Tom
NOTE: Prior to running Combo Fix, I ran a program from MS called Process Explorer. Apparently
the PMC Loader is trying to access MS.net Framework when it gives me the error. Pinnacle
software uses version 2 and I have version 3 installed.
Also, Combo Fix detected that my anti-virus was running, even though I had disabled it.
Below is the log for Combo Fix:
ComboFix 09-04-13.A2 - Media 2009-04-13 8:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.568 [GMT -4:00]
Running from: \\Schantz\shared files\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Media\nah_nsgf.exe
c:\windows\emMON.exe
c:\windows\system32\skinboxer43.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-11 18:18 . 2009-04-11 18:18 -------- d-----w c:\documents and settings\Media\Application Data\Malwarebytes
2009-04-11 18:18 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-11 18:18 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 18:18 . 2009-04-11 18:18 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-10 19:53 . 2009-04-10 19:53 -------- d-----w c:\documents and settings\Media\Application Data\Uniblue
2009-04-01 20:12 . 2009-04-13 09:49 -------- d-----w c:\documents and settings\Media\Local Settings\Application Data\Pinnacle
2009-04-01 20:11 . 2007-10-18 15:59 63248 ------w c:\windows\system32\MASD32.DLL
2009-04-01 20:11 . 2007-10-18 15:59 33040 ------w c:\windows\system32\MA32.DLL
2009-04-01 20:11 . 2007-10-18 15:59 201488 ------w c:\windows\system32\MACD32.DLL
2009-04-01 20:11 . 2007-10-18 15:59 144144 ------w c:\windows\system32\MASE32.DLL
2009-04-01 20:11 . 2007-10-18 15:59 141584 ------w c:\windows\system32\MAMC32.DLL
2009-04-01 20:11 . 2004-06-03 15:47 385100 ------w c:\windows\system32\MSVCRTD.DLL
2009-04-01 20:11 . 2003-03-19 09:28 2179072 ------w c:\windows\system32\mfc71d.dll
2009-04-01 20:11 . 2003-03-19 08:04 765952 ------w c:\windows\system32\msvcp71d.dll
2009-04-01 20:11 . 2003-03-19 08:03 544768 ------w c:\windows\system32\msvcr71d.dll
2009-04-01 20:11 . 2002-01-06 00:16 737280 ------w c:\windows\system32\msvcp70d.dll
2009-04-01 20:11 . 2002-01-06 00:16 536576 ------w c:\windows\system32\msvcr70d.dll
2009-04-01 15:39 . 2009-04-01 15:39 -------- d-----w c:\documents and settings\Media\Local Settings\Application Data\PCHealth
2009-03-30 19:51 . 2009-03-30 19:51 -------- d-----w c:\documents and settings\Media\Local Settings\Application Data\ApplicationHistory
2009-03-30 10:18 . 2009-01-09 19:19 1089593 -c----w c:\windows\system32\dllcache\ntprint.cat
2009-03-29 19:04 . 2009-04-09 11:54 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 18:26 . 2009-04-10 19:23 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-29 17:46 . 2009-03-29 17:46 -------- d-----w c:\windows\system32\XPSViewer
2009-03-29 17:45 . 2009-03-29 17:45 -------- d-----w C:\fb0fb78965a88fd877a79510
2009-03-29 17:45 . 2008-07-06 12:06 89088 -c----w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-29 17:45 . 2008-07-06 12:06 575488 -c----w c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-29 17:45 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-03-29 17:45 . 2008-07-06 12:06 1676288 -c----w c:\windows\system32\dllcache\xpssvcs.dll
2009-03-29 17:45 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-03-29 17:45 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-03-29 17:45 . 2008-07-06 10:50 597504 -c----w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-29 17:40 . 2009-03-29 17:40 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-03-29 17:40 . 2009-03-29 17:40 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-29 17:40 . 2008-04-13 23:11 21504 ----a-w c:\windows\system32\drivers\hidserv.dll
2009-03-29 17:38 . 2009-03-29 17:38 -------- d-----w c:\windows\system32\URTTEMP
2009-03-29 16:25 . 2006-03-24 00:12 139264 ----a-w c:\windows\system32\igfxres.dll
2009-03-29 16:22 . 2009-03-29 16:22 -------- d-----w c:\documents and settings\Media\Application Data\Windows Search
2009-03-29 16:17 . 2009-03-29 16:17 -------- d-----w C:\DellMPv3.1.1
2009-03-29 16:17 . 2008-08-21 10:38 20480 ----a-r c:\windows\system32\drivers\omci.sys
2009-03-29 16:15 . 2006-04-26 18:59 217185 ----a-w c:\windows\system32\GTDownDE_130.ocx
2009-03-29 16:15 . 2009-03-29 16:15 -------- d--h--w c:\documents and settings\Media\Application Data\GTek
2009-03-29 16:15 . 2009-03-29 16:15 -------- d-----w c:\documents and settings\All Users\Application Data\GTek
2009-03-29 16:13 . 2009-03-29 16:13 -------- d-----w C:\Dell_OpenManage_Client_Connector_v21
2009-03-29 16:03 . 2009-04-11 22:02 -------- d-----w c:\documents and settings\All Users\Application Data\Prism
2009-03-29 16:01 . 2009-03-29 16:01 -------- d-----w c:\windows\Downloaded Installations
2009-03-29 15:32 . 2006-03-24 00:38 61440 ----a-w c:\windows\system32\iAlmCoIn_v4543.dll
2009-03-29 15:14 . 2009-03-29 16:14 5 ----a-w c:\windows\system32\drivers\DELL_OPT_GX520.MRK
2009-03-29 15:14 . 2009-03-29 16:14 5 ----a-w c:\windows\system32\drivers\1028_DELL_OPT_GX520.MRK
2009-03-19 22:10 . 2009-03-19 22:10 -------- d-----w C:\aa23f2ed6f47cea8a86a1a
2009-03-19 22:10 . 2009-03-19 22:10 -------- d-----w C:\2c44e57fdd36e22165a8cb8f3a
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 22:02 . 2009-01-18 21:54 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 18:18 . 2009-04-11 18:18 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 11:54 . 2009-03-29 19:04 -------- d-----w c:\program files\SpywareBlaster
2009-04-08 23:52 . 2009-01-18 21:54 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-06 02:09 . 2009-03-11 23:58 -------- d-----w c:\documents and settings\Media\Application Data\Move Networks
2009-04-01 22:49 . 2009-04-01 22:49 -------- d-----w c:\program files\Trend Micro
2009-04-01 20:12 . 2009-01-18 23:26 14936 ----a-w c:\documents and settings\Media\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-01 20:11 . 2009-01-19 00:25 -------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2009-04-01 20:10 . 2009-03-07 20:57 -------- d-----w c:\program files\Pinnacle
2009-03-29 18:27 . 2009-03-29 18:26 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-29 17:45 . 2009-03-29 17:45 -------- d-----w c:\program files\MSBuild
2009-03-29 17:45 . 2009-03-29 17:45 -------- d-----w c:\program files\Reference Assemblies
2009-03-29 17:39 . 2009-03-29 17:39 -------- d-----w c:\program files\HP Wireless Keyboard
2009-03-29 16:17 . 2009-01-18 21:56 -------- d-----w c:\program files\Dell
2009-03-29 16:15 . 2009-03-29 16:15 -------- d-----w c:\program files\Dell Support
2009-03-29 16:01 . 2009-01-18 21:56 -------- d-----w c:\program files\Broadcom
2009-03-27 11:45 . 2009-03-27 11:45 -------- d-----w c:\program files\CCleaner
2009-03-21 17:30 . 2009-01-19 01:25 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-11 22:56 . 2009-03-11 22:56 169896 ----a-w c:\windows\system32\DellSys.dll
2009-03-07 23:28 . 2009-03-07 23:28 48456 ----a-w c:\windows\system32\UninstallElectricSheep.exe
2009-03-07 21:00 . 2009-03-07 21:00 -------- d-----w c:\program files\DivX
2009-03-07 20:58 . 2009-03-07 20:58 -------- d-----w c:\program files\MSXML 4.0
2009-03-07 20:56 . 2009-03-07 20:56 -------- d-----w c:\program files\Common Files\Adobe
2009-03-07 20:48 . 2009-01-19 01:23 -------- d-----w c:\program files\Team MediaPortal
2009-03-07 20:44 . 2009-01-19 01:23 -------- d-----w c:\documents and settings\All Users\Application Data\Team MediaPortal
2009-03-01 01:49 . 2009-01-19 01:19 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-22 17:42 . 2009-02-22 17:07 -------- d-----w c:\program files\Premium Downloads for PC Full
2009-02-22 17:41 . 2009-02-22 17:08 -------- d-----w c:\program files\Webcam Feed Finder Full
2009-02-22 17:41 . 2009-02-22 17:06 -------- d-----w c:\program files\TV Mesh Full
2009-02-22 17:18 . 2009-02-22 17:18 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-02-22 17:18 . 2004-08-04 12:00 361600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2009-02-22 15:37 . 2009-02-22 15:36 -------- d-----w c:\program files\Hunting Unlimited 2009
2009-02-20 01:33 . 2009-02-20 01:33 -------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-02-20 01:33 . 2009-02-20 01:33 -------- d-----w c:\program files\Deer Drive
2009-02-14 20:05 . 2009-02-14 20:05 -------- d-----w c:\program files\Netflix
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-01-18 23:11 . 2009-01-18 23:11 60800 -c--a-w c:\windows\system32\S32EVNT1.DLL
2009-01-18 22:40 . 2009-01-18 21:00 86327 -c--a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-01-18 22:35 . 2004-08-04 12:00 250048 --sha-r C:\ntldr
2009-01-18 20:57 . 2009-01-18 20:57 21640 -c--a-w c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-02-22 17:18 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-02-22 17:18 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2008-11-18 226576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-01-12 115560]
"BtcMaestro"="c:\program files\HP Wireless Keyboard\KMaestro.exe" [2005-02-21 245760]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \
0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 04:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-03-23 20:13 77824 c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-03-23 20:17 118784 c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-03-23 20:17 94208 c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 14:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ElectricSheep.scr"=
"\\\\schantz\\Shared Files\\Process Explorer.exe"=
R3 OmniTV;Cx2388x AvStream Video Capture;c:\windows\system32\DRIVERS\OmniTV.sys [2008-08-18 401280]
S2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2005-03-08 61440]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-Symantec Antvirus
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Media\Application Data\Mozilla\Firefox\Profiles\nd28rmcx.default\
FF - plugin: c:\documents and settings\Media\Application Data\Mozilla\Firefox\Profiles\nd28rmcx.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-13 08:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,a4,ad,03,3f,d6,
d0,4a,1e,e2,63,26,f1,3f,c8,ff,68,37,63,89,7e,6b,5f,7a,76,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,77,82,8e,b8,e3,
b5,e7,8d,6a,9c,d6,61,af,45,84,18,74,bc,7f,c1,3c,be,47,2a,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,ab,ac,b2,19,c8,
72,ef,af,ff,7c,85,e0,43,d4,0e,fe,0f,73,a5,51,97,05,97,8b,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,ed,9d,f7,23,58,
3d,c9,ce,86,8c,21,01,be,91,eb,e7,27,1b,db,30,16,3b,e8,8a,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,61,93,ac,9b,d7,
9a,79,99,f5,1d,4d,73,a8,13,5c,05,39,00,54,7c,45,fd,31,34,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,c8,ab,a2,b7,2f,
42,7e,d7,df,20,58,62,78,6b,cf,c8,92,dc,a0,50,52,24,e1,1f,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,b5,ba,4e,a1,cd,
2a,c4,ed,fb,a7,78,e6,12,2f,9a,ea,52,c6,0d,e8,8f,43,95,e5,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,a4,98,0f,7b,ec,
e4,40,21,01,3a,48,fc,e8,04,4a,f1,8a,62,d7,4d,c6,6c,02,b0,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,72,3d,4d,16,20,
2e,76,be,f6,0f,4e,58,98,5b,89,c9,b1,35,81,d5,c2,fa,27,ac,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,0c,cd,5a,24,f3,
36,1b,6c,3d,ce,ea,26,2d,45,aa,78,7e,03,96,d3,8f,c5,b4,59,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,68,6f,00,fc,65,
17,dd,3e,2a,b7,cc,b5,b9,7f,41,e7,67,8b,0c,db,d4,e3,67,91,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,50,db,29,d7,c1,
3f,10,d5,6c,43,2d,1e,aa,22,2f,9c,2c,ac,50,00,91,ae,ff,a3,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-13 8:22
ComboFix-quarantined-files.txt 2009-04-13 12:22
Pre-Run: 26,728,435,712 bytes free
Post-Run: 28,213,972,992 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
259 --- E O F --- 2009-04-01 13:44