Portal might sound suspicious but it be only a game as they say (that can make you dizzy at times). Valve maker of the infamous or not so infamous Half-Life. Runs under Steam Platform
SDFix: Version 1.240 Run by King on Thu 01/01/2009 at 03:46 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-01 15:52:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\msqpdxmupotkyp.sys"
"group"="file system"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules]
"msqpdxserv"="\\?\globalroot\systemroot\system32\drivers\msqpdxmupotkyp.sys"
"msqpdxl"="\\?\globalroot\systemroot\system32\msqpdxyqvdkxew.dll"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"="C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files :
Files with Hidden Attributes :
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 31 Dec 2008 20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Wed 31 Dec 2008 265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Mon 1 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 31 Dec 2008 2,834 ...HR --- "C:\Documents and Settings\King\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!ComboFix 08-12-31.01 - King 2009-01-01 16:04:46.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1536.973 [GMT -6:00]
Running from: c:\documents and settings\King\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\jkse73hedfdgf.dll
c:\windows\system32\pthreadGC2.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_seneka
((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.
2009-01-01 15:57 . 2009-01-01 15:57 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-01-01 15:45 . 2009-01-01 15:45 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-01 15:43 . 2009-01-01 15:43 <DIR> d-------- c:\windows\ERUNT
2009-01-01 15:39 . 2009-01-01 15:39 <DIR> d-------- c:\documents and settings\King\WINDOWS
2009-01-01 15:33 . 2009-01-01 15:54 <DIR> d-------- C:\SDFix
2008-12-31 22:42 . 2009-01-01 15:56 <DIR> d-------- c:\program files\Mozilla Firefox 3.1 Beta 2
2008-12-31 22:10 . 2008-12-31 22:10 <DIR> d-------- C:\VundoFix Backups
2008-12-31 21:33 . 2008-12-31 21:33 <DIR> d-------- c:\program files\Trend Micro
2008-12-31 21:08 . 2008-12-31 21:08 <DIR> d-------- c:\program files\Lavasoft
2008-12-31 21:07 . 2008-12-31 21:07 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-31 20:34 . 2008-12-31 20:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-31 20:34 . 2008-12-31 20:34 <DIR> d-------- c:\documents and settings\King\Application Data\Malwarebytes
2008-12-31 20:34 . 2008-12-31 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-31 20:34 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-31 20:34 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-31 20:24 . 2008-12-31 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-31 18:57 . 2008-12-31 18:57 <DIR> d-------- c:\program files\uTorrent
2008-12-31 18:57 . 2008-12-31 20:41 <DIR> d-------- c:\documents and settings\King\Application Data\uTorrent
2008-12-31 15:39 . 2009-01-01 16:08 9,799 --a------ c:\windows\system32\Config.MPF
2008-12-31 15:35 . 2009-01-01 15:52 <DIR> d-------- c:\program files\SiteAdvisor
2008-12-31 15:35 . 2009-01-01 15:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2008-12-31 15:34 . 2006-03-03 08:07 143,360 --a------ c:\windows\system32\dunzip32.dll
2008-12-31 15:32 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-31 15:32 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-31 15:32 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-31 15:32 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-31 15:31 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2008-12-31 15:31 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-31 15:30 . 2008-12-31 15:31 <DIR> d-------- c:\program files\McAfee.com
2008-12-31 15:30 . 2009-01-01 15:36 <DIR> d-------- c:\program files\McAfee
2008-12-31 15:30 . 2008-12-31 15:31 <DIR> d-------- c:\program files\Common Files\McAfee
2008-12-31 15:27 . 2009-01-01 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2008-12-31 13:59 . 2008-12-31 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-31 11:05 . 2008-12-31 11:05 40,448 --a------ c:\windows\system32\k9261108.exe
2008-12-16 19:32 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll
2008-12-16 19:32 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-16 19:31 . 2008-12-16 19:32 <DIR> d-------- c:\program files\iTunes
2008-12-16 19:31 . 2008-12-16 19:31 <DIR> d-------- c:\program files\iPod
2008-12-16 19:31 . 2008-12-16 19:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 05:02 --------- d-----w c:\program files\Yahoo!
2009-01-01 05:02 --------- d-----w c:\documents and settings\King\Application Data\Yahoo!
2009-01-01 05:02 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-01 05:01 --------- d-----w c:\program files\Java
2008-12-31 21:30 --------- d-----w c:\documents and settings\King\Application Data\Azureus
2008-12-31 17:52 --------- d-----w c:\program files\Steam
2008-12-19 03:18 --------- d-----w c:\program files\Bethesda Softworks
2008-12-19 01:19 --------- d-----w c:\program files\Diablo II
2008-12-17 01:31 --------- d-----w c:\program files\Common Files\Apple
2008-12-17 01:30 --------- d-----w c:\program files\QuickTime
2008-11-29 17:16 --------- d-----w c:\documents and settings\King\Application Data\Winamp
2008-11-29 12:04 --------- d-----w c:\program files\Winamp
2008-11-29 05:55 --------- d-----w c:\program files\Haali
2008-11-29 05:51 --------- d-----w c:\program files\ffdshow
2008-05-11 20:26 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051120080512\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2007-06-15 4957736]
"MBkLogOnHook"="c:\program files\McAfee\MBK\LogOnHook.exe" [2007-06-15 20480]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-12-31 2468200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
c:\documents and settings\King\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2008-05-23 1073152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\logonui_blue.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=xoejjs.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\
0lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2009-01-01 206096]
R3 SaiH353e;SaiH353e;c:\windows\system32\DRIVERS\SaiH353e.sys [2004-07-26 56576]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys []
S2 0034311230845832mcinstcleanup;McAfee Application Installer Cleanup (0034311230845832);c:\windows\TEMP\
003431~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
.
Contents of the 'Scheduled Tasks' folder
2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-01-01 c:\windows\Tasks\dpzekqav.job
- c:\windows\system32\rundll32.exe [2008-04-13 18:12]
2008-12-31 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-NVIDIA nTune - c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKU-Default-Run-msiexec.exe - msiconf.exe
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
O16 -: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\King\Application Data\Mozilla\Firefox\Profiles\7rxrunop.default\
FF - prefs.js: browser.startup.homepage -
www.google.comFF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-01 16:08:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
McAfee Backup = c:\program files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1644491937-796845957-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*NULL*]
@Security="Inherited"
"??"=hex:9c,c8,84,e9,49,e5,6c,1c,95,5d,b0,8f,36,bf,c7,f2,88,ec,22,37,b8,66,1e,\
c8,e1,00,83,c2,09,43,a1,77,cf,88,f8,a0,d2,a7,64,0a,95,fb,6f,de,fc,3f,fa,6c,\
3d,61,c2,77,d4,da,a3,ab,2c,a7,cc,d5,d1,64,4e,24,53,34,d1,c5,01,d6,3b,8b,d2,\
c2,90,9b,6d,08,ab,7d,c5,13,22,c0,0a,cb,dc,aa,fc,a7,f5,db,19,4d,f4,9d,e0,ef,\
ef,b8,1d,48,f8,01,f8,67,8f,68,87,a3,48,48,e2,c8,0a,4b,a6,ee,26,5f,8e,6d,37,\
7f,eb,f1,85,b2,9b,a1,58,0a,e9,57,7f,e5,79,e4,e6,98,36,fa,88,a8,18,fc,d9,8b,\
64,dc,15,fa,da,8c,c8,22,45,5f,81,d5,43,c1,a6,27,b5,cf,bc,93,ae,49,08,0c,67,\
58,e4,c0,a9,c0,c5,34,95,61,c1,69,34,85,2c,7b,47,1e,a6,e4,7c,58,ab,c7,5d,a5,\
ba,04,e1,0b,d0,3a,0e,de,0c,d1,24,89,91,c0,61,72,c4,02,fb,1a,f7,5d,bb,28,b7,\
ab,a4,5c,80,4c,c9,5f,cc,fb,e1,49,d6,bc,9c,dd,f7,87,3f,08,c6,f1,e9,fc,db,db,\
b6,38,39,d2,a6,e6,b7,d8,e9,e3,8d,f3,56,ff,ff,5a,a0,1f,d1,f0,5c,f5,70,a8,a3,\
c4,b9,4e,3f,80,3b,7a,19,b5,c1,14,c7,24,01,7d,3a,f5,2e,e7,68,06,f3,2a,33,cb,\
84,69,fc,40,7e,5e,ca,37,59,a0,10,e1,23,a0,34,63,e0,69,1c,d1,2b,08,f1,7b,e4,\
12,f6,1b,02,b9,d1,9c,d6,d0,30,ec,11,e1,8c,76,f0,2c,d2,e1,21,96,fd,b0,48,c8,\
9b,f6,3b,fa,29,bc,0c,77,aa,e1,f1,99,75,9d,1e,3a,0d,11,b0,54,7a,23,f5,a4,fa,\
3f,2a,41,f7,cf,87,90,5d,fc,e5,ec,0e,1e,09,f2,28,ad,33,36,45,5c,70,04,8e,08,\
2d,86,f0,db,e7,00,7d,38,5b,ed,72,5f,1c,01,3f,da,7b,3b,1c,cf,e9,23,28,d4,9f,\
da,d1,03,45,04,fa,eb,81,8d,39,3f,11,f4,e1,25,b1,c9,00,34,46,f8,a4,ee,d2,09,\
a9,7c,ce,fc,90,6d,21,d8,14,1a,e5,eb,91,79,56,b8,d6,f8,52,0a,4e,68,cc,e2,d5,\
31,21,4c,37,8b,3d,ed,74,89,44,63,59,89,b3,84,d2,23,13,57,b1,12,fa,b5,bd,0c,\
c0,91,ba,44,52,84,ad,82,c3,07,26,8e,f1,e4,be,8e,42,93,18,8f,83,f9,74,d7,85,\
1c,99,64,98,ae,c9,51,ce,73,41,a5,c1,fd,dd,f4,27,08,e0,88,6f,a9,d7,30,15,8c,\
a0,93,c0,44,ec,3d,d6,f4,8d,fe,ea,0d,49,f7,31,dd,5a,05,36,15,e7,16,a2,54,29,\
d2,c3,4e,87,fb,7d,97,0d,f7,97,ab,59,97,db,9b,99,f4,6f,31,aa,7c,26,1e,48,1d,\
e9,38,b1,25,ef,63,3f,e3,b7,0a,2f,2f,2c,a7,7c,c9,08,cf,ce,9e,c6,0b,36,d6,e5,\
8a,46,51,a7,39,3f,01,a6,22,df,6b,86,f6,4f,ca,4c,8c,69,af,82,8d,f5,1a,72,b3,\
c1,21,0a,61,1c,9d,cc,7a,6a,98,13,84,eb,23,7a,f6,60,be,de,0b,88,75,79,bc,96,\
2d,da,15,9f,1d,9e,f5,6f,1e,46,a7,4c,77,28,71,8a,6b,52,28,74,69,8c,52,50,c3,\
e5,87,13,95,d7,93,30,4e,a8,d9,a7,4b,0c,ce,74,23,b8,89,5d,4f,59,e0,e6,d1,af,\
fa,54,e6,f1,8f,ef,27,44,28,c2,2b,ad,41,87,53,51,7d,52,45,1d,20,5e,e4,42,c0,\
5a,dc,f7,16,5b,f0,43,79,9d,45,ef,27,cc,82,2e,8c,19,23,09,7c,5b,d2,dd,71,2f,\
70,d3,ba,d5,13,65,5f,8f,62,ce,49,71,e0,99,5f,3a,7c,4a,da,48,c4,35,2d,2d,90,\
e3,1a,99,e7,1e,a5,cc,82,86,1c,32,5e,e3,69,ff,b8,b1,26,03,af,5a,60,34,83,4a,\
ab,d3,dc,1f,27,2e,4c,2c,55,33,66,2a,f5,06,5a,8f,59,64,83,22,09,ab,48,9e,88,\
a5,11,e5,d3,52,d8,51,60,6d,4f,6f,e6,e4,49,40,90,2f,f8,d1,c5,93,31,47,ad,18,\
ca,b7,ba,0d,2d,10,e6,63,82,c8,8b,7b,f5,d5,74,05,98,f9,fb,35,31,1e,60,8a,28,\
73,89,ae,10,f4,73,8e,6b,44,cf,2d,d2,cc,f9,2f,14,94,69,ba,83,ec,b1,da,79,42,\
92,36,aa,4e,d3,32,d1,c3,85,ff,22,29,29,75,62,91,66,96,0a,cf,f3,18,cc,70,9c,\
a8,fe,60,4e,7a,7f,0d,1a,1d,bd,cc,78,0a,63,c8,b3,7c,1c,14,0e,b4,96,e4,19,9d,\
69,5d,39,6e,5f,2f,07,62,81,05,dd,c9,56,af,b3,08,6f,fb,f2,2f,b8,0e,55,24,15,\
5b,82,8f,02,36,93,62,26,c9,4d,eb,68,f3,e5,18,48,52,46,3e,26,2f,52,52,f3,21,\
06,c7,f9,77,ae,d2,f6,a3,fc,0d,00,93,64,8e,a5,ec,6a,8f,09,9f,cd,3b,b4,8f,fb,\
89,3c,42,4f,d9,a5,7e,f3,8a,34,27,21,cb,54,1f,12,27,80,b0,43,0e,43,a3,b4,38,\
c9,22,92,e5,03,c7,40,a5,e9,82,a5,9b,99,8c,b8,ff,7e,89,bd,45,c9,ac,6c,34,10,\
2d,92,aa,ee,aa,b7,e8,23,df,65,c8,7d,3c,a2,5d,fe,d4,31,97,7c,57,da,45,fd,cc,\
34,2b,0b,73,0a,56,55,9e,e0,17,92,a3,45,d2,69,cb,9f,73,82,4f,21,37,27,9d,c1,\
a9,00,29,79,56,03,ba,a6,c3,be,67,7c,16,7e,bf,60,72,60,9e,50,4b,bd,00,c3,41,\
78,fd,c9,13,ad,1e,72,a7,b1,43,96,55,8a,98,2f,8e,92,80,2c,f7,f7,fc,68,85,af,\
1b,19,e4,10,7a,37,62,ea,e5,0b,a4,01,14,94,b9,91,bd,0e,46,94,a7,3d,06,ca,6b,\
b9,f2,1a,64,c7,8f,ed,b2,d5,e9,f4,65,79,4e,cd,24,6f,62,c7,f4,0d,45,6c,1e,f7,\
7b,5c,4d,de,2d,16,b6,ca,2d,51,cd,9a,fb,0c,6f,05,b0,82,2e,2e,4f,cf,c9,de,5b,\
8b,82,ee,b9,92,9a,d6,31,bf,91,64,14,e5,70,09,56,2e,da,38,dc,e2,60,f2,c9,ee,\
c1,b7,00,b8,8a,14,78,5b,94,80,33,48,04,fb,24,b8,be,fc,ea,6e,09,0e,a2,d1,bc,\
2c,bb,67,3e,2a,9f,0b,b6,73,3b,8f,91,05,ac,a8,31,6f,61,d2,ce,a6,fd,4e,48,9c,\
66,e1,4f,f0,12,ad,01,07,3c,5b,3a,7d,19,58,8d,04,7e,16,a4,2a,c1,d9,ff,00,20,\
98,d8,bd,ce,09,cb,dc,70,3b,f0,64,cb,fc,07,21,d8,2e,8f,3b,43,de,8c,c8,58,eb,\
ff,90,a2,03,a4,c5,b8,f6,2f,56,76,55,ee,52,c1,db,96,83,5e,f0,86,80,75,dd,1f,\
9e,09,7b,d6,d6,fc,b6,b1,e9,49,e4,d7,56,e6,e0,2d,19,e5,49,1e,c6,29,79,34,dc,\
42,6e,8b,ec,28,43,31,66,ed,ba,31,46,bd,0e,20,05,8e,2d,fb,0f,cb,78,77,c6,5e,\
e9,1b,c1,5d,73,de,2b,4e,18,33,da,f7,dd,b2,07,61,de,25,ec,a4,db,33,b5,1a,5e,\
4b,be,55,d0,0b,69,d3,81,1c,9a,6d,e8,c8,7e,46,3e,ed,34,8e,a8,67,0f,5e,c5,50,\
ef,d8,93,0d,4a,0b,8f,23,b1,26,a4,e4,4b,eb,39,6e,60,fd,96,24,8b,f4,3c,dd,39,\
da,66,a1,76,6f,ac,65,1d,f1,c9,c7,f1,d4,b6,24,20,26,9d,94,02,32,df,bc,50,70,\
04,c0,6b,59,e6,fd,a1,33,46,f0,c1,09,a3,74,d2,91,67,13,b9,4b,2b,fb,1e,be,e5,\
2f,11,d3,d8,c7,38,be,62,b3,9b,17,62,2f,58,d8,42,7b,37,a6,40,fb,1c,5d,fe,09,\
a7,53,9e,69,51,85,b7,18,7f,bf,d9,29,63,7b,02,02,2f,8a,89,67,9a,12,6c,26,96,\
5b,f5,85,3c,5f,be,44,c0,e1,69,bf,0a,ac,2e,d4,1a,07,b0,c7,a1,04,34,6a,0d,98,\
f8,cf,86,3f,75,8d,94,a4,1c,c6,b0,53,08,78,25,9c,5f,eb,47,d0,b1,ac,02,c6,38,\
e2,e6,ab,4f,93,f4,b4,39,a2,cd,76,98,76,99,2d,b1,1a,38,74,d8,ee,21,5f,78,cd,\
cb,71,e9,d3,1c,eb,20,99,ad,54,c7,34,9d,e7,86,63,d5,b8,cd,8d,46,77,4c,d2,a7,\
59,b1,3f,10,cb,27,81,39,0e,8f,69,23,8f,92,a8,74,74,a6,39,38,15,79,d4,ab,ea,\
aa,a4,04,65,06,46,89,50,2c,6c,ad,2b,61,7c,79,d0,96,c0,7d,53,68,8d,c6,35,42,\
f8,a1,7a,ed,8e,b7,0d,65,30,04,27,fc,d7,87,2a,02,c8,93,21,95,7a,b5,82,83,40,\
25,87,c8,24,de,e0,6f,ba,f3,54,86,3d,e2,61,13,99,2c,a8,0f,29,37,37,61,86,ad,\
e8,be,ac,db,f5,25,24,ab,7a,ae,b4,23,66,43,2c,36,0b,71,6e,33,90,6e,77,16,a9,\
ab,45,ed,8c,ba,f7,4c,88,b2,b3,80,0f,ef,1e,e8,3a,47,b2,17,03,14,68,ad,ac,bb,\
a3,50,2c,6c,77,48,90,21,5b,6c,cb,40,a6,44,58,64,ea,7f,31,4a,15,f2,21,d5,76,\
fc,8e,3c,dd,f1,53,eb,72,2d,e9,eb,2c,9f,f0,cd,6a,5f,63,42,bf,99,65,93,82,4d,\
62,e9,bd,36,91,4f,af,ba,d8,5e,6a,92,bd,8a,52,e5,c7,81,f5,e2,20,ea,92,19,e0,\
ea,92,09,e0
"??"=hex:1b,5c,00,6c,19,29,b6,60,a7,81,26,f9,6d,5e,cb,bb
[HKEY_USERS\S-1-5-21-1644491937-796845957-839522115-1004\Software\SecuROM\License information*NULL*]
@Security="Inherited"
"datasecu"=hex:14,62,9b,0f,86,88,97,91,8d,cb,d4,0b,aa,1d,d5,35,2a,8b,13,bf,02,\
5d,b8,b0,d6,c1,0a,50,ad,91,68,d5,61,76,37,8c,36,9d,80,79,17,53,24,3e,c6,cd,\
a7,2e,d5,8b,5d,59,98,95,d5,b9,6f,01,a7,31,82,64,24,ed,63,e6,af,8e,4b,5f,c2,\
6a,92,1f,1b,4f,95,f1,ec,be,42,21,77,9d,f8,bd,65,5d,1f,95,a3,56,ed,98,0b,ae,\
58,bf,8f,0e,ed,33,8d,65,16,c0,90,9e,4a,b2,03,9e,3d,95,1a,44,cf,a3,ac,03,67,\
07,af,93,89,3d,ee,f9,ad,e4,2b,41,c0,d1,18,0b,16,76,d7,64,96,bd,f0,7c,fd,91,\
b5,a9,87,68,84,7a,4b,c0,d4,b9,d6,77,46,88,db,d3,37,ab,55,6b,75,76,c5,22,a6,\
fd,48,d5,fc,cb,7f,52,3e,b1,4b,3e,08,81,fb,88,e5,f0,4a,13,7c,09,d5,8a,9d,f5,\
04,b9,07,f3,ce,85,69,5d,0d,ad,62,3f,62,15,da,5b,17,fe,6e,87,b4,99,bf,11,1b,\
da,3a,20,43,90,50,04,bb,df,47,27,88,12,52,a0,3d,ab,5f,14,fe,52,bf,5b,18,40,\
56,f0,5b,f2,14,7e,22,d3,b7,48,d4,06,94,ce,d6,ba,eb,0a,4b,e0,3e,e2,d1,d3,fd,\
1f,ac,cf,de,e4,03,8b,8f,03,de,16,b2,d9,13,80,58,71,21,57,8c,e7,24,b3,30,54,\
0a,0a,7a,91,f4,ad,16,ce,50,57,1f,77,f1,ee,a1,dd,4b,ed,fe,96,89,be,d7,04,3d,\
c2,55,31,3a,79,d1,ad,1d,df,a4,d4,c9,98,a8,b8,3b,57,51,52,6c,80,ef,10,4c,ed,\
0a,f7,f7,9e,8c,5d,81,ec,3c,93,af,60,07,0b,26,7e,77,ee,30,e4,6c,5d,5f,a5,96,\
7b,99,07,b4,40,0a,50,83,d5,d3,ff,65,56,6a,1b,4d,2c,e2,2d,c4,90,96,b7,a7,2b,\
8f,b3,3b,2d,d4,fc,f6,26,24,20,ca,1a,7c,04,24,fd,9b,55,8a,0d,e6,2c,e8,f1,61,\
6b,11,2f,12,79,b9,e9,1c,2b,70,b5,b2,4d,9e,9a,4a,2d,be,29,94,14,fb,0d,e1,93,\
c3,98,23,67,7c,a3,e4,45,0b,20,d1,f1,8d,1a,cb,f2,33,4b,9a,cb,dd,27,b4,7f,54,\
65,83,13,9f,ae,2b,b8,86,3b,02,30,b7,cf,b8,d7,4f,7f,f0,65,92,2d,b3,c8,93,cb,\
de,be,8c,4e,87,e6,3a,4e,c3,a3,7d,66,ac,bf,c1,1c,07,bc,bb,3e,6d,e4,a2,3c,b5,\
13,9a,e7,54,cd,87,94,62,c3,8a,5b,b6,cd,fa,84,6a,46,1b,63,d7,2c,fa,11,b5,48,\
78,c1,75,f7,00,eb,6d,c7,ae,30,0e,2f,0a,68,07,82,8c,4f,9d,fe,00,c7,42,8a,69,\
e7,b7,46,31,aa,cc,8c,c8,9b,2e,32,f2,3a,bf,9c,f6,20,8d,5a,09,37,ea,f1,86,48,\
4e,96,fe,60,16,78,db,de,6e,5f,fa,82,d2,61,ee,b0,f7,99,8b,38,b0,06,e1,a6,7d,\
c8,64,80,b8,f0,4b,88,44,0d,73,29,68,8d,23,f6,9f,29,4d,a0,78,8f,4e,30,57,4c,\
ea,f5,87,47,9c,2e,a1,e6,c6,3e,34,e0,26,78,93,21,80,9a,99,05,21,8d,b3,2a,2b,\
a2,23,e9,33,15,35,06,37,0c,9c,3b,ef,78,1e,87,d6,03,bb,35,3e,2a,73,06,f0,e3,\
20,ee,b0,7c,5c,e5,00,ec,87,68,f6,24,b8,09,f8,61,46,c9,8e,03,58,a7,dd,3c,5a,\
95,42,a3,34,4c,4d,63,1b,75,a4,a7,6a,39,cc,09,e6,a1,6c,da,2d,5f,41,8a,99,43,\
45,49,40,01,03,36,a3,c5,54,1a,80,c4,e3,23,76,6b,b1,0c,6c,ce,f9,63,f9,56,18,\
5b,e1,c0,01,0a,99,58,56,95,ff,80,b7,f4,65,4c,50,95,5d,0b,ea,f6,e4,d2,f4,44,\
b3,92,37,10,94,36,16,6f,7f,e9,1b,6b,eb,d1,f6,f1,8a,54,b3,31,de,4a,b4,1c,63,\
a8,00,8c,0f,64,d7,f8,7e,62,29,5d,c9,c0,fc,c5,19,da,3b,2f,06,22,05,ec,84,27,\
cb,7a,c1,3f,a8,7e,81,b2,7c,28,0a,0a,71,f6,ce,81,dc,a7,59,84,86,ab,ad,e5,ec,\
09,d1,29,10,d1,7b,2e,29,ea,cd,34,d4,39,43,0e,ea,36,64,ea,53,e1,1d,73,f4,7a,\
c5,2c,e3,0f,92,1f,71,62,bd,93,a7,1e,76,aa,b5,1c,f6,eb,bb,41,0e,f1,18,fc,77,\
1f,b5,12,34,0c,92,46,2f,65,99,3e,8f,2f,37,ba,15,72,06,39,c6,87,9d,83,a8,25,\
06,45,86,2c,3d,e0,25,c0,ff,95,66,81,f5,1d,d1,4e,6f,f9,0e,61,5b,4b,3a,19,9c,\
05,7b,44,5f,41,5f,18,3f,c5,10,17,78,36,56,a8,6d,09,73,a2,26,c1,5a,a2,f4,90,\
bf,c9,db,b4,a2,17,c9,9c,61,2b,0f,92,3d,81,4d,7b,39,3a,45,b6,a3,b6,44,2f,45,\
e7,f8,d1,c0,10,c0,68,5c,a3,ba,29,6d,fb,0a,a2,a7,8c,ed,e7,e0,b3,ab,d4,fd,b5,\
59,c3,1e,f4,ad,ff,59,f1,6e,85,56,9d,fa,e9,93,20,8f,2e,27,8b,42,5e,3e,de,8c,\
5b,04,69,cb,99,7f,f2,de,d3,d6,3d,e5,1f,05,8e,86,97,78,31,90,c2,91,48,50,0c,\
7e,15,b4,af,87,17,b6,fb,fb,6a,aa,bd,50,a3,52,ec,87,a0,8c,54,59,12,9d,38,9d,\
12,82,49,66,dc,cf,7f,93,48,be,24,77,e6,41,c4,1a,64,d4,64,32,28,4d,ed,4b,eb,\
7b,05,f8,82,cd,3f,da,e5,dd,1b,29,f8,d2,5b,68,1a,3b,46,98,97,9f,0d,24,fe,f6,\
58,06,28,2d,7e,b0,73,11,a6,be,fa,09,3c,e6,f4,e9,3f,0d,65,8d,9d,51,32,61,06,\
8d,dd,96,7b,f0,05,c2,11,76,bb,7e,ff,e8,2b,92,2a,e4,5b,05,f5,58,82,e1,72,c3,\
63,b5,d3,3d,37,da,3a,48,71,d1,4c,5b,7a,12,07,c9,fa,33,72,d4,e6,be,7a,9b,34,\
9d,ef,fc,d0,fd,96,b5,82,bb,ee,4f,0f,e2,14,41,30,52,7d,ec,4f,6f,fe,a3,ae,60,\
ae,31,99,05,b1,e8,23,65,15,f8,5b,0f,cd,4e,cc,9e,f0,5b,8a,32,8b,94,ff,04,ee,\
24,e8,13,7e,92,1f,57,14,a2,33,b3,2c,94,4a,bb,39,ac,ac,48,46,e6,f4,a0,76,67,\
e7,bf,d8,26,e7,2c,0d,f0,8f,54,93,59,78,de,6f,c2,e9,84,63,0f,51,ee,1a,0e,a7,\
e4,bd,3f,33,e3,d2,8e,98,ec,d9,86,e5,c1,6b,bc,c5,5d,3d,42,6c,1b,12,81,6d,e0,\
01,78,4a,9d,d9,a6,00,f7,f3,47,ec,e9,27,f4,f8,53,86,fc,41,99,f6,47,a3,e9,d1,\
76,a1,50,5b,b3,7c,1b,e4,f0,63,b3,ad,15,22,e0,13,7c,3f,5f,90,87,3f,de,09,ef,\
59,cd,f5,d6,a3,b0,3d,70,a5,09,67,20,14,0c,e0,dd,fe,d4,3d,18,e0,7a,be,67,7c,\
98,2d,af,96,21,b2,fe,17,66,61,8b,bf,86,4f,a0,1e,be,ac,7e,62,d2,c4,22,f3,68,\
af,4b,8c,45,dc,2d,ff,8c,a8,43,f2,1e,25,6d,48,b9,c5,4c,c4,85,82,3b,98,4b,9c,\
0b,5a,a0,93,41,b1,b3,f4,6d,e7,aa,fc,ba,e7,94,75,97,1e,a8,bd,7f,ca,82,6c,cd,\
c4,b6,3e,7c,b9,9d,7a,e7,fd,9e,85,8e,81,f3,7c,49,f2,ed,7d,62,b2,39,35,3c,b1,\
3c,72,55,79,13,99,a1,27,eb,84,f5,05,bd,6d,23,2c,89,a0,39,70,a9,a7,b2,d8,30,\
cc,e1,fe,90,a2,1d,9d,12,4e,1d,9c,23,fa,6e,51,82,77,7f,07,74,b5,3e,84,92,18,\
2a,8b,6b,a5,72,8a,fa,ec,1e,03,a6,19,20,02,8b,3c,f6,a3,0f,e1,54,24,4b,b0,82,\
fa,0e,19,96,19,03,35,ce,2e,de,05,bf,cc,4d,0f,08,ee,54,91,49,ab,ac,ef,4a,58,\
39,c9,c8,65,74,8f,78,0d,e7,be,ee,d1,43,ba,9f,9f,3f,ea,a4,47,14,99,a7,99,7f,\
1d,11,5a,14,f9,96,46,3a,bf,71,44,bb,8e,65,b1,0c,1b,7b,42,3e,25,1f,c3,a3,df,\
c5,f4,ee,b0,e0,e3,b3,aa,99,a2,e4,0c,c1,de,70,2f,6d,cf,8c,3d,b7,ba,08,d2,cd,\
a8,b3,4a,c4,cc,40,e1,e7,d2,ff,d5,65,be,09,e9,a3,a5,5d,21,f0,33,f8,9b,9c,c7,\
f9,3b,3a,39,01,49,2f,49,41,58,32,fe,0a,3c,d5,10,00,d7,b1,37,b5,89,9b,ce,6b,\
9a,89,57,39,c4,88,f2,fd,80,7c,92,66,d4,79,a7,f7,35,5d,d6,09,9b,93,66,01,bd,\
67,8c,15,9e,81,e2,09,21,dc,70,d9,ad,83,ea,98,2a,0e,57,d6,b2,05,cd,45,c0,f1,\
6b,8f,85,4e,b5,26,85,83,35,21,6a,32,95,58,26,50,2d,d8,e4,29,9a,9b,16,ff,f2,\
d8,b4,c8,2f,fd,7a,cf,9e,d7,40,d4,b9,69,cf,b0,75,f5,42,70,b8,26,ae,f1,51,e2,\
a8,a4,bd,c8,ee,f9,da,db,2e,cc,a5,4f,a9,45,02,ab,38,64,77,2a,f6,05,07,95,ba,\
03,f2,68,47,ff,fd,d2,10,cc,fe,53,de,d3,7e,5f,23,c8,c7,6d,78,3d,83,5e,17,55,\
cf,1d,db,4d,4f,2c,2d,9d,33,57,f8,ff,c3,27,6d,77,2f,0d,35,f0,d1,8b,5c,66,fc,\
54,48,9e,83,ff,d3,f5,29,19,99,c6,eb,98,6f,45,a0,37,37,ea,64,46,54,a5,80,4b,\
55,52,e3,2f,76,d4,29,e1,22,48,4b,7a,8a,7c,05,72,0d,08,ba,50,4d,49,d8,a8,9f,\
65,44,8c,a5,39,bd,a1,42,a3,8d,a7,3e,d7,26,bf,8b,01,ae,2d,11,64,3f,e6,82,de,\
4c,a1,d9,4a,48,69,63,c7,63,7e,b8,6b,2e,78,35,52,a1,c7,c8,18,24,85,ab,3f,ab,\
af,af,98,e4,f9,74,ef,d6,12,51,1a,65,91,2c,c4,a6,66,d4,28,2e,5a,3b,02,db,7d,\
d2,97,6d,a9,36,09,a7,db,19,9e,9d,af,65,70,f4,4d,4d,f2,cf,24,74,05,ea,c6,c6,\
b4,75,dc,53,b5,ca,55,3f,de,26,5a,79,49,3b,fe,d1,cc,2d,5d,bc,ad,c0,b7,87,e9,\
d7,cb,3f,d9,64,34,90,98,0e,f0,1e,29,fb,e2,43,c0,28,55,43,2e,80,82,7d,71,b2,\
04,9d,2e,ff,23,ac,29,81,3b,d3,39,96,02,93,a5,db,e3,58,60,3a,58,0f,cd,58,5f,\
d7,3f,28,06,67,3c,1d,75,a4,c6,86,41,be,41,7a,9a,6e,d5,b0,1b,f6,19,6e,ef,68,\
fe,5d,9d,bc,7d,c8,13,eb,22,58,98,75,2d,16,33,72,35,7e,a6,e7,bd,52,58,56,62,\
de,0b,b1,44,fe,9f,a9,a0,98,82,f4,85,e6,2d,e7,2d,c6,b6,b6,c4,b8,22,42,d4,11,\
37,76,00,56,39,85,b5,4d,63,ff,eb,c8,df,e4,b8,df,5b,f4,5a,b9,a4,62,56,68,ad,\
e6,78,49,19,95,77,0c,de,27,57,e8,ae,9b,ac,78,06,cc,d8,bf,8d,7c,d8,16,16,60,\
3b,8a,ed,ff,5e,fa,e0,fa,ec,80,3b,c7,15,6f,b3,27,b8,43,4e,db,d9,8a,85,02,7f,\
80,90,46,54,21,45,71,41,d8,25,d3,17,1f,a2,fb,ad,13,2c,7e,31,e3,05,6e,63,df,\
95,31,60,8f,ca,7a,14,da,68,a9,a0,46,d9,5b,e6,76,81,6a,8e,1e,89,73,c9,68,ad,\
80,15,04,b2,f8,7b,ea,de,01,71,60,ac,8f,a3,26,39,33,0e,a2,95,14,0b,de,41,4b,\
15,0e,72,53,f1,6c,72,fa,03,97,cf,58,43,e4,28,1d,d9,37,47,d1,f9,56,af,d8,f7,\
8d,70,fd,fb,3a,66,cc,a8,ad,06,13,16,8e,d2,ad,ba,54,0c,24,de,c1,ce,e6,4b,53,\
65,42,62,a5,b3,a1,9b,19,f9,de,3d,0a,ba,38,02,e0,08,94,5f,af,1f,c9,f7,d9,33,\
45,d3,a2,b1,13,ca,9c,5f,10,5c,7b,f2,a9,2b,0f,d8,fa,35,47,3a,32,81,80,2d,35,\
43,23,f9,b5,61,a9,87,89,f0,f1,cd,cb,b4,46,76,19,02,ce,5c,83,f8,0e,48,e9,28,\
f1,0a,bc,df,fc,21,ff,09,6d,69,75,85,4e,6d,80,e4,75,66,0f,bb,9c,27,ed,7a,63,\
91,06,17,e2,09,df,ff,ec,0e,85,ae,db,55,0d,1c,1e,52,4b,54,a8,84,97,74,40,c3,\
4e,e4,6f,76,5c,c5,10,19,11,f1,3d,21,e2,d5,d2,f4,b3,c3,55,7a,f9,ab,48,bb,55,\
2c,f4,4d,0d,eb,1c,df,8b,82,42,96,df,f0,fb,2f,7f,a8,87,39,ca,93,e5,23,7a,0b,\
c0,11,ef,5a,ac,04,de,aa,8e,c5,f0,d7,b5,23,16,48,1c,6e,50,3b,38,58,eb,1c,33,\
06,78,0e,ab,c0,5d,89,f3,8c,88,ef,ac,63,ae,21,c7,24,b4,47,51,48,85,50,f8,05,\
e4,2c,fb,a8,7d,04,a6,64,fc,47,9a,07,81,9d,49,95,5f,6f,4c,a5,9b,31,08,96,e4,\
19,ab,29,29,6f,fb,d0,85,71,de,87,25,f4,06,7a,95,f3,ad,b0,79,1d,b3,3d,cc,f4,\
f8,00,71,59,c6,3a,0c,bf,26,c9,fd,e6,66,41,bf,ce,81,03,fc,b6,54,01,5d,03,01,\
51,0c,f7,38,e0,eb,87,3d,95,71,af,fd,59,db,ce,a5,da,f6,8e,74,d0,54,69,30,5a,\
43,45,20,4b,00,29,08,e4,f1,98,23,bf,84,e4,bf,75,ee,38,de,13,7b,04,51,11,fe,\
de,a6,e0,a1,3b,a4,bb,90,86,ef,da,2c,be,60,a3,61,80,a9,5d,31,6e,49,4f,3b,35,\
21,98,d1,13,bf,37,a1,c8,04,b4,e7,d6,df
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6,ce,19,23,b7
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\MBK\MBackMonitor.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\nvsvc32.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-01 16:11:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-01 22:11:03
Pre-Run: 266,178,510,848 bytes free
Post-Run: 266,354,556,928 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
405
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:32 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3.1 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 0778122984O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: xoejjs.dll
O23 - Service: McAfee Application Installer Cleanup (0034311230845832) (0034311230845832mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\003431~1.EXE (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7908 bytes