I am not sure how much of the log should be posted... In case I will post them in their entire form if that is a problem let me know. Also Malwarebytes did not find anything so log for that should not be needed. I will post Hijackthis in the next post because logs take too much space for posting.
ComboFix 10-04-19.08 - kasut 04/21/2010 6:16.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2851 [GMT 3:00]
Running from: d:\documents and settings\kasut\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1335 [VPS 100420-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.
2010-04-20 06:56 . 2010-04-20 06:56 -------- d-----w- d:\documents and settings\kasut\Local Settings\Application Data\4A Games
2010-04-20 06:54 . 2010-02-04 07:01 74072 ----a-w- d:\windows\system32\XAPOFX1_4.dll
2010-04-20 06:54 . 2010-02-04 07:01 528216 ----a-w- d:\windows\system32\XAudio2_6.dll
2010-04-20 06:54 . 2010-02-04 07:01 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-04-20 06:54 . 2010-02-04 07:01 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-04-20 03:22 . 2005-06-15 00:00 102400 ----a-w- d:\windows\system32\tsccvid.dll
2010-04-20 03:21 . 2010-04-20 03:39 162816 ----a-w- d:\windows\system32\fmod.dll
2010-04-19 13:31 . 2009-02-05 20:06 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-04-19 13:31 . 2009-02-05 20:06 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-04-19 13:31 . 2009-02-05 20:05 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-04-19 13:31 . 2009-02-05 20:04 97480 ----a-w- d:\windows\system32\AvastSS.scr
2010-04-19 13:31 . 2009-02-05 20:08 93296 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-04-19 13:31 . 2009-02-05 20:08 94032 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-04-19 13:31 . 2009-02-05 20:07 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-04-19 13:31 . 2009-02-05 20:07 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-04-19 13:31 . 2009-02-05 20:11 1256296 ----a-w- d:\windows\system32\aswBoot.exe
2010-04-19 12:30 . 2010-04-19 13:25 -------- d-----w- d:\windows\Left 4 Dead
2010-04-19 12:22 . 2010-04-19 12:22 -------- d-----w- d:\windows\system32\wbem\Repository
2010-04-19 12:20 . 2010-04-19 12:20 -------- d-----w- D:\New.Moon.DVDRip.XviD-NeDiVx
2010-04-17 12:55 . 2010-04-17 12:55 -------- d-----w- d:\documents and settings\kasut\log
2010-04-15 02:02 . 2010-04-15 02:02 -------- d-----w- d:\documents and settings\kasut\Application Data\AVG8
2010-04-03 14:07 . 2009-05-18 10:17 26600 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-03 14:07 . 2008-04-17 09:12 107368 ----a-w- d:\windows\system32\GEARAspi.dll
2010-04-03 14:06 . 2010-04-03 14:06 -------- d-----w- d:\program files\iPod
2010-04-03 14:06 . 2010-04-03 14:07 -------- d-----w- d:\program files\iTunes
2010-04-02 16:00 . 2010-04-02 16:01 -------- d-----w- d:\program files\QuickTime
2010-04-02 13:41 . 2010-04-06 06:42 -------- d-----w- d:\documents and settings\kasut\Application Data\Apple Computer
2010-04-02 13:40 . 2010-04-02 13:40 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\documents and settings\kasut\Local Settings\Application Data\Apple
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\program files\Apple Software Update
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\program files\Bonjour
2010-04-02 13:38 . 2010-04-03 14:06 -------- d-----w- d:\program files\Common Files\Apple
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2010-03-27 11:22 . 2010-03-27 11:22 -------- d-----w- d:\program files\IrfanView
2010-03-25 22:48 . 2010-03-25 22:48 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-24 15:59 . 2010-03-24 15:59 0 ----a-w- d:\documents and settings\kasut\jagex__preferences3.dat
2010-03-24 06:27 . 2010-03-24 06:27 1 ----a-w- d:\documents and settings\kasut\SI.bin
2010-03-22 06:29 . 2010-03-22 06:29 -------- d-----w- d:\documents and settings\kasut\Application Data\Ubisoft
2010-03-22 06:28 . 2009-09-04 15:44 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2010-03-22 06:28 . 2009-09-04 15:44 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2010-03-22 06:28 . 2009-09-04 15:29 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 03:10 . 2010-01-15 12:14 0 -c--a-w- d:\documents and settings\kasut\Local Settings\Application Data\prvlcl.dat
2010-04-21 03:08 . 2009-09-02 13:50 75 ----a-w- d:\documents and settings\kasut\jagex_runescape_preferences2.dat
2010-04-21 03:08 . 2009-07-21 11:39 69 ----a-w- d:\documents and settings\kasut\jagex_runescape_preferences.dat
2010-04-20 18:46 . 2009-11-28 08:17 -------- d-----w- d:\documents and settings\kasut\Application Data\vlc
2010-04-20 09:46 . 2009-07-21 04:52 -------- d-----w- d:\documents and settings\kasut\Application Data\uTorrent
2010-04-20 06:51 . 2010-02-11 16:42 -------- d-----w- d:\program files\NVIDIA Corporation
2010-04-20 06:51 . 2009-07-21 14:04 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-04-20 05:34 . 2009-12-31 05:12 -------- d-----w- d:\program files\PowerArchiver
2010-04-19 13:37 . 2009-08-13 09:47 -------- d-----w- d:\program files\GameSpy
2010-04-19 13:33 . 2009-07-20 17:54 45176 -c--a-w- d:\documents and settings\kasut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 13:06 . 2009-07-20 18:57 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-04-06 08:08 . 2010-01-07 11:23 -------- d-----w- d:\program files\Sonne Video Converter
2010-04-06 06:43 . 2009-10-10 07:46 -------- d-----w- d:\documents and settings\kasut\Application Data\AVI ReComp
2010-04-02 13:40 . 2010-01-07 11:23 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2010-03-24 09:01 . 2009-07-20 17:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-03-16 16:30 . 2009-07-31 13:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft
2010-03-12 09:26 . 2009-07-21 04:35 600144 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-11 04:14 . 2009-07-21 04:37 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-03-08 17:19 . 2010-03-08 17:19 -------- d-----w- d:\documents and settings\kasut\Application Data\enchant
2010-03-08 17:18 . 2009-12-22 11:43 -------- d-----w- d:\program files\AbiWord
2010-03-08 12:31 . 2010-03-04 16:38 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-03-08 12:31 . 2009-07-21 04:53 -------- d-----w- d:\program files\uTorrent
2010-03-04 16:37 . 2010-03-04 16:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2010-02-12 08:46 . 2010-02-12 08:46 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-02-12 08:46 . 2010-02-12 08:46 107808 ----a-w- d:\windows\system32\dns-sd.exe
2010-02-12 05:51 . 2010-02-12 05:51 88064 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.62.0A.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-10-17 12:56 . 2009-10-17 12:56 164352 -csh--w- d:\windows\system32\SC.dll
.
------- Sigcheck -------
[-] 2008-08-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"AVGIDS"="d:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DownloadStudio"="d:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" [2009-07-09 156312]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"CAPON"="d:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-19 22528]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LBP-800 Status Window.LNK - d:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2009-8-8 112640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 06:16 11952 ----a-w- d:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Steam\\steamapps\\common\\baboinvasion\\BaboInvasion.exe"=
R0 AVGIDSErHr;AVGIDSErHr;d:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 12:46 PM 25608]
R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [7/21/2009 8:03 AM 12552]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [8/9/2009 3:45 PM 28544]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [4/19/2010 4:31 PM 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [7/21/2009 8:03 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [7/21/2009 8:03 AM 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [7/21/2009 8:08 AM 108289]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [4/19/2010 4:31 PM 20560]
R2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [7/21/2009 8:03 AM 908056]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [7/31/2009 9:16 AM 297752]
R2 avgfws8;AVG8 Firewall;d:\progra~1\AVG\AVG8\avgfws8.exe [7/31/2009 9:16 AM 1370488]
R2 RapidPort;RapidPort;d:\windows\system32\drivers\CAPLPTN.SYS [1/27/2010 10:18 AM 23008]
R3 Avgfwdx;Avgfwdx;d:\windows\system32\drivers\avgfwdx.sys [7/21/2009 8:02 AM 29208]
R3 AVGIDSDriver;AVGIDSDriver;d:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 12:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;d:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 12:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;d:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 12:46 PM 27232]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [8/9/2009 4:42 PM 721904]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 12:46 PM 5576712]
S2 AVGIDSWatcher;AVGIDSWatcher;d:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 12:46 PM 563720]
S3 Avgfwfd;AVG network filter service;d:\windows\system32\drivers\avgfwdx.sys [7/21/2009 8:02 AM 29208]
S3 cpuz130;cpuz130;\??\d:\docume~1\kasut\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\kasut\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\kasut\Application Data\Mozilla\Firefox\Profiles\ygovtb28.default\
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: d:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll
---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-UIWatcher - d:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-nwiz - d:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-DAEMON Tools Toolbar - d:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-NVIDIA nView Desktop Manager - d:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-QuicktimeAlt_is1 - d:\program files\Sonne Video Converter\codec\quicktime\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-21 06:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1547161642-1965331169-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4278CC6E-EC43-311C-5A37-EFB25CE80A21}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1547161642-1965331169-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:19,e4,89,9f,08,0a,1f,db,3c,c0,6f,f9,50,d7,bd,95,64,63,ad,c8,93,
41,40,70,c8,86,69,17,bf,36,14,28,36,07,24,27,d0,be,1b,b5,3a,55,4d,67,ad,25,\
"rkeysecu"=hex:29,19,a1,af,88,25,43,b6,eb,d1,00,82,c1,e1,57,21
.
Completion time: 2010-04-21 06:20:19
ComboFix-quarantined-files.txt 2010-04-21 03:20
Pre-Run: 4,459,175,936 bytes free
Post-Run: 4,489,142,272 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(2)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut
- - End Of File - - 5F35ADD683C618CA25C16D3405BEC143