Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix help


  • This topic is locked This topic is locked
2 replies to this topic

#1 hfc

hfc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 18 October 2009 - 10:54 AM

Hi i have used combofix to look for a keylogger after my WOW account was hacked into. I was directed here after the combofix log was made can some one help me? By the way this is all new to me.




ComboFix 09-10-17.01 - Robbie 18/10/2009 14:03.1.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.44.1033.18.3582.2035 [GMT 1:00]
Running from: c:\users\Robbie\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2654152876-736548915-1728690921-500
c:\$recycle.bin\S-1-5-21-3463792565-916991325-2554650896-1004
c:\$recycle.bin\S-1-5-21-3463792565-916991325-2554650896-500
C:\install.exe
c:\windows\Installer\8c7225c.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.

2009-10-18 13:15 . 2009-10-18 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-18 13:15 . 2009-10-18 13:15 -------- d-----w- c:\users\Scott\AppData\Local\temp
2009-10-18 13:15 . 2009-10-18 13:15 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2009-10-18 12:37 . 2004-07-16 15:11 622113 ----a-w- c:\windows\system32\IDPList.dll
2009-10-18 12:37 . 2004-06-12 11:02 162 ----a-w- c:\windows\system32\IDPCritProc.dll
2009-10-18 12:37 . 2004-05-15 11:12 13772 ----a-w- c:\windows\system32\IDPImmData.dll
2009-10-18 12:20 . 2009-10-18 12:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-10-18 11:42 . 2009-10-18 12:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-18 11:42 . 2009-10-18 11:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-18 11:24 . 2009-10-18 11:24 -------- d-----w- c:\program files\Trend Micro
2009-10-18 10:41 . 2009-10-18 12:37 1002044 ----a-w- c:\windows\system32\IDPExe.zip
2009-10-18 10:41 . 2009-10-18 12:37 1669117 ----a-w- c:\windows\system32\IDPSig.zip
2009-10-18 10:07 . 2009-10-18 10:07 -------- d-----w- c:\program files\File Shredder
2009-10-18 09:34 . 2009-10-18 09:34 -------- d-----w- c:\programdata\CheckPoint
2009-10-18 09:34 . 2009-10-18 09:34 -------- d-----w- c:\program files\Zone Labs
2009-10-18 09:33 . 2009-10-18 09:34 -------- d-----w- c:\windows\Internet Logs
2009-10-18 09:11 . 1999-12-17 21:43 86016 ----a-w- c:\windows\unvise32.exe
2009-10-18 09:11 . 2009-10-18 10:34 -------- d-----w- c:\program files\IdentityPatrol
2009-10-16 15:30 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 15:30 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 15:30 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 15:29 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-16 15:29 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-16 15:28 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-16 15:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-16 15:28 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 17:22 . 2009-10-15 17:22 -------- d-----w- c:\programdata\Azureus
2009-10-15 17:22 . 2009-10-15 21:27 -------- d-----w- c:\users\Robbie\AppData\Roaming\Azureus
2009-10-15 17:22 . 2009-10-15 17:22 -------- d-----w- c:\program files\Conduit
2009-10-15 17:22 . 2009-10-15 17:22 -------- d-----w- c:\program files\Mininova-Vuze
2009-10-15 17:22 . 2009-10-15 17:22 -------- d-----w- c:\program files\Vuze
2009-10-15 15:22 . 2009-10-15 15:36 -------- d-----w- c:\program files\AC Tool
2009-10-02 13:09 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-02 13:09 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-02 13:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-02 13:09 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-02 13:08 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-02 13:08 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-02 13:08 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-02 13:08 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-02 13:08 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-09-26 17:31 . 2009-09-26 17:31 -------- d-----w- c:\programdata\Razer
2009-09-26 17:31 . 2005-12-21 10:23 14592 ----a-w- c:\windows\system32\drivers\Usbicp.sys
2009-09-26 17:24 . 2009-09-26 17:24 -------- d-----w- c:\program files\Razer
2009-09-26 17:24 . 2007-08-08 10:04 12032 ----a-w- c:\windows\system32\drivers\Lachesis.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 13:16 . 2008-04-23 16:15 -------- d-----w- c:\programdata\Kontiki
2009-10-18 10:39 . 2008-01-09 17:01 7268 ----a-w- c:\users\Robbie\AppData\Local\d3d9caps.dat
2009-10-17 19:36 . 2008-07-23 13:08 -------- d-----w- c:\programdata\Google Updater
2009-10-17 02:24 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-17 02:02 . 2007-02-02 09:41 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 21:19 . 2008-12-03 16:38 -------- d-----w- c:\users\Robbie\AppData\Roaming\BitTorrent
2009-10-13 20:45 . 2007-12-28 13:51 1310 ----a-w- c:\users\Robbie\AppData\Roaming\wklnhst.dat
2009-10-11 20:18 . 2007-02-02 09:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-11 20:15 . 2009-04-26 10:10 -------- d-----w- c:\program files\IObit
2009-10-11 20:11 . 2008-11-23 20:28 -------- d-----w- c:\program files\Handbrake
2009-10-11 18:13 . 2008-11-09 18:07 -------- d-----w- c:\users\Robbie\AppData\Roaming\U3
2009-10-10 19:25 . 2008-08-20 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-10 19:20 . 2009-09-06 14:26 -------- d-----w- c:\program files\Teamspeak2_RC2
2009-10-10 19:20 . 2008-10-11 19:58 -------- d-----w- c:\program files\GameSpy Arcade
2009-10-10 19:20 . 2008-09-11 17:21 -------- d-----w- c:\program files\Free Internet Window Washer
2009-10-10 19:20 . 2008-09-11 17:20 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-10-10 19:20 . 2008-02-12 20:07 -------- d-----w- c:\programdata\WLInstaller
2009-10-10 19:20 . 2007-02-02 09:39 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-10-10 19:12 . 2009-04-26 10:10 -------- d-----w- c:\users\Robbie\AppData\Roaming\IObit
2009-10-10 11:35 . 2007-12-25 07:55 69080 ----a-w- c:\users\Robbie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-10 11:25 . 2009-06-24 08:32 -------- d-----w- c:\program files\McAfee
2009-10-03 00:20 . 2008-08-26 18:20 -------- d-----w- c:\program files\Java
2009-09-23 16:17 . 2008-09-05 19:10 -------- d-----w- c:\users\Robbie\AppData\Roaming\Yahoo!
2009-09-09 22:26 . 2009-09-09 22:26 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-09-09 22:25 . 2008-01-25 14:00 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 14:26 . 2009-09-06 14:26 -------- d-----w- c:\users\Robbie\AppData\Roaming\teamspeak2
2009-08-30 20:03 . 2009-08-14 22:52 -------- d-----w- c:\users\Robbie\AppData\Roaming\Blueberry
2009-08-28 12:39 . 2009-09-05 18:10 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-05 18:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-17 10:29 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-17 10:29 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-17 10:29 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-17 10:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 13:50 . 2009-04-17 13:40 -------- d-----w- c:\program files\Curse
2009-08-21 16:48 . 2008-09-10 18:08 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-08-20 16:00 . 2009-08-20 15:59 -------- d-----w- c:\programdata\Blizzard Entertainment
2009-08-14 22:50 . 2009-08-14 22:50 4608 ----a-w- c:\windows\system32\bbchlp.dll
2009-08-14 22:50 . 2009-08-14 22:50 4096 ----a-w- c:\windows\system32\drivers\bbcap.sys
2009-08-14 22:50 . 2009-08-14 22:50 30720 ----a-w- c:\windows\system32\bbcap.dll
2009-08-14 17:07 . 2009-09-09 15:11 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 15:11 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 15:11 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 15:11 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 15:11 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 15:11 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 15:11 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 15:11 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 15:11 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 15:11 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-03 14:07 . 2009-08-03 14:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 14:07 . 2009-08-03 14:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 14:07 . 2009-08-03 14:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-25 04:23 . 2008-12-15 19:46 411368 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2009-05-20 17:05 2085400 ----a-w- c:\program files\Mininova-Vuze\tbMini.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMini.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-08-23 1934336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2008-06-02 178712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-27 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-09 645328]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-05-11 1548288]
"Lachesis"="c:\program files\Razer\Lachesis\razerhid.exe" [2007-09-12 172032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"IdentityPatrol"="c:\program files\IdentityPatrol\IdentityPatrol.exe" [2008-02-12 6840320]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
backup=c:\windows\pss\Belkin Wireless USB Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Robbie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3F32C67B-CC67-4052-B5C6-620867FF7B38}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{683BA017-28EE-49B0-A200-1566E5E5A311}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{8F7CA30D-DE20-40FA-996B-027992311708}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{2AB6D1DB-66D8-4D70-85CB-7C4B9CE2651E}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{AD9C9E84-903E-4961-8E95-83409160A2F1}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{F0BE0165-8EFA-4AE5-B0C4-CD201BE5AC05}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{0D060D36-A093-4C19-A47E-E2B9ABA98889}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{69C76D5B-91C0-465F-8BBE-6E96A1039810}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{BACAC9C4-C39C-4D5E-B6E2-C725043FAADA}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4F3BB905-A6BD-4C2E-B2C7-54BCF88FF5A5}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{C575ACC2-0810-43DE-A2B1-250B200915A2}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{E35F8E52-FCAA-44B7-824C-992AD2929E87}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{13CE7402-8732-44AA-9800-A1EB60607F43}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{CB18F6A9-2D0D-4DCF-B7FE-735BF30C29B7}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{2B890ED6-2F2B-4864-A927-8B0EFC68F3A1}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D46284E6-A110-4D75-A461-8A8AA8466CAF}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{5470E981-60B6-4202-9CF6-3BAEE1E8F13F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{DF338E2D-BC5B-4955-8881-54A6B0664F86}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{C69B2C50-2BD7-4BD8-80CB-3249ADFB4820}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{CB79AB05-241B-40C5-B017-24A1CF23AFC3}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= UDP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"UDP Query User{FCCDD31E-7894-43D9-B9B7-5C29AEFCE0B0}c:\\program files\\microsoft games\\flight simulator 9\\fs9.exe"= TCP:c:\program files\microsoft games\flight simulator 9\fs9.exe:Microsoft Flight Simulator
"{BD3DC1BA-AA38-44AD-A53F-3B71FB6B7532}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{326EED07-6823-41EB-98C4-2F25BC99F14B}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{3E0A518D-3F0A-41E1-8F4F-33272718819B}"= c:\program files\Electronic Arts\Command & Conquer 3 Kane's Wrath\RetailExe\1.0\cnc3ep1.dat:Command & Conquer™ 3: Kane's Wrath
"TCP Query User{B898352D-B9B4-4139-9C4D-3AC1F520A41E}c:\\users\\robbie\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:c:\users\robbie\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{00838AEE-BD70-4E15-98CC-5DAFB9D834D3}c:\\users\\robbie\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:c:\users\robbie\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"TCP Query User{765997E9-690C-4080-842B-003A43AC935B}c:\\program files\\electronic arts\\command & conquer 3 kane's wrath\\retailexe\\1.1\\cnc3ep1.dat"= UDP:c:\program files\electronic arts\command & conquer 3 kane's wrath\retailexe\1.1\cnc3ep1.dat:Command and Conquerâ„¢ 3 Kane's Wrath
"UDP Query User{A1E2DA66-D659-4E36-9795-FD3BD04FDB39}c:\\program files\\electronic arts\\command & conquer 3 kane's wrath\\retailexe\\1.1\\cnc3ep1.dat"= TCP:c:\program files\electronic arts\command & conquer 3 kane's wrath\retailexe\1.1\cnc3ep1.dat:Command and Conquerâ„¢ 3 Kane's Wrath
"{C90DE4D9-A9CE-4AA1-A2F1-218D0BD06D04}"= c:\program files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Tiberium Wars
"{550BBA93-8C5D-4C85-BCF6-D1E96AFE956E}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{C8FC642A-B986-4AB4-96E2-6D906701A0C6}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B31FD0BF-0A68-4400-B1F4-58CC0340DE95}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{F1E220B3-884B-491F-AB57-9C1401768E02}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{05B08405-470B-41E0-8F0F-6594F1B323A2}"= UDP:c:\users\Robbie\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{6E90CED3-6E8D-4D6C-9EBD-E7A02A2B14E2}"= TCP:c:\users\Robbie\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{2443131A-B155-40CB-BF69-4FEDF9D96457}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4F9FE3AA-9C43-4076-96E0-46A6B745BD80}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{210E38A4-AEEC-4A43-AD7D-57932F183962}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E015ABEC-A2AF-4DD6-AA5D-9641B46A7873}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{511D308A-A683-45D0-A20D-961AA92AC74D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2240FF38-AE1D-4DBD-814D-8F96BDB4F278}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"{6C1F7199-FE2C-4EAE-ACF0-B756FA9A11FE}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:TurbineNetworkService
"TCP Query User{7BD35911-D721-4B06-B81E-89A34D8EEDBC}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{8C1EE17A-4B70-4212-A14C-C8A3D13AD3B0}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{0E2727E6-FED9-4160-9F9E-C7D50A90794D}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"TCP Query User{A4894532-4B08-4144-A341-B0DB9336B934}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.11.game"= UDP:c:\program files\electronic arts\red alert 3\data\ra3_1.11.game:Command & Conquerâ„¢ Red Alertâ„¢ 3
"UDP Query User{75DCBBE6-26CF-41ED-A439-7E485B09E727}c:\\program files\\electronic arts\\red alert 3\\data\\ra3_1.11.game"= TCP:c:\program files\electronic arts\red alert 3\data\ra3_1.11.game:Command & Conquerâ„¢ Red Alertâ„¢ 3
"{5829C70C-FE50-47CD-83AE-D1B6BDDF18C3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8FE50C32-2339-49BB-9145-77A843A4F713}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{9B1183CB-D4FD-48F8-9F5F-AA2DFAB0CC84}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{30EF983C-DA3A-4CFB-AF6D-E714D52FDE36}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{61D8A0FF-F92E-454A-ADBD-C195A0966606}"= UDP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:BT Broadband Desktop Help
"{BE6E8AB4-B3E9-4AF3-B5CE-13A5C0BAE993}"= TCP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:BT Broadband Desktop Help
"{591C9592-4BA0-4A8D-8B08-67D9E5297AD9}"= UDP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:BT Broadband Desktop Help Notifier
"{8A79A894-FB9D-44BF-8BC4-2ACEFE5275B4}"= TCP:c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:BT Broadband Desktop Help Notifier
"{51EA3B6E-027C-49CF-B3A4-F6BF74C8A06B}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{767A7F7B-764F-4B7B-A0CE-9EF1AECB9AEA}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
"{60FEFD8A-9A92-4000-8B83-D586FE49EEBF}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10257-enGB-ptr-downloader.exe:Blizzard Downloader
"{223F5DA4-4C8D-48F3-AA7A-A08A66B89A52}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10257-enGB-ptr-downloader.exe:Blizzard Downloader
"TCP Query User{8F8C6DD9-404F-42D1-ACC4-B9991362E8FC}c:\\users\\public\\games\\world of warcraft\\repair.exe"= UDP:c:\users\public\games\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{A694EEFF-8391-4512-8BFF-4C4E3CCCE72D}c:\\users\\public\\games\\world of warcraft\\repair.exe"= TCP:c:\users\public\games\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{230B33A5-8ACC-400F-B4B4-DCA3E3BCD949}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.4\\ra3game.dat"= UDP:c:\program files\ea games\red alert 3 beta\retailexe\1.4\ra3game.dat:Command & Conquerâ„¢ Red Alert 3â„¢
"UDP Query User{3832EC50-E8A3-488B-8440-3B4ACCC4CC64}c:\\program files\\ea games\\red alert 3 beta\\retailexe\\1.4\\ra3game.dat"= TCP:c:\program files\ea games\red alert 3 beta\retailexe\1.4\ra3game.dat:Command & Conquerâ„¢ Red Alert 3â„¢
"{B9A100ED-1DA4-4B63-B42E-4395D223F052}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{44E0EE94-5993-4792-B10D-B40B0FD9B7F4}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= UDP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"UDP Query User{104C669D-EF49-4D9B-955C-AE52CE387104}c:\\users\\public\\games\\world of warcraft public test\\launcher.exe"= TCP:c:\users\public\games\world of warcraft public test\launcher.exe:Blizzard Launcher
"{D9346B26-370F-491B-BDCA-3A83C61B6DF6}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10357-to-0.2.2.10371-enGB-ptr-downloader.exe:Blizzard Downloader
"{0D1295F2-0B4D-4414-B485-07ED932B3536}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10357-to-0.2.2.10371-enGB-ptr-downloader.exe:Blizzard Downloader
"{467CBC6C-341F-4AAD-85D5-19A2108B4E03}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10371-to-0.2.2.10392-enGB-ptr-downloader.exe:Blizzard Downloader
"{1968C052-E6E9-4221-818C-8FCCEFA575AE}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10371-to-0.2.2.10392-enGB-ptr-downloader.exe:Blizzard Downloader
"{97618F65-A20F-49ED-AF7C-0AD2B7F09B7A}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10392-to-0.2.2.10433-enGB-ptr-downloader.exe:Blizzard Downloader
"{0C5AD9C6-1C17-4A73-BAC3-E7F86CB3A88A}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.2.2.10392-to-0.2.2.10433-enGB-ptr-downloader.exe:Blizzard Downloader
"{95B6C7E6-1209-4F06-8FAA-7D518E0007F0}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:Blizzard Downloader
"{4C2D7E7B-BDDA-457A-B532-7A84AFDDCECA}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:Blizzard Downloader
"{2C6D5057-CE68-44DF-8732-884B1C3668A4}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:Blizzard Downloader
"{05CCE72F-358A-4162-8B79-EB2DAA63E11A}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:Blizzard Downloader
"{5EE026B6-BCF9-4496-A395-7C7C6AA51851}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10522-enGB-ptr-downloader.exe:Blizzard Downloader
"{E1AD0D4B-2A50-4F87-8FCA-42B188EC7E3C}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10522-enGB-ptr-downloader.exe:Blizzard Downloader
"{87051592-4585-432D-A52E-F3F6AE8790C8}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10522-to-0.3.0.10554-enGB-ptr-downloader.exe:Blizzard Downloader
"{9C0BE7CD-C1B1-4813-8FCB-28E703CA9EA4}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10522-to-0.3.0.10554-enGB-ptr-downloader.exe:Blizzard Downloader
"{15E6F4D6-9A88-4FBD-89FD-0D44A6E70EA0}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10554-to-0.3.0.10571-enGB-ptr-downloader.exe:Blizzard Downloader
"{B9ABA4C5-6B4F-4076-A026-E262AF085778}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10554-to-0.3.0.10571-enGB-ptr-downloader.exe:Blizzard Downloader
"TCP Query User{672E0E58-F74B-43D4-8715-920A6A3BFDE6}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{E131045D-99FA-41D7-BB8A-A5781F5427E4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{62CA8A9A-8206-435C-835F-0C699DC793D5}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10571-to-0.3.0.10596-enGB-ptr-downloader.exe:Blizzard Downloader
"{8EC06315-F73A-4731-BC13-3616411E1B5F}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-0.3.0.10571-to-0.3.0.10596-enGB-ptr-downloader.exe:Blizzard Downloader
"{B7D5DA55-DB82-4173-BE21-17DE60D52B8B}"= UDP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService
"{C47E1192-DAB2-43B1-B88F-2F3798B32B78}"= TCP:c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe:TurbineMessageService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 19:32 208896]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [24/06/2009 09:34 203280]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/10/2009 12:42 1153368]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\System32\drivers\3xHybrid.sys [26/01/2007 10:42 2831232]
R3 bbcap;bbcap;c:\windows\System32\drivers\bbcap.sys [14/08/2009 23:50 4096]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\System32\drivers\Lachesis.sys [26/09/2009 18:24 12032]
S2 0051501255199752mcinstcleanup;McAfee Application Installer Cleanup (0051501255199752);c:\windows\TEMP\005150~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\005150~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 18:13 29696]
S2 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineMessageService.exe [08/03/2009 21:19 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [08/03/2009 21:19 218608]
.
Contents of the 'Scheduled Tasks' folder

2009-10-18 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-07-09 14:35]

2009-10-18 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-09 08:55]

2008-02-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-10-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-27 16:34]

2009-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-10 20:26]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-10 20:26]

2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{20E5E237-B881-4991-A414-ED8AF79520FD}.job
- c:\windows\system32\msfeedssync.exe [2009-10-17 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1978305
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=desktop
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\h4vkfoz6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1978305&SearchSource=2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\Robbie\AppData\Roaming\Mozilla\Firefox\Profiles\h4vkfoz6.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-Adobe Shockwave Player - c:\windows\System32\Adobe\SHOCKW~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-18 14:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\S-1-5-21-3463792565-916991325-2554650896-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1a,62,8c,b7,ab,f5,ed,b1,0f,e8,df,dc,5a,aa,f9,b0,3f,bb,b5,c9,cf,8e,57,
5a,bf,8d,42,0a,4d,1a,b9,32,b6,65,79,6d,ba,10,86,9c,30,8c,0b,4f,b1,58,8d,d7,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-3463792565-916991325-2554650896-1001\Software\SecuROM\License information*]
"datasecu"=hex:a5,83,47,f1,6d,46,48,c0,d6,f8,ce,81,c7,31,66,8c,bc,f5,68,23,94,
0e,3c,a3,87,54,c6,42,d5,c9,17,b1,bd,36,9e,a9,44,5a,ff,51,f0,77,56,d9,90,67,\
"rkeysecu"=hex:56,c6,0d,e0,20,27,f2,5f,5e,7a,0c,15,6c,01,a7,f3

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-18 14:19
ComboFix-quarantined-files.txt 2009-10-18 13:19

Pre-Run: 183,764,561,920 bytes free
Post-Run: 183,625,392,128 bytes free

397 --- E O F --- 2009-10-18 08:37

Edited by hfc, 18 October 2009 - 11:43 AM.


BC AdBot (Login to Remove)

 


#2 hfc

hfc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 18 October 2009 - 11:45 AM

please help :(

#3 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 18 October 2009 - 06:33 PM

Hello hfc,

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM me or another Moderator.
The BC Staff




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users