ComboFix 10-08-12.03 - Omer 08/12/2010 17:15:29.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2903 [GMT 2:00]
Running from: c:\documents and settings\Omer\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-11 18:01 . 2010-08-11 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-08-10 01:43 . 2010-08-10 01:43 3584 ----a-r- c:\documents and settings\Omer\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-08-10 01:43 . 2010-08-10 01:43 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-08-10 01:43 . 2010-08-10 01:43 -------- d-----w- c:\program files\MSECACHE
2010-08-08 21:44 . 2010-08-08 21:44 388096 ----a-r- c:\documents and settings\Omer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-05 17:31 . 2010-08-05 18:45 -------- d-----w- c:\program files\Fraps
2010-08-05 11:25 . 2010-08-05 13:46 -------- d-----w- c:\documents and settings\Omer\.shsh
2010-08-05 00:57 . 2010-08-05 00:57 -------- d-----w- c:\program files\Nuclear Coffee
2010-08-05 00:36 . 2010-08-05 00:36 -------- d-----w- c:\documents and settings\Omer\Local Settings\Application Data\Thinstall
2010-08-05 00:08 . 2010-08-05 00:08 -------- d-----w- c:\program files\FDRLab
2010-08-04 23:40 . 2010-08-04 23:40 -------- d-----w- c:\program files\Neoretix
2010-08-04 23:38 . 2010-08-04 23:39 -------- d-----w- c:\program files\SpywareGuard
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\documents and settings\Omer\Application Data\Malwarebytes
2010-08-04 22:51 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 22:51 . 2010-08-04 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-04 22:51 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-04 21:45 . 2010-08-04 21:45 -------- d-----w- c:\documents and settings\Omer\Application Data\Scooter Software
2010-08-04 21:44 . 2010-08-04 21:45 -------- d-----w- c:\program files\Beyond Compare 3
2010-08-04 21:25 . 2010-08-07 19:02 -------- d-----w- C:\HijackThis
2010-08-04 20:40 . 2009-06-30 07:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-08-04 20:40 . 2010-08-04 20:40 -------- d-----w- c:\program files\Panda Security
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-08-04 20:23 . 2010-08-04 20:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-08-04 19:46 . 2010-08-04 19:46 -------- d-----w- c:\program files\iPod
2010-08-04 19:46 . 2010-08-04 19:47 -------- d-----w- c:\program files\iTunes
2010-08-04 19:38 . 2010-08-04 19:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-28 20:58 . 2010-07-31 08:29 -------- d-----w- c:\program files\InCode Solutions
2010-07-24 15:25 . 2010-07-24 15:25 -------- d-----w- c:\documents and settings\Omer\Local Settings\Application Data\Threat Expert
2010-07-24 09:58 . 2010-07-24 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-07-24 09:16 . 2010-07-24 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-24 09:16 . 2010-07-24 09:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-24 09:03 . 2010-07-24 09:03 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-07-22 23:40 . 2010-07-22 23:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-22 23:29 . 2010-07-22 23:29 -------- d-----w- c:\documents and settings\Omer\Local Settings\Application Data\Sunbelt Software
2010-07-22 23:29 . 2010-08-03 20:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-22 23:29 . 2010-07-12 08:56 2979280 -c----w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-22 23:29 . 2010-08-03 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-22 23:29 . 2010-07-22 23:29 -------- d-----w- c:\program files\Lavasoft
2010-07-22 21:33 . 2010-07-22 21:33 -------- d-----w- c:\program files\Trend Micro
2010-07-22 21:29 . 2009-01-13 23:24 0 ----a-w- c:\documents and settings\Omer\Application Data\WinPatrol\Config.sys
2010-07-22 21:29 . 2009-01-13 23:24 0 ----a-w- c:\documents and settings\Omer\Application Data\WinPatrol\Autoexec.bat
2010-07-22 21:29 . 2010-07-22 21:29 -------- d-----w- c:\documents and settings\Omer\Application Data\WinPatrol
2010-07-22 17:30 . 2010-07-22 17:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-07-22 17:30 . 2010-07-22 17:30 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-19 19:04 . 2010-06-30 15:24 424960 ---h--w- c:\documents and settings\Omer\Application Data\Any Video Converter Professional.exe.Exe
2010-07-14 19:52 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 14:51 . 2009-01-14 18:48 -------- d-----w- c:\program files\FlashGet
2010-08-11 19:50 . 2009-01-14 18:17 -------- d-----w- c:\program files\ESET
2010-08-11 19:46 . 2010-04-08 15:14 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-11 19:25 . 2010-04-08 15:14 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-10 01:06 . 2009-01-14 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 21:28 . 2009-11-06 15:19 -------- d-----w- c:\program files\MP3 Speed Changer
2010-08-07 21:28 . 2009-01-14 18:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-07 18:44 . 2009-01-13 23:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 18:44 . 2009-06-21 19:18 -------- d-----w- c:\program files\CyberLink
2010-08-07 18:42 . 2009-06-21 19:15 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2010-08-04 20:22 . 2010-04-08 06:37 -------- d-----w- c:\program files\TeamViewer
2010-08-04 20:22 . 2009-10-04 08:12 -------- d-----w- c:\documents and settings\Omer\Application Data\Dropbox
2010-08-04 19:46 . 2009-10-14 21:06 -------- d-----w- c:\program files\Common Files\Apple
2010-08-03 20:10 . 2009-06-20 17:14 -------- d-----w- c:\program files\SystemRequirementsLab
2010-08-03 18:36 . 2009-02-13 11:57 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-07-28 23:51 . 2010-03-30 12:02 -------- d-----w- c:\program files\The KMPlayer
2010-07-26 22:14 . 2009-03-30 18:08 -------- d-----w- c:\documents and settings\Omer\Application Data\U3
2010-07-23 19:21 . 2010-05-12 22:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-07-23 17:19 . 2010-07-02 16:07 -------- d-----w- c:\program files\PCFriendly
2010-07-23 17:13 . 2009-01-14 18:47 -------- d-----w- c:\program files\Babylon
2010-07-23 17:08 . 2010-06-10 12:11 -------- d-----w- c:\program files\Blur
2010-07-22 23:48 . 2009-03-27 19:05 -------- d-----w- c:\program files\UlisesSoft
2010-07-19 22:15 . 2009-09-23 16:00 -------- d-----w- c:\documents and settings\Omer\Application Data\vlc
2010-07-19 19:04 . 2009-01-14 00:31 145048 ----a-w- c:\documents and settings\Omer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-16 10:26 . 2009-03-21 17:03 -------- d-----w- c:\documents and settings\Omer\Application Data\dvdcss
2010-07-10 16:26 . 2010-07-10 16:26 -------- d-----w- c:\documents and settings\Omer\Application Data\Wireshark
2010-07-10 15:22 . 2010-07-10 15:22 -------- d-----w- c:\program files\Wireshark
2010-07-10 15:22 . 2010-07-10 15:22 -------- d-----w- c:\program files\WinPcap
2010-07-10 08:56 . 2010-07-10 08:37 -------- d-----w- c:\documents and settings\Omer\Application Data\CUE Tools
2010-07-10 08:37 . 2010-07-10 08:36 -------- d-----w- c:\program files\CUETools_2.0.9
2010-07-10 08:37 . 2010-07-10 08:37 -------- d-----w- c:\documents and settings\Omer\Application Data\CUERipper
2010-07-10 08:34 . 2010-07-09 20:52 -------- d-----w- c:\program files\LucasArts
2010-07-09 23:08 . 2009-08-21 10:25 -------- d-----w- c:\documents and settings\Omer\Application Data\LucasArts
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 19:42 . 2010-06-27 19:42 -------- d-----w- c:\program files\Steinberg
2010-06-27 19:42 . 2009-04-03 10:48 -------- d-----w- c:\program files\Vstplugins
2010-06-27 19:41 . 2009-08-14 06:39 -------- d-----w- c:\program files\PowerTracks DirectX Plugins
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-18 09:52 . 2010-06-18 09:52 -------- d-----w- c:\program files\Bonjour
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 01:47 . 2010-06-15 01:47 86016 ----a-w- c:\windows\system32\frapsvid.dll
2010-06-14 14:31 . 2009-01-13 23:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-18 14:35 . 2010-05-18 14:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-11-20 155904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 1443072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
c:\documents and settings\Omer\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\I:\0autocheck autochk *
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" -silent
"Google Update"="c:\documents and settings\Omer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe"
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"M-Audio Taskbar Icon"=c:\windows\System32\M-AudioTaskBarIcon.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Omer\\temp\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\eclipse\\eclipse.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\wLite\\wLite.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/4/2010 22:40 28552]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/13/2008 16:52 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/13/2008 16:49 472320]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 20:19 50704]
R2 RVIEGVST;VSC VST Engine;c:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [8/14/2009 8:39 188276]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 EsetNod32Fix;Nod32 AV;c:\windows\regedit.exe [8/4/2004 14:00 146432]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/14/2009 1:43 1691480]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MADFU;M-Audio KeyStudio 49i DFU Driver;c:\windows\system32\drivers\M-Audio_KeyStudio49i_DFU.sys [10/6/2009 23:43 23048]
S3 MAUSBKS;Service for M-Audio KeyStudio IO (WDM);c:\windows\system32\drivers\mausbks.sys [10/6/2009 23:43 138760]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S3 VSPerfDrv90;Performance Tools Driver 9.0;c:\program files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [9/4/2007 16:53 55664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [4/16/2010 18:43 11520]
S3 Wirelecf;Friendly WI-FI Wirelesscfg Util Win2000 XP;c:\windows\system32\drivers\Wirelecf.SYS [9/7/2005 11:09 17230]
S4 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [4/3/2009 4:01 1680704]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/15/2009 9:02 691696]
S4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2/26/2010 8:58 110592]
S4 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [6/16/2009 8:58 20480]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-08-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
2010-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-963894560-682003330-1003Core.job
- c:\documents and settings\Omer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-18 20:08]
2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-963894560-682003330-1003UA.job
- c:\documents and settings\Omer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-18 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uDefault_Search_URL =
hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.local
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} -
hxxp://www.logitech.com/devicedetector/ ... tion32.cabDPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///E:/setup/RiffLick.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-08-12 17:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,05,88,53,f6,df,75,40,8e,7a,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0b,05,88,53,f6,df,75,40,8e,7a,a7,\
[HKEY_USERS\S-1-5-21-1614895754-963894560-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:f5,1a,e7,5b,bc,9b,3f,c9,90,28,86,db,d7,a8,8a,71,d5,46,34,a7,f8,5f,b9,
30,1a,34,49,a7,9e,a7,48,0e,29,1c,a2,6e,e3,f2,f1,9b,4a,b7,07,c7,33,45,31,3b,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-1614895754-963894560-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:e9,2b,97,2a,96,f1,ad,9c,e3,fd,99,75,5c,06,73,06,14,c0,68,99,bf,
08,35,04,af,e5,1b,44,a2,cd,dc,1c,07,ae,79,ec,6a,e6,5e,56,29,a1,e2,fe,4b,d2,\
"rkeysecu"=hex:0b,a6,50,cd,15,73,68,4d,84,9a,d7,97,21,91,c9,78
.
Completion time: 2010-08-12 17:26:32
ComboFix-quarantined-files.txt 2010-08-12 15:26
Pre-Run: 160,042,225,664 bytes free
Post-Run: 160,866,013,184 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 2C054E0DFCEB8DFF8F67B2098C499A52