,50,36,96,9b,ce,04,23,a0,6d,b6,0e,bd,7b,84,61,c6,d0,d2,56,b8,\
99,37,05,ae,c9,58,27,d3,2b,42,af,e9,b0,28,4a,a4,f3,e7,48,d9,f8,29,2b,61,8b,\
05,94,fa,5a,d0,1c,ea,96,cc,67,8b,32,fe,71,fe,4d,61,69,f5,8a,64,22,50,cb,b0,\
8b,da,13,18,19,ed,43,0f,58,ff,3f,76,35,9e,41,4e,86,4f,b4,01,74,65,cf,b6,46,\
e4,61,10,90,7d,0a,b9,e1,ec,ea,ce,a3,17,88,c4,43,39,2e,62,ac,99,a6,96,ab,85,\
04,97,b9,9e,90,8c,b3,a0,38,aa,48,ae,ea,a6,bc,6f,ca,d9,bf,9c,d7,cb,d1,09,37,\
19,a5,9b,a5,91,1b,a8,ce,9a,d3,52,b5,01,7a,f6,ba,2d,f7,9d,0e,7b,82,fc,f6,fa,\
3c,62,0b,b8,ea,e7,45,b4,3d,78,fc,ea,e0,30,88,c8,2a,2e,a6,6a,43,52,3d,de,0e,\
74,00,37,3b,94,86,19,cc,f4,65,dc,95,e8,93,20,c2,79,67,65,5f,d0,b3,aa,34,7c,\
7a,6c,7e,85,45,af,b3,2e,13,fc,ad,53,1d,25,9a,dd,64,05,8d,85,01,d2,41,e1,65,\
0b,26,f3,49,e8,96,d3,e9,8e,7d,08,57,c8,3b,56,87,c0,70,81,ac,db,c5,db,d9,09,\
8b,93,20,2f,55,80,b7,bf,28,f7,40,a2,3c,8a,79,2d,26,82,70,c7,49,b3,7a,5e,44,\
8e,30,ee,c5,c2,c3,e6,e9,68,27,ac,ac,11,f8,54,ac,d8,11,94,b9,7f,e6,ce,79,70,\
ca,0e,e6,1d,cd,27,e8,b2,44,ca,dc,9f,a6,5c,13,76,07,22,df,35,69,2f,e8,0a,b0,\
32,c0,9b,d6,0b,cc,17,d3,e2,41,5c,b6,0b,35,d5,f8,03,89,4e,91,00,c6,f2,d0,8f,\
e1,81,8a,97,f5,ce,75,25,6b,cb,24,93,6c,df,bd,fd,63,be,e3,a4,b1,77,e6,f3,99,\
aa,02,fb,b8,e9,30,d4,dd,0c,a6,c5,c7,37,a8,af,7d,84,63,45,56,31,36,3f,17,05,\
e7,58,9a,a8,d2,08,c4,e3,68,09,dd,46,2b,17,3e,db,12,9e,c5,18,a5,b5,05,ff,d9,\
8c,9d,b4,bc,f9,77,df,e2,ed,a7,a0,46,db,4c,a5,8f,c5,42,4f,0b,f4,6c,32,3d,e9,\
78,85,1a,8e,15,e6,ff,19,85,55,22,ce,3e,84,4a,be,81,8c,a6,0d,5f,1e,0c,8e,b6,\
62,fc,1f,28,d7,f0,cd,ea,e3,01,ff,0b,bc,19,ef,34,a3,3d,14,e8,8f,45,e6,cc,8c,\
f9,c1,73,73,4b,12,5e,57,67,04,f3,c3,85,04,28,d5,4f,66,20,5f,f5,00,a9,69,82,\
e8,3d,1f,ed,62,57,00,e1,ab,04,cf,af,18,6e,6b,cf,f9,39,9f,1a,96,09,fd,80,79,\
f4,2d,3c,f4,1a,26,33,0c,c1,6a,c8,75,b6,a6,9d,07,e0,53,68,02,71,c4,4b,ed,cd,\
e7,59,dc,4a,ac,fd,52,9d,bb,0b,dd,4e,cf,8e,1c,ff,3e,19,97,eb,56,ea,cb,49,d8,\
20,45,ea,f6,6f,4f,d6,24,ac,bd,46,3f,39,42,1d,94,a7,01,3d,b0,03,87,e7,dd,5b,\
91,09,74,89,19,1a,be,b2,ee,9b,90,4e,04,ca,85,ef,a1,75,49,ba,dd,73,57,2f,27,\
10,5d,b4,39,f5,67,93,b2,54,20,7f,ff,fa,a6,9a,fe,6e,b1,63,ee,76,83,94,4f,af,\
54,95,9b,28,fa,44,a0,f3,5d,c7,f0,03,27,29,dc,41,f1,82,5b,f5,1e,a5,f2,82,2b,\
f3,90,a2,20,a7,33,20,48,5a,63,c1,1e,79,8c,8b,41,c7,01,66,41,49,f2,58,b9,42,\
6c,90,97,64,38,64,bd,0e,f7,f9,36,94,a7,67,bb,60,95,d9,ee,c9,a1,3b,dc,4d,81,\
fe,c3,dc,a5,b7,79,16,32,97,5a,2d,6c,8e,07,50,61,d7,ef,83,32,12,38,6b,4f,6a,\
d8,7a,a9,4d,4c,b8,1c,c9,3a,0a,76,40,07,5b,64,e3,ab,ae,b2,1e,c2,87,2f,3f,25,\
74,af,d5,92,51,27,b7,43,df,89,90,d1,71,26,57,1b,60,d1,91,c3,71,f1,64,cd,a7,\
71,9e,87,36,a4,6c,6d,df,9d,67,5d,2c,0b,78,04,91,ee,3e,66,91,eb,1a,1a,d8,f7,\
53,1f,83,d9,cb,dc,ef,50,e2,fb,5a,58,be,96,82,56,ca,9b,29,08,76,6a,9c,96,59,\
8b,d5,3a,3c,e5,16,62,82,14,ad,4e,05,8a,6f,59,b2,32,6d,bb,fd,39,f2,17,4e,ed,\
a9,74,86,24,2d,88,bd,93,3d,8d,76,3d,84,38,fb,0a,79,8e,f9,19,3d,22,d6,8c,1c,\
7a,7b,cb,1c,45,26,bf,b1,f8,63,91,fa,1e,5b,13,eb,1b,26,7e,f5,89,1a,21,99,9b,\
d3,35,f3,8f,d0,93,b4,a6,ad,9b,d4,1d,6b,3f,ef,59,37,53,0a,93,07,da,1c,b2,46,\
60,20,b5,0f,8d,3a,4e,e0,7d,27,7d,b9,24,83,a0,b0,fa,70,f0,ca,fe,0a,b0,90,0d,\
ac,3a,33,ce,1b,df,2a,cb,e8,11,cd,0f,eb,44,14,5e,f0,66,01,f6,74,46,41,a4,83,\
38,01,b7,7e,30,84,73,5e,1e,18,cd,42,34,bf,45,7f,12,f4,4d,7e,e7,38,1b,ff,c2,\
28,12,17,1d,27,bb,86,ef,17,d6,f1,ab,0d,f8,6b,4b,bc,b8,88,ff,25,50,0f,03,93,\
72,81,b8,ba,d9,4f,e0,1c,df,2c,f2,4a,f6,2e,b3,40,bd,e1,49,78,5b,bc,e7,01,e6,\
a6,41,5c,b9,2f,55,f6,a6,9d,40,97,04,db,a1,7d,e8,64,61,32,07,5a,64,5d,d0,04,\
3e,73,0a,ed,e8,fb,15,16,6c,3b,2c,ea,2e,20,ad,85,36,4b,f8,65,6c,e8,a5,4c,18,\
4c,2d,3d,ae,b9,c2,d2,20,78,89,9d,22,56,22,74,f9,62,75,5b,3f,63,16,46,d5,ae,\
2a,87,0d,06,92,2a,30,94,c8,14,95,0c,c3,39,f9,f1,9f,7f,46,90,f9,aa,53,96,76,\
37,df,1d,0c,d9,ae,75,ef,36,42,c1,e2,60,df,57,f9,8c,0e,82,69,bd,a3,ec,04,1b,\
ad,78,1b,79,db,c9,2c,57,b8,41,79,43,50,c1,c6,83,5d,1e,3e,d3,1b,19,94,32,0d,\
8a,00,18,11,c8,24,29,96,50,ef,70,4f,68,b9,ba,51,27,d5,f1,49,bb,01,7a,b0,78,\
26,48,79,25,df,43,5a,25,dd,ed,1e,13,f1,da,8b,53,ed,4d,94,75,36,5d,12,a9,71,\
d0,98,68,04,67,f7,e9,f2,b3,8d,57,2e,39,7a,6f,5f,03,88,56,d6,f2,21,08,e8,82,\
f4,ff,10,10,22,c5,89,e9,b1,76,29,56,cb,dd,b1,4a,63,2a,c6,72,45,25,59,bc,05,\
53,78,8f,9c,54,35,a9,29,ac,4a,8f,dc,72,90,53,0f,4a,a7,65,dc,f3,7a,9e,aa,6e,\
52,80,85,ce,0b,f6,f1,a3,c9,ff,77,35,f7,e5,c0,a0,4c,a0,f3,01,42,e0,ed,ed,71,\
d1,3d,85,d5,fc,fa,1c,e7,2a,e8,3b,dc,db,c5,c0,d8,80,55,2d,26,6e,10,3d,f1,87,\
46,4e,21,02,8b,ed,95,22,05,1b,9c,ad,38,c2,44,8f,2c,a3,5f,7c,76,e8,04,0c,51,\
b2,d5,96,36,2f,d9,24,04,2a,b9,ff,2e,81,5f,36,e1,73,ac,53,e8,af,ff,63,12,ed,\
7a,06,d8,8b,be,a1,f5,a7,68,ca,7e,e0,a1,67,af,b7,32,83,63,31,97,51,de,5b,fa,\
5d,78,7d,8a,e5,e9,03,ba,02,ba,a1,49,72,c1,ef,aa,06,05,58,de,dd,1d,06,63,07,\
f4,c9,8b,9d,72,6e,a4,cf,b8,0d,79,7e,7f,f2,5e,94,e6,a9,00,dc,ce,c0,1d,b9,7d,\
cb,b8,68,16,00,af,dc,8f,1c,42,b6,58,28,57,58,9e,45,ad,b0,38,fc,df,fd,5b,e4,\
d5,7f,02,a2,6a,1c,b2,56,e7,e1,78,c0,04,d8,3d,52,e2,2b,69,8f,8a,57,0c,63,31,\
af,3b,07,0a,9d,79,ac,6b,e0,98,12,54,cb,90,2e,8a,a7,d6,f2,e9,fc,8e,b8,35,e9,\
95,31,2f,d1,ef,36,cb,1c,e0,bc,76,b2,23,75,0f,89,69,6e,fc,1d,d4,60,b4,6e,be,\
24,37,65,cc,92,b5,9c,16,e9,80,35,c1,67,5b,e9,3f,71,e9,d7,78,8b,91,6a,0f,3b,\
2b,d0,12,87,75,57,f0,ce,62,34,2b,38,4a,ed,6d,88,45,f6,4f,18,28,7e,ce,93,be,\
94,fe,15,81,d3,34,1d,67,be,04,9f,00,22,4d,96,17,6c,3c,ad,8f,85,76,c2,fc,cf,\
61,7e,8e,3f,9c,ab,25,d0,b7,83,4c,5c,33,27,b8,2f,28,e7,d3,7c,3e,b8,a1,72,0e,\
4f,ad,05,21,aa,3b,fd,86,22,8c,a3,75,96,6c,9b,d6,0c,a2,61,75,37,27,39,e7,d0,\
ec,e0,b9,16,66,a3,51,a0,78,f9,c9,bd,7b,07,f9,a8,ce,cf,52,5d,86,05,a3,b2,2a,\
cf,e3,32,3d,ae,e3,cd,ca,93,af,3e,70,c6,e8,f3,16,33,c5,9a,56,09,58,33,87,be,\
2b,63,42,03,62,27,a1,a4,16,ad,d7,b8,39,38,70,f8,39,93,0a,a0,d6,ed,7b,38,e6,\
52,91,10,69,66,29,1f,10,d4,5d,5d,8a,9e,ad,e4,a6,54,84,98,fe,8e,ed,70,30,81,\
3d,db,ef,88,66,b4,7e,16,bc,59,b8,51,f3,4b,d0,3a,5e,8f,dc,f7,f9,ef,ea,df,d4,\
e2,af,af,13,99,56,de,99,bd,ad,96,ba,a5,a6,50,c2,13,49,2c,d6,4b,f0,4a,37,d2,\
78,9f,23,83,cc,02,77,2b,dc,e3,9d,f2,8c,04,fd,ad,b5,26,ff,70,97,c7,72,20,3b,\
11,c8,dd,df,a7,6a,6e,3b,bb,91,15,84,09,c9,3d,e7,cc,60,52,49,10,22,4c,50,1d,\
5b,5f,31,9a,15,df,38,a6,39,42,c0,fc,dc,74,66,3e,ae,1c,81,63,6a,4e,1f,4f,b8,\
ba,1c,97,2d,0b,46,d0,95,90,6d,15,d0,87,e8,2d,c1,9d,98,0b,6d,d8,36,99,51,10,\
da,d0,06,11,47,f5,af,49,fc,94,d9,0c,94,ec,23,61,8f,f6,05,2e,aa,d6,7d,75,13,\
a0,bf,95,95,38,14,87,5a,03,5d,2c,24,8d
"rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-01-08 17:42:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-08 23:42:08
ComboFix2.txt 2009-01-08 00:16:52

Pre-Run: 248,863,260,672 bytes free
Post-Run: 248,855,740,416 bytes free

707 --- E O F --- 2009-01-08 20:01:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:29 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8489 bytes

Thanks!

I've also submitted the file you asked me too.

Edited by Zaraph, 08 January 2009 - 07:01 PM.


#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:03:55 AM

Posted 09 January 2009 - 05:27 PM

Hello Zaraph,

Your logs do look fine now. :thumbsup:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update11.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
No more issues ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users