Jump to content

Trojan that disables use of applications


Profeus

Recommended Posts

I downloaded a key-gen program from the Internet (which turned out to be a trojan) onto both my fathers and my own computers and since it ran I can't run any of my anti-virus programs, amongst other executables.

I found this thread : Trojan - malwarebytes.org and thought that you might be able to help me solve my problem.

I am using Avast, Ad-aware and Windows Defender which I now can't access, It displays the messages "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item." for Avast, "Failed to connect to service" for Ad-aware and one I don't understand for Windows Defender.

I downloaded and ran the Combofix.exe software that was posted on that link and this is the log it produced for each computer.

;) What should I do next? :o

###############################################################################

COMPUTER 1

ComboFix 09-09-28.01 - Mark Hallam 30/09/2009 0:41.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3582.3033 [GMT 10:00]

Running from: c:\documents and settings\Mark Hallam\My Documents\Downloads\ComboFix.exe

AV: avast! antivirus 4.8.1351 [VPS 090928-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\documents and settings\Mark Hallam\My Documents\ZbThumbnail.info

C:\setup.exe

c:\windows\Installer\1080b3fc.msp

c:\windows\Installer\127a7ade.msp

c:\windows\Installer\18222950.msp

c:\windows\Installer\186b915.msp

c:\windows\Installer\1de365d.msp

c:\windows\Installer\268414a.msp

c:\windows\Installer\31a8fc6.msp

c:\windows\Installer\32e2497.msp

c:\windows\Installer\3ec1a3b.msp

c:\windows\Installer\41a7358.msp

c:\windows\Installer\4d63800.msp

c:\windows\Installer\5248f10.msp

c:\windows\Installer\582c960.msp

c:\windows\Installer\5c62b2.msp

c:\windows\Installer\5da1f68.msp

c:\windows\Installer\7045563.msp

c:\windows\Installer\70ae50.msp

c:\windows\Installer\7831d6.msp

c:\windows\Installer\840eaeb.msp

c:\windows\Installer\91250c1.msp

c:\windows\Installer\940ce10.msp

c:\windows\Installer\992a44.msp

c:\windows\Installer\9c1362.msp

c:\windows\Installer\a4ae032.msp

c:\windows\Installer\aa91a54.msp

c:\windows\Installer\b3c126.msp

c:\windows\Installer\c2ab357.msp

c:\windows\Installer\c56d0.msp

c:\windows\Installer\d730832.msp

c:\windows\Installer\d839552.msp

c:\windows\Installer\e670820.msp

c:\windows\Installer\e9822c.msp

c:\windows\Installer\ff4ee58.msi

c:\windows\Installer\WMEncoder.msi

c:\windows\msa.exe

c:\windows\msb.exe

c:\windows\system32\_000007_.tmp.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))

.

2009-09-29 14:17 . 2009-09-29 14:17 -------- d--h--w- c:\windows\PIF

2009-09-29 14:05 . 2009-09-29 14:05 -------- d-----w- c:\program files\Windows Defender

2009-09-29 13:44 . 2009-09-29 14:09 0 ----a-r- c:\windows\win32k.sys

2009-09-24 14:40 . 2009-09-24 14:40 -------- d-----w- c:\documents and settings\Mark Hallam\Local Settings\Application Data\MagicSoftware

2009-09-24 14:40 . 2009-09-24 14:40 -------- d-----w- c:\program files\MagicDVDRipper

2009-09-24 10:17 . 2009-09-29 14:08 264144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-09-21 06:17 . 2009-09-21 06:17 -------- d-----w- c:\program files\iPod

2009-09-21 06:17 . 2009-09-21 06:17 -------- d-----w- c:\program files\iTunes

2009-09-21 06:17 . 2009-09-21 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-09-20 23:11 . 2009-09-20 23:11 170 ---ha-w- C:\aaw7boot.cmd

2009-09-19 04:55 . 2009-09-19 04:55 -------- d-----w- C:\CELLULOD

2009-09-19 04:52 . 2009-09-19 04:52 -------- d-----w- c:\documents and settings\Mark Hallam\Application Data\gtk-2.0

2009-09-19 04:48 . 2009-09-19 04:48 -------- d-----w- c:\documents and settings\Mark Hallam\.thumbnails

2009-09-19 04:40 . 2009-09-24 01:29 -------- d-----w- c:\documents and settings\Mark Hallam\.gimp-2.4

2009-09-19 04:39 . 2009-09-19 04:39 -------- d-----w- c:\program files\GIMP-2.0

2009-09-17 01:59 . 2009-09-17 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN

2009-09-17 01:59 . 2009-09-17 01:59 -------- d-----w- c:\program files\Garmin

2009-09-15 23:13 . 2009-09-15 23:13 -------- d-----w- c:\program files\Common Files\Logitech

2009-09-15 23:13 . 2009-09-15 23:13 -------- d-----w- c:\documents and settings\Mark Hallam\Local Settings\Application Data\Downloaded Installations

2009-09-09 08:38 . 2008-07-26 15:25 627864 ----a-r- c:\windows\system32\drivers\lvrs.sys

2009-09-09 08:38 . 2008-07-26 14:46 25974 ----a-r- c:\windows\system32\Repository.reg

2009-09-09 08:37 . 2008-07-26 15:26 4658584 ----a-r- c:\windows\system32\drivers\lvuvc.sys

2009-09-09 08:37 . 2008-07-26 15:26 465432 ----a-r- c:\windows\system32\LVUI2RC.dll

2009-09-09 08:37 . 2008-07-26 15:26 41752 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys

2009-09-09 08:37 . 2008-07-26 15:26 490008 ----a-r- c:\windows\system32\LVUI2.dll

2009-09-09 08:37 . 2008-07-26 15:23 195096 ----a-r- c:\windows\system32\lvci11801048.dll

2009-09-09 08:37 . 2008-07-26 15:23 416280 ----a-r- c:\windows\system32\lvcodec2.dll

2009-09-09 08:37 . 2008-07-26 15:26 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys

2009-09-09 08:36 . 2009-09-09 08:36 -------- d-----w- c:\documents and settings\Mark Hallam\Application Data\Leadertech

2009-09-09 08:35 . 2009-09-09 08:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd

2009-09-09 08:35 . 2009-09-09 08:37 -------- d-----w- c:\program files\Common Files\LogiShrd

2009-09-09 08:35 . 2009-09-09 08:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech

2009-09-08 19:13 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-29 14:45 . 2009-09-09 08:37 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-09-29 14:45 . 2009-09-09 08:37 0 ----a-w- c:\windows\system32\drivers\logiflt.iad

2009-09-29 13:42 . 2007-08-29 21:33 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin

2009-09-29 05:25 . 2009-03-13 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-09-28 11:36 . 2007-08-31 07:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2009-09-27 00:40 . 2007-09-01 23:37 -------- d-----w- c:\program files\Weatherzone Tracker

2009-09-24 02:33 . 2007-08-31 00:31 -------- d-----w- c:\program files\Logitech

2009-09-24 01:35 . 2009-08-03 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

2009-09-22 23:36 . 2008-07-22 03:24 -------- d-----w- c:\program files\Google

2009-09-21 06:17 . 2008-10-28 20:00 -------- d-----w- c:\program files\Common Files\Apple

2009-09-21 06:16 . 2007-09-25 02:04 -------- d-----w- c:\program files\QuickTime

2009-09-20 23:13 . 2007-08-31 07:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-20 23:13 . 2007-08-31 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-17 01:59 . 2007-10-11 06:50 -------- d-----w- c:\documents and settings\Mark Hallam\Application Data\GARMIN

2009-09-17 01:59 . 2009-01-25 07:21 -------- d-----w- c:\program files\DIFX

2009-09-09 17:08 . 2008-11-15 02:04 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 17:00 . 2008-04-01 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-09 08:36 . 2007-08-29 05:29 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-09-02 13:34 . 2008-02-07 00:23 -------- d-----w- c:\documents and settings\Mark Hallam\Application Data\Canon

2009-08-28 22:41 . 2009-08-27 23:35 -------- d-----w- c:\program files\Snow Tracker

2009-08-27 14:33 . 2009-08-27 14:33 -------- d-----w- c:\program files\Microsoft Research

2009-08-23 00:07 . 2009-08-23 00:07 -------- d-----w- c:\program files\Family Toolbar

2009-08-23 00:07 . 2009-07-06 01:28 -------- d-----w- c:\program files\MyHeritage

2009-08-19 14:48 . 2009-08-19 14:48 351248 ----a-w- c:\windows\system32\FTBSaver.scr

2009-08-17 16:10 . 2007-11-27 00:29 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:06 . 2007-11-27 00:29 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-17 16:06 . 2007-11-27 00:29 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-17 16:05 . 2008-04-02 00:28 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2008-04-02 00:28 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:04 . 2007-11-27 00:29 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2007-11-27 00:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:03 . 2007-11-27 00:29 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-17 16:02 . 2007-11-27 00:29 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-14 00:05 . 2008-04-14 00:50 -------- d-----w- c:\program files\IrfanView

2009-08-07 13:12 . 2009-08-07 13:12 30544 ----a-w- c:\windows\dirdib.drv

2009-08-07 13:12 . 2009-08-07 13:12 179958 ----a-w- c:\windows\macromix.dll

2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 00:25 . 2008-04-07 03:52 -------- d-----w- c:\program files\Java

2009-08-03 13:13 . 2007-08-28 14:04 120936 ----a-w- c:\documents and settings\Mark Hallam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-03 07:24 . 2009-06-15 00:43 -------- d-----w- c:\documents and settings\Mark Hallam\Application Data\Uniblue

2009-08-03 06:56 . 2009-08-03 06:56 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-08-03 06:19 . 2009-08-03 06:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B3ABAF49-C1FD-4E23-A5C8-1D0530D54991}

2009-08-03 06:19 . 2009-06-15 00:43 -------- d-----w- c:\program files\Uniblue

2009-08-03 06:19 . 2009-08-03 06:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B}

2009-08-03 06:18 . 2009-08-03 06:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}

2009-08-03 06:18 . 2009-08-03 06:18 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

2009-08-03 05:07 . 2009-08-03 05:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 05:07 . 2009-08-03 05:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2009-08-03 05:07 . 2008-12-31 06:04 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-07-29 01:35 . 2009-07-31 10:30 7367892 ----a-w- C:\Treds.msi

2009-07-24 19:23 . 2008-12-16 08:18 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 13:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2008-01-17 12:56 . 2008-02-05 10:45 774144 ------w- c:\program files\autostitch.exe

2009-02-10 02:56 . 2007-08-31 11:16 88 --sh--r- c:\windows\system32\EA6BA296AA.sys

2009-02-10 02:56 . 2007-08-31 11:16 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-07-17 06:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-04-02 1110016]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Weather Tracker3"="c:\program files\Weatherzone Tracker\weather_tracker.exe" [2009-07-17 2888403]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"UnibluePowerSuite"="c:\program files\Uniblue\PowerSuite\PowerSuite.exe" [2009-05-05 855848]

"Snow Tracker"="c:\program files\Snow Tracker\snow_tracker.exe" [2009-07-16 2840748]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-07-12 356352]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-23 7774208]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-23 81920]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-24 49152]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2007-11-19 1015808]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2009-01-14 113680]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-02-23 1622016]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632]

c:\documents and settings\Mark Hallam\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

OneNote Table Of Contents.onetoc2 [2009-5-5 3656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"

"OmniPage"=c:\program files\Caere\OmniPagePro90\opware32.exe

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"ShowIcon_The Company_CRW Series Driver v1.16e058"="c:\program files\CRW\shwicon.exe" -t"The Company\CRW Series Driver v1.16e058"

"UVS10 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe

"PCSuiteTrayApplication"=c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/05/2009 9:21 PM 64160]

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [5/10/2007 10:39 AM 149376]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/04/2008 10:28 AM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/04/2008 10:28 AM 20560]

R2 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [25/03/2009 4:11 PM 15976]

R3 BENDER;Pinnacle AV/DV2 Capture;c:\windows\system32\drivers\bender.sys [21/11/2006 1:34 PM 203264]

S2 gupdate1c9a39585cd08d2;Google Update Service (gupdate1c9a39585cd08d2);c:\program files\Google\Update\GoogleUpdate.exe [13/03/2009 2:38 PM 133104]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 5:06 AM 1028432]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]

S3 kwcxbus;Kyocera USB Composite Device driver (WDM);c:\windows\system32\drivers\kwcxbus.sys [31/08/2007 11:06 AM 52480]

S3 kwcxser;Kyocera High-Speed Wireless Modem Drivers;c:\windows\system32\drivers\kwcxser.sys [31/08/2007 11:06 AM 87104]

S3 VMHybrid;VMHybrid service;c:\windows\system32\DRIVERS\VMHybrid.sys --> c:\windows\system32\DRIVERS\VMHybrid.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 11:21]

2009-09-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2009-09-29 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-09-13 22:49]

2009-09-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-13 16:51]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:38]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 04:38]

2009-09-29 c:\windows\Tasks\User_Feed_Synchronization-{50F4B808-B6FE-4035-9721-581F276C4756}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/firefox

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://search.myheritage.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Mark Hallam\Application Data\Mozilla\Firefox\Profiles\bgwos5hy.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=

FF - component: c:\documents and settings\Mark Hallam\Application Data\Mozilla\Firefox\Profiles\bgwos5hy.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

FF - plugin: c:\documents and settings\Mark Hallam\Application Data\Mozilla\Firefox\Profiles\bgwos5hy.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

FF - plugin: c:\documents and settings\Mark Hallam\Application Data\Mozilla\plugins\npcoolirisplugin.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

pref(dom.disable_open_during_load, true);.

- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

HKCU-Run-Pareto_Update - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

HKCU-Run-UniblueSpeedUpMyPC - c:\program files\Uniblue\PowerSuite\Launcher.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-30 00:46

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,42,97,b1,7c,0f,

c6,0a,9a,c8,28,51,af,b0,29,a3,98,a0,00,59,0f,ef,d6,be,10,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,85,ad,84,aa,ba,

6f,71,d2,71,3b,04,66,8b,46,0d,96,90,2d,8d,37,10,69,7d,15,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,bd,4d,be,11,bb,

7c,39,0c,25,da,ec,7e,55,20,c9,26,7e,f4,69,b5,68,fc,36,4f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,90,0e,20,ad,d5,

4a,50,16,3e,1e,9e,e0,57,5a,93,61,2b,50,9d,36,eb,93,dd,e4,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,fa,3d,6d,51,6f,

89,bd,2d,cd,44,cd,b9,a6,33,6c,cd,9b,c3,86,da,20,07,af,0f,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,42,61,a7,02,38,

61,bf,8e,b0,18,ed,a7,3f,8d,37,a4,4c,78,14,05,5a,cb,e3,71,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,44,da,1b,1f,

8c,46,9d,31,77,e1,ba,b1,f8,68,02,43,59,5d,4d,0e,fe,d9,4e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,a8,05,18,fd,00,

81,52,8a,83,6c,56,8b,a0,85,96,ab,66,7c,8a,3d,f7,5f,cf,54,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,53,1f,20,1a,8e,

4a,0d,75,51,fa,6e,91,28,9e,14,cc,a9,18,ad,c5,75,66,81,30,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,e2,d8,a7,86,e6,

bf,90,38,b1,cd,45,5a,a8,c4,f8,b9,2b,7c,90,e5,92,e6,14,c4,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,c7,d0,ae,ec,1b,

7c,53,f2,e3,0e,66,d5,eb,bc,2f,6b,88,39,aa,42,65,b7,b9,75,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

"ThreadingModel"="Apartment"

@="c:\\WINDOWS\\system32\\OLE32.DLL"

"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,02,c7,68,f0,70,

9a,4f,ca,fa,ea,66,7f,d4,3b,6b,70,85,98,8a,6d,d7,cb,7c,bc,6c,43,2d,1e,aa,22,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(296)

c:\windows\system32\WININET.dll

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll

c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\brss01a.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\ATKKBService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\Brmfrmps.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PSIService.exe

c:\windows\system32\searchindexer.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

.

**************************************************************************

.

Completion time: 2009-09-29 0:52 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-29 14:52

Pre-Run: 11,041,656,832 bytes free

Post-Run: 14,816,645,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

423 --- E O F --- 2009-09-09 17:02

###############################################################################

COMPUTER 2

ComboFix 09-09-28.01 - Profeus 30/09/2009 2:54.1.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3582.2943 [GMT 10:00]

Running from: c:\documents and settings\Profeus\Desktop\Combo-Fix.exe

AV: avast! antivirus 4.8.1351 [VPS 090928-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Profeus\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65

c:\documents and settings\All Users\Start Menu\Programs\Hotbar

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\About Hotbar.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Games!.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Hotbar Videos!.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Reset Cursor.lnk

c:\documents and settings\All Users\Start Menu\Programs\Hotbar\Weather.lnk

c:\documents and settings\Profeus\Application Data\Hotbar

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\1.sdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\domains.txt

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\26656

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\423530

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\579123

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\TooltipXML\59221

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\dynamic\ustat\38b1.dat

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\ads.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans.idx

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\btntrans1.dat

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\business_promo.htm

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\buttondir.txt

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\components.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\cursors.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_1000.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_2000.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_3000.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bar.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_bbar1.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_logos.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_buttons_other.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\d_icons_weather.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\default.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_511745-514279.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz1.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz10.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz11.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz12.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz13.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz14.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz15.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz16.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz17.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz18.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz19.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz2.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz20.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz3.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz4.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz5.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz6.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz7.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz8.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_bidz9.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_categorize.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_comparison.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-Mails.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_explorer-people.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_favorites.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Games.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hide.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hotbarcom.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Hotmail.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_hsskin.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemster.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsterie.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jemsteruk.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_jobsearch.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_Mails.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_new.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_premium.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_reun.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_ringtones.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_SearchBoxTrapper.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchfor.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_searchgo.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_weather.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Default_yellowpages.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\editblbuttons.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-548964.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\email-def-511724-9595.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\email-t1-bg.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesmenu.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\gamesMenu.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\hb_ie_menu.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar-premium.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\hotbar_promo.htm

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\icons2.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_games_icon.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\ie_video.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords.idx

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\keywords1.dat

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\layout.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\linkpathlegal.txt

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\more.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\new_games.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\progress.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\s_icons_buttons.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\sales_buttons.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\sdfmodifier.xml

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\t2_bg.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\theweb.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\top7.cdf

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\Top7_theweb.mnu

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\tsd_bg.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\2\weathericon.res

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ads.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\BtnTrans1.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\business_promo.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\buttondir.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\cursors.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_1000.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_2000.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_3000.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bar.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_logos.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_buttons_other.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\d_icons_weather.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\default.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\editblbuttons.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\email-t1-bg.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\gamesmenu.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hb_ie_menu.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar-premium.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\hotbar_promo.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\icons2.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_games_icon.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\ie_video.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\keywords1.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\layout.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\linkpathlegal.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\more.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\progress.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\s_icons_buttons.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sales_buttons.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.txt

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\samplegroups2.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\sdfmodifier.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\t2_bg.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\top7.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\tsd_bg.xip

c:\documents and settings\Profeus\Application Data\Hotbar\v3.5\Hotbar\static\DownLoad\weathericon.xip

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\history

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\Weather_XML\Default

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\Weather_XML\Genera1

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\Weather_XML\General

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\WeatherDPA\Links

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Display

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\Loading

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\WeatherDPA\Weather_XML\screen2

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\WeatherDPA\WeatherPreferences

c:\documents and settings\Profeus\Application Data\Hotbar\Weather\WeatherStartup.xml

c:\documents and settings\Profeus\Application Data\Microsoft\Internet Explorer\Quick Launch\avast! Antivirus.lnk

c:\documents and settings\Profeus\Application Data\WeatherDPA

c:\documents and settings\Profeus\Local Settings\Temp\IadHide5.dll

c:\program files\Hotbar

c:\program files\Hotbar\bin\11.0.78.0\arrow.ico

c:\program files\Hotbar\bin\11.0.78.0\copyright.txt

c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\chrome.manifest

c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\components\npclntax.xpt

c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\install.rdf

c:\program files\Hotbar\bin\11.0.78.0\firefox\extensions\plugins\npclntax_HotbarSA.dll

c:\program files\Hotbar\bin\11.0.78.0\HotbarSAAX.dll

c:\program files\Hotbar\bin\11.0.78.0\HotbarSADF.exe

c:\program files\Hotbar\bin\11.0.78.0\HotbarSAHook.dll

c:\program files\Hotbar\bin\11.0.78.0\HotbarUninstaller.exe

c:\program files\Hotbar\bin\11.0.78.0\Srv.exe

c:\program files\Hotbar\bin\11.0.78.0\Weather.exe

c:\program files\Hotbar\bin\11.0.78.0\WeSkin.dll

c:\windows\msa.exe

c:\windows\msb.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))

.

2009-09-29 13:50 . 2009-09-29 13:50 0 ----a-r- c:\windows\win32k.sys

2009-09-28 07:40 . 2009-09-28 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft

2009-09-26 10:26 . 2009-09-26 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HotbarSA

2009-09-17 05:53 . 2008-10-28 07:03 31280 ----a-r- c:\windows\system32\drivers\vmusb.sys

2009-09-16 16:00 . 2009-09-24 09:29 -------- d-----w- c:\documents and settings\Profeus\Application Data\VMware

2009-09-16 14:54 . 2009-09-29 17:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware

2009-09-16 14:53 . 2008-10-28 07:03 55856 ----a-r- c:\windows\system32\vnetinst.dll

2009-09-16 14:53 . 2008-10-28 07:03 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys

2009-09-16 14:53 . 2008-10-28 13:08 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe

2009-09-16 14:53 . 2008-10-28 13:07 399920 ----a-w- c:\windows\system32\vmnat.exe

2009-09-16 14:53 . 2008-10-28 13:08 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys

2009-09-16 14:53 . 2008-10-28 07:03 50736 ----a-r- c:\windows\system32\vmnetbridge.dll

2009-09-16 14:53 . 2008-10-28 07:03 31280 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys

2009-09-16 14:53 . 2008-10-28 07:03 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys

2009-09-16 14:53 . 2008-10-28 13:08 723504 ----a-w- c:\windows\system32\vnetlib.dll

2009-09-16 14:53 . 2008-10-28 13:08 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys

2009-09-16 14:46 . 2009-09-29 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware

2009-09-16 14:45 . 2009-09-16 14:45 -------- d-----w- c:\program files\VMware

2009-09-16 11:46 . 2009-09-16 11:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-09-16 11:45 . 2009-09-16 11:45 -------- d-----w- c:\program files\Common Files\Apple

2009-09-16 11:45 . 2009-09-16 11:45 -------- d-----w- c:\documents and settings\Profeus\Local Settings\Application Data\Apple

2009-09-16 11:45 . 2009-09-16 11:45 -------- d-----w- c:\program files\Apple Software Update

2009-09-16 11:45 . 2009-09-16 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple

2009-09-16 11:44 . 2009-09-16 11:44 -------- d-----w- c:\documents and settings\Profeus\Local Settings\Application Data\Apple Computer

2009-09-16 11:41 . 2009-09-16 11:41 -------- d-----w- c:\program files\QuickTime

2009-09-09 07:58 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-09-02 14:46 . 2009-09-20 14:53 -------- d-----w- c:\program files\Windows Live Safety Center

2009-09-02 08:23 . 2009-09-02 08:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-29 16:45 . 2009-06-20 11:51 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin

2009-09-29 14:57 . 2009-08-02 14:52 657640 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2009-09-11 08:28 . 2009-06-27 19:11 -------- d-----w- c:\documents and settings\Profeus\Application Data\LimeWire

2009-09-09 09:10 . 2009-07-14 17:01 -------- d-----w- c:\program files\Microsoft Silverlight

2009-09-09 09:03 . 2009-06-20 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-09-01 15:46 . 2009-08-15 17:13 -------- d-----w- c:\documents and settings\Profeus\Application Data\PeaZip

2009-08-27 17:06 . 2009-06-20 12:07 -------- d-----w- c:\program files\Common Files\Logitech

2009-08-27 17:06 . 2009-06-20 06:08 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-24 14:43 . 2009-08-24 14:43 -------- d-----w- c:\program files\MSXML 4.0

2009-08-23 16:16 . 2009-08-23 16:16 -------- d-----w- c:\documents and settings\Profeus\Application Data\Ahead

2009-08-23 16:12 . 2009-08-23 16:11 -------- d-----w- c:\documents and settings\Profeus\Application Data\Nero

2009-08-23 15:57 . 2009-08-23 15:55 -------- d-----w- c:\program files\Common Files\Nero

2009-08-23 15:56 . 2009-08-23 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero

2009-08-19 16:21 . 2009-08-14 06:03 -------- d-----w- c:\documents and settings\Profeus\Application Data\Bioshock

2009-08-18 16:06 . 2009-07-28 05:28 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

2009-08-18 10:31 . 2009-08-17 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2009-08-17 16:10 . 2009-06-20 12:28 1279456 ----a-w- c:\windows\system32\aswBoot.exe

2009-08-17 16:06 . 2009-06-20 12:29 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-08-17 16:06 . 2009-06-20 12:29 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-08-17 16:05 . 2009-06-20 12:29 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-08-17 16:05 . 2009-06-20 12:29 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-08-17 16:04 . 2009-06-20 12:29 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-08-17 16:04 . 2009-06-20 12:29 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-08-17 16:03 . 2009-06-20 12:29 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-08-17 16:02 . 2009-06-20 12:29 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-08-17 10:22 . 2009-08-17 10:22 -------- d-----w- c:\documents and settings\Profeus\Application Data\Petroglyph

2009-08-17 07:30 . 2009-06-20 14:59 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-17 07:28 . 2009-08-17 07:28 -------- d-----w- c:\program files\Common Files\Adobe AIR

2009-08-17 06:15 . 2009-06-20 15:15 -------- d-----w- c:\documents and settings\Profeus\Application Data\AdobeUM

2009-08-14 05:23 . 2009-08-14 05:23 -------- d-----w- c:\documents and settings\Profeus\Application Data\Xfire

2009-08-13 03:12 . 2009-06-20 11:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat

2009-08-12 07:06 . 2009-07-28 05:10 -------- d-----w- c:\documents and settings\Profeus\Application Data\Uniblue

2009-08-12 07:05 . 2009-08-12 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-12 07:05 . 2009-08-12 07:04 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8A09CD83-59E1-4DB1-AAFC-E25174FC6706}

2009-08-06 13:10 . 2009-08-06 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard

2009-08-05 09:01 . 2001-08-18 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-05 07:18 . 2009-06-27 19:11 -------- d-----w- c:\program files\Java

2009-08-04 15:00 . 2009-08-04 15:00 229208 ----a-w- c:\windows\system32\drivers\VMM.sys

2009-08-03 06:00 . 2009-07-28 05:41 -------- d-----w- c:\program files\Uniblue

2009-08-03 05:00 . 2009-08-03 05:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{B3ABAF49-C1FD-4E23-A5C8-1D0530D54991}

2009-08-03 04:59 . 2009-08-03 04:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B}

2009-08-03 04:59 . 2009-08-03 04:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}

2009-08-03 04:59 . 2009-08-03 04:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

2009-08-02 06:30 . 2009-06-20 07:20 76192 ----a-w- c:\documents and settings\Profeus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-02 00:58 . 2009-06-20 12:24 -------- d-----w- c:\program files\MSBuild

2009-07-24 19:23 . 2009-06-27 19:11 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-17 19:01 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 13:43 . 2009-06-20 07:14 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:09 . 2001-08-18 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS SmartDoctor"="c:\program files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-11-22 1093632]

"LDM"="h:\programs\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-06-20 32768]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"CurseClient"="h:\programs\Curse\CurseClient.exe" [2009-07-30 1935360]

"UnibluePowerSuite"="h:\programs\Uniblue\PowerSuite\PowerSuite.exe" [2009-05-05 855848]

"Start WingMan Profiler"="h:\programs\Logitech\Profiler\lwemon.exe" [2006-07-05 60416]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GBB36X Configure"="c:\windows\System32\JMRaidTool.exe" [2006-07-12 356352]

"RemoteControl"="h:\programs\Power DVD 5.0\PDVDServ.exe" [2003-10-31 32768]

"Launch LGDCore"="h:\programs\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]

"Launch LCDMon"="h:\programs\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]

"GrooveMonitor"="h:\programs\Microsoft Office Ultimate 2007\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avast!"="h:\programs\AVASTA~1\ashDisp.exe" [2009-08-17 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-09 13758464]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-09 86016]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]

"Windows Defender"="h:\programs\Windows Defender\MSASCui.exe" [2006-11-03 866584]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"QuickTime Task"="h:\programs\QuickTime\qttask.exe" [2009-09-04 417792]

"vmware-tray"="h:\programs\VMware 6.5.1\VMware Workstation\vmware-tray.exe" [2008-10-28 96816]

"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-07-22 28160]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-09 1657376]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-21 16261632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech Desktop Messenger.lnk - h:\programs\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-6-20 450560]

Logitech SetPoint.lnk - h:\programs\Logitech\SetPoint\SetPoint.exe [2009-6-20 528384]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"h:\\Programs\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"h:\\Programs\\Microsoft Office Ultimate 2007\\Office12\\OUTLOOK.EXE"=

"h:\\Programs\\Microsoft Office Ultimate 2007\\Office12\\GROOVE.EXE"=

"h:\\Programs\\Microsoft Office Ultimate 2007\\Office12\\ONENOTE.EXE"=

"h:\\Programs\\Curse\\CurseClient.exe"=

"f:\\Juiced 2 - Hot Import Nights\\Juiced2_HIN.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"h:\\Programs\\Ventrilo\\Ventrilo.exe"=

"h:\\Programs\\LimeWire\\LimeWire.exe"=

"f:\\World of Warcraft\\BackgroundDownloader.exe"=

"f:\\World of Warcraft\\Launcher.exe"=

"f:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

"f:\\Star Ware - Empire At War\\GameData\\sweaw.exe"=

"f:\\Call of Duty\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

"f:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"h:\\Programs\\VMware 6.5.1\\VMware Workstation\\vmware-authd.exe"=

"f:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=

"f:\\Splinter Cell Collection\\Tom Clancy's Splinter Cell Double Agent\\SCDA-Offline\\System\\SplinterCell4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [4/07/2009 11:16 AM 11264]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20/06/2009 10:29 PM 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/06/2009 10:29 PM 20560]

R2 Uniblue DiskRescue;Uniblue DiskRescue;h:\programs\Uniblue\DiskRescue\UBDiskRescueSrv.exe [11/09/2008 1:22 AM 229648]

R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [28/10/2008 11:08 PM 54960]

R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]

R3 CAM1690;USB PC Camera ;c:\windows\system32\drivers\cam1690.sys [20/09/2007 6:03 PM 177280]

S2 WinDefend;Windows Defender;h:\programs\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DD410605-398F-24B0-35A5-4CA233F440FD}]

c:\windows\system32\updater.exe

.

Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2009-09-29 c:\windows\Tasks\MP Scheduled Scan.job

- h:\programs\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

2009-09-29 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-09-29 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2009-08-12 c:\windows\Tasks\Uniblue DiskRescue 2009.job

- h:\programs\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.online.cit.act.edu.au/

IE: E&xport to Microsoft Excel - h:\programs\MICROS~1\Office12\EXCEL.EXE/3000

LSP: h:\programs\VMware 6.5.1\VMware Workstation\vsocklib.dll

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - h:\programs\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-UniblueSpeedUpMyPC - c:\documents and settings\Profeus\Launcher.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-30 03:09

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-776561741-1383384898-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:78,20,46,43,b3,bb,aa,00,c6,92,b7,36,c5,0c,53,58,2b,a6,0d,a7,6b,55,88,

2c,11,11,2d,ab,91,6d,30,bb,4d,0f,c0,38,9f,f3,34,22,9c,25,26,ac,fd,3d,78,d3,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1004)

c:\windows\system32\WININET.dll

c:\docume~1\Profeus\LOCALS~1\Temp\IadHide5.dll

h:\programs\Logitech\SetPoint\GameHook.dll

h:\programs\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\program files\Windows Desktop Search\deskbar.dll

c:\program files\Windows Desktop Search\en-us\dbres.dll.mui

c:\program files\Windows Desktop Search\dbres.dll

c:\program files\Windows Desktop Search\wordwheel.dll

c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui

c:\program files\Windows Desktop Search\msnlExtRes.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

h:\programs\Microsoft Virtual PC 2007\VPCShExH.DLL

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

h:\programs\Microsoft Office Ultimate 2007\Office12\1033\GrooveIntlResource.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

h:\programs\Avast Anti-Virus\aswUpdSv.exe

h:\programs\Avast Anti-Virus\ashServ.exe

c:\windows\ATKKBService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\system32\vmnat.exe

c:\windows\system32\searchindexer.exe

h:\programs\VMware 6.5.1\VMware Workstation\vmware-authd.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

c:\windows\system32\vmnetdhcp.exe

h:\programs\Avast Anti-Virus\ashMaiSv.exe

h:\programs\Avast Anti-Virus\ashWebSv.exe

h:\programs\Logitech\G-series Software\Applets\LCDClock.exe

h:\programs\Logitech\G-series Software\Applets\LCDMedia.exe

c:\windows\system32\rundll32.exe

h:\programs\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

h:\programs\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\system32\searchprotocolhost.exe

c:\windows\system32\searchfilterhost.exe

.

**************************************************************************

.

Completion time: 2009-09-29 3:14 - machine was rebooted

ComboFix-quarantined-files.txt 2009-09-29 17:14

Pre-Run: 34,401,509,376 bytes free

Post-Run: 35,444,023,296 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

471 --- E O F --- 2009-09-22 08:22

###############################################################################

Curious though, if i wiped an started again would that fix the problem? Because I am considering doing so on my computer (COMPUTER 2), but my fathers computer (COMPUTER 1) cannot be wiped as it has a hell of a lot of programs and applications that he would have to re-install and is not happy bout the situation as it is. :)

Any help you could give me would be greatly appreciated, Thank you. :)

Regards,

Mike

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Well I'm sorry but since you have evidence of cracked or pirated software you're using on the system I have no choice but to close this thread now.

HiJack This! Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.