ComboFix 10-09-04.06 - Owner 09/05/2010 8:46:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1284 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\1.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\a.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\b.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\c.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\d.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\e.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\f.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\g.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\h.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\i.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\J.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\k.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\l.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\m.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\mru.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\n.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\o.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\p.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\q.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\r.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\s.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\t.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\u.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\v.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\w.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\x.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\y.xml
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\z.xml
C:\Program Files\UNWISE.EXE
C:\WINDOWS\Fonts\advapi32.dll
C:\WINDOWS\system32\11478.exe
C:\WINDOWS\system32\11538.exe
C:\WINDOWS\system32\11942.exe
C:\WINDOWS\system32\12382.exe
C:\WINDOWS\system32\14604.exe
C:\WINDOWS\system32\14771.exe
C:\WINDOWS\system32\153.exe
C:\WINDOWS\system32\15724.exe
C:\WINDOWS\system32\16827.exe
C:\WINDOWS\system32\17421.exe
C:\WINDOWS\system32\18716.exe
C:\WINDOWS\system32\19718.exe
C:\WINDOWS\system32\19895.exe
C:\WINDOWS\system32\21726.exe
C:\WINDOWS\system32\23281.exe
C:\WINDOWS\system32\24464.exe
C:\WINDOWS\system32\26962.exe
C:\WINDOWS\system32\28145.exe
C:\WINDOWS\system32\292.exe
C:\WINDOWS\system32\29358.exe
C:\WINDOWS\system32\2995.exe
C:\WINDOWS\system32\32391.exe
C:\WINDOWS\system32\3902.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\4827.exe
C:\WINDOWS\system32\491.exe
C:\WINDOWS\system32\5436.exe
C:\WINDOWS\system32\5447.exe
C:\WINDOWS\system32\5705.exe
C:\WINDOWS\system32\9961.exe
C:\WINDOWS\system32\Agent.OMZ.Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\UAClmneityn.log
C:\WINDOWS\system32\UACroyeheos.dat
C:\WINDOWS\system32\UACxvmefkje.log
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACD.SYS
((((((((((((((((((((((((( Files Created from 2010-08-05 to 2010-09-05 )))))))))))))))))))))))))))))))
.
2010-09-03 18:53:59 . 2010-04-29 19:39:38 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-03 18:53:57 . 2010-09-03 18:54:03 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware3
2010-09-03 18:53:57 . 2010-04-29 19:39:26 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-02 12:02:08 . 2010-09-02 12:02:08 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Avira
2010-09-02 11:58:10 . 2010-09-02 11:58:10 -------- d-----w- C:\Program Files\Avira
2010-09-02 11:58:10 . 2010-09-02 11:58:10 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2010-09-02 11:58:10 . 2010-03-01 14:05:26 124784 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2010-09-02 11:58:10 . 2010-02-16 18:24:02 60936 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2010-09-02 11:58:10 . 2009-05-11 16:49:28 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2010-09-02 11:58:10 . 2009-05-11 16:49:28 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2010-09-02 11:41:54 . 2010-09-02 11:41:54 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Uniblue
2010-09-01 22:40:09 . 2010-09-01 22:40:09 -------- d-----w- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
2010-09-01 12:04:22 . 2010-09-01 12:07:47 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware2
2010-08-31 12:37:50 . 2010-08-31 12:36:37 1129120 ----a-w- C:\Documents and Settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-31 12:26:43 . 2010-09-02 10:56:41 -------- d-----w- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-08-31 11:05:30 . 2010-08-31 11:05:30 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy
2010-08-30 15:56:44 . 2010-08-30 15:56:44 453 ----a-w- C:\Program Files\0830201011564409.bat
2010-08-08 14:57:21 . 2009-01-08 21:10:53 -------- d-----w- C:\0beafcea724b194507f7ff04
2010-08-08 09:16:56 . 2009-01-08 21:15:03 -------- d-----w- C:\Documents and Settings\Owner\Local Settings\Application Data\mdelihtqq
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-05 12:41:09 . 2010-04-03 22:03:57 256 ----a-w- C:\WINDOWS\system32\pool.bin
2010-09-05 12:39:17 . 2007-02-13 12:33:47 -------- d-----w- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2010-09-04 06:07:03 . 2010-01-24 16:10:27 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2010-09-04 05:17:23 . 2006-02-15 07:32:10 57600 ----a-w- C:\WINDOWS\system32\drivers\redbook.sys
2010-09-03 18:53:57 . 2010-01-24 16:10:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-02 11:34:00 . 2006-02-16 09:55:04 -------- d-----w- C:\Program Files\Common Files\AOL
2010-09-02 11:27:51 . 2006-02-16 09:55:11 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AOL
2010-09-02 11:27:38 . 2007-02-09 21:21:24 -------- d-----w- C:\Documents and Settings\Owner\Application Data\AOL
2010-09-02 11:19:40 . 2010-05-21 17:16:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-09-02 11:10:54 . 2009-03-08 15:31:42 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2010-09-02 11:06:20 . 2009-06-01 11:19:56 -------- d-----w- C:\Documents and Settings\Owner\Application Data\WebbIE
2010-09-02 02:47:49 . 2010-09-02 02:47:19 1088 ----a-w- C:\WINDOWS\system32\drivers\kgpcpy.cfg
2010-09-01 19:44:18 . 2006-02-17 09:57:20 -------- d-----w- C:\Program Files\DIGStream
2010-08-31 11:05:34 . 2007-11-17 17:05:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-31 10:53:02 . 2007-11-17 17:05:15 -------- d-----w- C:\Program Files\Lavasoft
2010-08-30 16:05:08 . 2006-02-25 07:02:55 1324 ----a-w- C:\WINDOWS\system32\d3d9caps.dat
2010-08-30 16:04:59 . 2010-05-17 00:33:27 -------- d-----w- C:\Program Files\Oberon Media
2010-08-25 11:00:03 . 2007-02-17 17:24:00 3485 ----a-w- C:\Documents and Settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-08-20 17:08:38 . 2008-10-29 16:38:21 17408 ----a-w- C:\psapi.dll
2010-08-18 19:01:08 . 2008-07-02 16:17:01 46 -c--a-w- C:\Documents and Settings\Owner\jagex_runescape_preferences.dat
2010-08-18 18:58:24 . 2009-12-23 01:00:12 99 ----a-w- C:\Documents and Settings\Owner\jagex_runescape_preferences2.dat
2010-08-09 04:23:01 . 2007-02-10 00:20:21 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Trend Micro
2010-08-06 18:07:56 . 2010-01-08 23:31:16 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Norton
2010-08-06 18:07:55 . 2008-01-05 01:56:15 -------- d-----w- C:\Program Files\Norton Security Scan
2010-07-25 00:30:46 . 2010-07-25 00:30:46 -------- d-----w- C:\Documents and Settings\Owner\Application Data\Unity
2010-07-24 23:20:04 . 2010-07-24 23:20:04 -------- d-----w- C:\Program Files\Unity
2010-07-18 08:45:20 . 2010-07-18 08:45:20 -------- d-----w- C:\Documents and Settings\Owner\Application Data\iWin
2010-07-18 08:40:59 . 2010-07-18 08:40:59 -------- d-----w- C:\Program Files\Common Files\Oberon Media
2010-07-18 08:35:01 . 2010-07-18 08:35:01 -------- d-----w- C:\Program Files\Conduit
2010-07-18 08:35:01 . 2010-07-18 08:34:59 -------- d-----w- C:\Program Files\TranslatorBar_1
2010-07-10 15:53:10 . 2009-09-30 14:09:08 -------- d-----w- C:\Program Files\My.Freeze.com Toolbar
2010-06-30 12:31:35 . 2006-02-15 14:03:52 149504 ----a-w- C:\WINDOWS\system32\schannel.dll
2010-06-29 18:38:57 . 2010-04-30 16:13:39 439816 -c--a-w- C:\Documents and Settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-06-24 12:22:03 . 2006-02-15 14:04:21 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2010-06-23 13:44:04 . 2006-02-15 14:04:21 1851904 ----a-w- C:\WINDOWS\system32\win32k.sys
2010-06-21 15:27:11 . 2006-02-15 14:04:02 354304 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2010-06-17 14:03:00 . 2006-02-15 14:02:52 80384 ----a-w- C:\WINDOWS\system32\iccvid.dll
2010-06-15 00:23:14 . 2010-06-27 17:09:10 607472 -c--a-w- C:\Documents and Settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:31:20 . 2006-02-15 15:36:36 744448 ----a-w- C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41:45 . 2006-02-15 14:03:21 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
2010-06-03 22:24:50 2736736 ----a-w- C:\Program Files\TranslatorBar_1\tbTran.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{00bf7b9c-acd2-4080-bea8-b1c41987070f}"= "C:\Program Files\TranslatorBar_1\tbTran.dll" [2010-06-03 22:24:50 2736736]
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{00BF7B9C-ACD2-4080-BEA8-B1C41987070F}"= "C:\Program Files\TranslatorBar_1\tbTran.dll" [2010-06-03 22:24:50 2736736]
[HKEY_CLASSES_ROOT\clsid\{00bf7b9c-acd2-4080-bea8-b1c41987070f}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 08:32:20 65536]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 00:05:26 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 08:32:58 761945]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 22:02:24 352256]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 08:34:16 82009]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 20:25:22 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 05:00:12 282624]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 00:13:20 122880]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 13:20:00 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 01:37:26 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 20:37:40 667718]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 07:37:48 196608]
"TDispVol"="TDispVol.exe" [2005-03-11 23:03:16 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 05:55:14 98304]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 05:55:58 118784]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 05:52:00 77824]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:56:34 64512]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 14:29:08 88203]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-30 10:59:28 149280]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2010-03-17 20:55:42 1565696]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 15:28:32 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18:15 443968]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 393216]
SDK Tray Menu.lnk - C:\Sun\SDK\jdk\bin\javaw.exe [2009-3-8 139264]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-2-15 155648]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"C:\\Program Files\\Petersons\\GED\\jre\\bin\\java.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\DesktopDialer\\DesktopDialer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CTpdpsrv.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Sun\\SDK\\jdk\\bin\\java.exe"=
"C:\\WINDOWS\\system32\\spoolsv.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [9/2/2010 7:58:12 AM 135336]
R2 QuickBooksDB17;QuickBooksDB17;C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S1 uxlmjfxw;uxlmjfxw;\??\C:\WINDOWS\system32\drivers\uxlmjfxw.sys --> C:\WINDOWS\system32\drivers\uxlmjfxw.sys [?]
S2 gupdate1ca40e5bebe50f4;Google Update Service (gupdate1ca40e5bebe50f4);C:\Program Files\Google\Update\GoogleUpdate.exe [9/29/2009 5:17:48 AM 133104]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [5/13/2006 7:21:54 PM 30192]
S3 SVRPEDRV;SVRPEDRV;\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys --> C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX0\S10VWF\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-09-05 C:\WINDOWS\Tasks\Malwarebytes' Anti-Malware.job
- C:\PROGRA~1\MALWAR~1\mbam.exe [2010-09-03 18:53:58 . 2010-04-29 19:39:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
HKCU-Run-RegistryBooster - C:\Program Files\Uniblue\RegistryBooster\launcher.exe
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-05 08:54:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.