ComboFix 09-04-04.01 - dP 2009-04-04 23:17:54.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1373 [GMT 2:00] Running from: d:\documents and settings\dP\Desktop\ComboFix.exe Command switches used :: d:\documents and settings\dP\Desktop\CFScript.txt AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) FW: ESET Personal firewall *enabled* * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))))) . 2009-04-04 19:31 . 2009-04-04 19:31 d-------- d:\program files\Safer Networking 2009-04-04 19:31 . 2009-04-04 19:31 d-------- d:\documents and settings\dP\Application Data\Safer Networking 2009-04-04 12:31 . 2009-04-04 12:31 d-------- D:\rsit 2009-04-04 12:11 . 2009-04-04 12:11 d-------- D:\VundoFix Backups 2009-04-04 04:19 . 2009-04-04 04:19 d-------- d:\program files\Malwarebytes' Anti-Malware 2009-04-04 04:19 . 2009-04-04 04:19 d-------- d:\documents and settings\dP\Application Data\Malwarebytes 2009-04-04 04:19 . 2009-04-04 04:19 d-------- d:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-04 04:19 . 2009-03-26 16:49 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys 2009-04-04 04:19 . 2009-03-26 16:49 15,504 --a------ d:\windows\system32\drivers\mbam.sys 2009-04-03 18:01 . 2009-04-03 18:01 d-------- d:\program files\Trend Micro 2009-04-01 23:13 . 2009-04-01 23:13 d-------- d:\documents and settings\dP\Application Data\ESET 2009-04-01 23:12 . 2009-04-01 23:12 d-------- d:\program files\ESET 2009-04-01 18:18 . 2009-04-01 18:18 3,729 ---hs---- d:\windows\system32\tajopava.exe 2009-04-01 18:18 . 2009-04-01 18:18 0 --ah----- d:\windows\system32\BIT7D0.tmp 2009-03-28 04:25 . 2009-03-28 04:25 d-------- d:\program files\Cambridge 2009-03-28 04:11 . 2009-03-30 15:46 d-------- d:\documents and settings\dP\Application Data\f2fPreIntermediate 2009-03-27 11:03 . 2009-03-27 11:03 d-------- d:\program files\Logitech 2009-03-27 11:03 . 2009-03-27 11:03 d-------- d:\program files\Common Files\Logitech 2009-03-27 11:03 . 2003-12-11 10:50 152,064 --------- d:\windows\system32\lmoufrc.dll 2009-03-27 11:03 . 2003-12-18 10:50 104,960 --a------ d:\windows\system32\COMNCTR.DLL 2009-03-27 11:03 . 2003-12-18 10:50 97,792 --a------ d:\windows\system32\LGUICOM.DLL 2009-03-27 11:03 . 2003-12-11 10:50 70,894 --a------ d:\windows\system32\drivers\LMouFlt2.Sys 2009-03-27 11:03 . 2003-12-11 10:50 51,582 --------- d:\windows\system32\drivers\L8042PR2.SYS 2009-03-27 11:03 . 2003-12-11 10:50 37,916 --------- d:\windows\system32\drivers\LHIDUSB.SYS 2009-03-27 11:03 . 2003-12-11 10:50 25,630 --a------ d:\windows\system32\drivers\LHidFlt2.Sys 2009-03-27 11:03 . 2003-12-11 10:50 23,372 --------- d:\windows\system32\LCOINST.DLL 2009-03-27 11:03 . 2003-12-11 10:50 20,992 --------- d:\windows\LOGI_MWX.EXE 2009-03-27 11:03 . 2003-12-18 10:50 16,896 --a------ d:\windows\system32\LMOUSE32.DLL 2009-03-27 11:03 . 2003-12-11 10:50 14,092 --------- d:\windows\system32\drivers\LCCFLTR.SYS 2009-03-27 11:03 . 2003-12-18 10:50 3,568 --a------ d:\windows\system32\LMOUSE16.DLL 2009-03-25 00:13 . 2009-03-25 00:13 d--h-c--- d:\documents and settings\All Users\Application Data\{0AAA1129-1E09-47FC-B02B-648C164E1F6F} 2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ d:\windows\system32\xfcodec.dll 2009-03-20 16:28 . 2009-03-20 16:28 73,728 --a------ d:\windows\system32\javacpl.cpl 2009-03-19 17:10 . 2009-03-19 17:10 d-------- d:\documents and settings\All Users\Application Data\FLEXnet 2009-03-19 17:08 . 2009-03-19 17:08 d-------- d:\program files\Common Files\Macrovision Shared 2009-03-19 17:07 . 2009-03-19 17:07 d-------- D:\TeklaStructures 2009-03-19 17:06 . 2009-03-19 17:10 d-------- D:\TeklaStructuresModels 2009-03-18 21:54 . 2009-03-18 21:54 d-------- d:\documents and settings\dP\Shared 2009-03-18 21:53 . 2009-04-01 22:29 d-------- d:\program files\P2P_Energy 2009-03-18 21:53 . 2009-03-18 21:53 d-------- d:\program files\Conduit 2009-03-18 21:53 . 2009-03-18 21:53 d-------- d:\documents and settings\dP\Incomplete 2009-03-18 21:53 . 2009-03-18 21:54 d-------- d:\documents and settings\dP\Application Data\LimeWireTurbo 2009-03-16 21:22 . 2008-12-25 18:32 3,721,664 --a------ d:\windows\system32\drivers\RtKHDMI.sys 2009-03-16 21:22 . 2008-09-19 18:48 1,200,128 --a------ d:\windows\RtkUpd.exe 2009-03-16 17:00 . 2005-02-02 03:29 20,480 --a------ d:\windows\usnpstd.exe 2009-03-16 16:51 . 2009-04-04 10:26 d-------- d:\program files\Uniblue 2009-03-16 16:51 . 2009-03-16 16:51 d--h-c--- d:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-03-15 23:38 . 2009-03-15 23:45 d-------- d:\program files\SATVOD 2009-03-15 00:12 . 2009-04-04 01:31 d-------- d:\documents and settings\dP\Application Data\Uniblue 2009-03-15 00:12 . 2009-03-16 16:56 d-------- d:\documents and settings\All Users\Application Data\DriverScanner 2009-03-14 23:19 . 2009-03-14 23:19 d-------- d:\windows\Sun 2009-03-14 11:12 . 2009-03-14 11:12 d-------- d:\documents and settings\dP\Application Data\The Creative Assembly 2009-03-05 23:11 . 2009-03-05 23:51 d-------- d:\program files\PDF Creator Plus 4.0 2009-03-05 23:11 . 2009-03-05 23:11 d-------- d:\documents and settings\dP\Application Data\PEERNET 2009-03-05 23:11 . 2009-03-05 23:11 d-------- d:\documents and settings\All Users\Application Data\PEERNET 2009-03-04 12:06 . 2009-04-04 21:43 d-------- d:\program files\Steam 2009-03-04 12:05 . 2009-03-04 12:06 d-------- d:\program files\Microsoft Games for Windows - LIVE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-04 20:43 --------- d-----w d:\documents and settings\dP\Application Data\Skype 2009-04-04 20:32 189,072 ----a-w d:\windows\system32\PnkBstrB.exe 2009-04-04 20:03 138,920 ----a-w d:\windows\system32\drivers\PnkBstrK.sys 2009-04-04 18:08 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater 2009-04-04 17:28 --------- d-----w d:\documents and settings\dP\Application Data\skypePM 2009-04-04 04:04 --------- d-----w d:\program files\Xfire 2009-04-04 00:33 --------- d-----w d:\documents and settings\dP\Application Data\Xfire 2009-04-01 21:12 --------- d-----w d:\documents and settings\All Users\Application Data\ESET 2009-04-01 16:28 --------- d-----w d:\program files\Morton Benson 2009-04-01 08:02 --------- d-----w d:\program files\Google 2009-03-31 22:12 31,232 ----a-w d:\windows\system32\userinit.exe 2009-03-30 09:18 --------- d-----w d:\documents and settings\dP\Application Data\uTorrent 2009-03-28 02:02 --------- d-----w d:\documents and settings\dP\Application Data\f2fElementary 2009-03-27 09:03 --------- d--h--w d:\program files\InstallShield Installation Information 2009-03-24 22:12 --------- dc-h--w d:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8} 2009-03-20 14:28 410,984 ----a-w d:\windows\system32\deploytk.dll 2009-03-20 14:28 --------- d-----w d:\program files\Java 2009-03-19 14:38 --------- d-----w d:\documents and settings\All Users\Application Data\Nero 2009-03-18 11:18 --------- d-----w d:\program files\Common Files\Adobe 2009-03-16 19:21 --------- d-----w d:\documents and settings\All Users\Application Data\DassaultSystemes 2009-03-15 00:41 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-15 00:40 --------- d-----w d:\program files\Microsoft Visual Studio 8 2009-03-15 00:30 --------- d-----w d:\documents and settings\dP\Application Data\BSplayer 2009-03-05 21:11 --------- d-----w d:\program files\Common Files\Wise Installation Wizard 2009-03-02 14:47 --------- d-----w d:\program files\Common Files\Adobe AIR 2009-03-01 16:10 75,064 ----a-w d:\windows\system32\PnkBstrA.exe 2009-03-01 14:05 --------- d-----w d:\program files\JavaHMO 2009-03-01 14:05 --------- d-----w d:\program files\Common Files\TiVo Shared 2009-03-01 14:04 --------- d-----w d:\program files\Common Files\Java 2009-03-01 13:43 --------- d-----w d:\program files\Paragon Software 2009-03-01 12:57 --------- d-----w d:\program files\DiskInternals 2009-02-28 18:43 --------- d-----w d:\documents and settings\dP\Application Data\DAEMON Tools Pro 2009-02-28 18:42 --------- d-----w d:\program files\DAEMON Tools Pro 2009-02-28 18:37 --------- d-----w d:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-02-28 18:32 717,296 ----a-w d:\windows\system32\drivers\sptd.sys 2009-02-28 10:17 --------- d-----w d:\program files\HUB 2009-02-28 09:57 --------- d-----w d:\documents and settings\dP\Application Data\Red Alert 3 Demo 2009-02-27 22:05 --------- d-----w d:\program files\eMule 2009-02-25 16:34 --------- d-----w d:\program files\MSXML 4.0 2009-02-25 16:34 --------- d-----w d:\program files\DD PlayCam 2009-02-25 16:33 --------- d-----w d:\program files\VideoCAM Eye 2009-02-25 16:33 --------- d-----w d:\program files\Common Files\VCAMEye 2009-02-22 17:46 --------- d-----w d:\documents and settings\dP\Application Data\Sports Interactive 2009-02-22 17:39 --------- d-----w d:\program files\Sports Interactive 2009-02-22 17:38 --------- d-----w d:\documents and settings\All Users\Application Data\Sports Interactive 2009-02-16 22:50 --------- d--h--w d:\program files\Zero G Registry 2009-02-14 19:43 --------- d-----w d:\documents and settings\All Users\Application Data\Fallout3 2009-02-11 15:19 --------- d-----w d:\program files\Adobe Media Player 2009-02-10 21:57 --------- d-----w d:\program files\Common Files\Skype 2009-02-10 21:57 --------- d-----w d:\documents and settings\All Users\Application Data\Skype 2009-02-10 21:57 --------- d-----r d:\program files\Skype 2009-02-08 08:59 --------- d-----w d:\program files\Siber Systems 2009-02-07 19:48 682,280 ----a-w d:\windows\system32\pbsvc.exe 2009-02-07 19:48 22,328 ----a-w d:\documents and settings\dP\Application Data\PnkBstrK.sys 2009-02-07 19:36 --------- d-----w d:\program files\Activision 2009-02-06 12:24 56,280 ----a-w d:\windows\system32\drivers\epfwtdi.sys 2009-02-06 12:24 33,096 ----a-w d:\windows\system32\drivers\epfwndis.sys 2009-02-06 12:24 130,952 ----a-w d:\windows\system32\drivers\epfw.sys 2009-02-06 12:23 106,208 ----a-w d:\windows\system32\drivers\ehdrv.sys 2009-02-06 12:19 113,448 ----a-w d:\windows\system32\drivers\eamon.sys 2009-01-31 00:04 2,521 ----a-w d:\program files\Common Files\unins000.dat 2009-01-31 00:03 728,858 ----a-w d:\program files\Common Files\unins000.exe 2008-03-09 06:25 236 ---ha-w d:\program files\Common Files\dx.reg 2006-06-24 22:48 32,768 ----a-r d:\windows\inf\UpdateUSB.exe . ------- Sigcheck ------- 2009-04-01 00:12 31232 1ec93eaa7ba8fef99e00d26185b7f520 d:\windows\system32\userinit.exe 2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff d:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-04_21.45.18.23 ))))))))))))))))))))))))))))))))))))))))) . - 2009-04-04 17:31:52 70,066 ----a-w d:\windows\system32\perfc009.dat + 2009-04-04 19:46:59 70,066 ----a-w d:\windows\system32\perfc009.dat - 2009-04-04 17:31:52 435,920 ----a-w d:\windows\system32\perfh009.dat + 2009-04-04 19:46:59 435,920 ----a-w d:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-07 39408] "Skype"="d:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720] "DAEMON Tools Pro Agent"="d:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-01-26 228808] "Steam"="d:\program files\Steam\Steam.exe" [2009-03-04 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Six Engine"="d:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344] "PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936] "GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352] "snpstd"="d:\windows\vsnpstd.exe" [2005-10-11 339968] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888] "egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400] "RTHDCPL"="RTHDCPL.EXE" [2008-12-26 d:\windows\RTHDCPL.EXE] "Logitech Utility"="Logi_MwX.Exe" [2003-12-11 d:\windows\LOGI_MWX.EXE] d:\documents and settings\dP\Start Menu\Programs\Startup\ Adobe Media Player.lnk - d:\program files\Adobe Media Player\Adobe Media Player.exe [2009-02-11 261120] OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-03-21 3025232] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.XFR1"= xfcodec.dll "vidc.MJPG"= MJPEGCodecVFW.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "d:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\WINDOWS\\system32\\PnkBstrA.exe"= "d:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"= "d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "d:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"= "d:\\Program Files\\eMule\\emule.exe"= "d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe"= "c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATSysDemon.exe"= "d:\\WINDOWS\\system32\\dpvsetup.exe"= "d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"= "d:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 hotcore3;hc3ServiceName;d:\windows\system32\drivers\hotcore3.sys [2009-03-01 40496] R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208] R1 LUM;LUM;d:\windows\system32\drivers\LUM.sys [2007-06-05 16528] R1 LUMDriver;LUMDriver;d:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688] R2 acedrv11;acedrv11;d:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736] R2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720] R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;d:\windows\system32\drivers\l1e51x86.sys [2008-11-26 36864] S2 gupdate1c95ca59863e4d4;Google Update Service (gupdate1c95ca59863e4d4);d:\program files\Google\Update\GoogleUpdate.exe [2008-12-13 133104] S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808] --- Other Services/Drivers In Memory --- *NewlyCreated* - PNKBSTRB . Contents of the 'Scheduled Tasks' folder 2009-04-04 d:\windows\Tasks\Google Software Updater.job - d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 21:25] 2009-04-04 d:\windows\Tasks\GoogleUpdateTaskMachine.job - d:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 03:22] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q= FF - prefs.js: browser.search.selectedEngine - eBay FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q= FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\{b579a202-4a9e-478b-b9ab-048a4ce7833e}\components\FFExternalAlert.dll FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\piclens@cooliris.com\components\coolirisstub.dll FF - component: d:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll FF - plugin: d:\program files\Google\Google Earth Plugin\npgeplugin.dll FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: d:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: d:\program files\Opera\program\plugins\NPJava11.dll FF - plugin: d:\program files\Opera\program\plugins\NPJava12.dll FF - plugin: d:\program files\Opera\program\plugins\NPJava13.dll FF - plugin: d:\program files\Opera\program\plugins\NPJava14.dll FF - plugin: d:\program files\Opera\program\plugins\NPJava32.dll FF - plugin: d:\program files\Opera\program\plugins\NPJPI142_06.dll FF - plugin: d:\program files\Opera\program\plugins\NPOJI610.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-04 23:19:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1085031214-436374069-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1085031214-436374069-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:98,0b,2f,d9,1c,ad,6a,09,a3,66,1f,f9,84,cd,05,e0,78,39,50,6d,e6, da,ec,51,b7,0d,25,4a,16,b6,58,10,7b,5b,55,76,bf,ce,ad,f4,c7,32,37,37,1d,68,\ "rkeysecu"=hex:07,31,a4,ab,e5,fc,54,9e,3c,9e,b3,f3,2a,52,5e,e0 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):06,b1,30,d0,96,61,69,83,f8,c0,ef,3a,d7,f3,13,a3,5b,32,93,18,a0, 51,98,0c,c8,8b,c4,b9,87,1c,21,0d,d1,fa,8e,7f,c4,90,8c,a0,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c1b3b457-792a-4e4a-940f-648264f3a59c}] @Denied: (Full) (Everyone) "Model"=dword:0000016b "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1108) d:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-04 23:21:32 ComboFix-quarantined-files.txt 2009-04-04 21:20:15 ComboFix2.txt 2009-04-04 19:45:48 Pre-Run: 19,785,834,496 bytes free Post-Run: 19,772,669,952 bytes free 290