win32 avast trojan,
i am posting my log hoping that someone can help me to rid of this virus.
only avast alerted me, but cannot delete it.. help please..
ComboFix 08-05-28.4 - paul and penny 2008-05-29 22:17:08.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.973 [GMT 1:00]
Running from: C:\Users\paul and penny\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-28 23:18 . 2008-05-28 23:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 22:15 . 2008-05-28 12:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-27 16:40 . 2008-05-29 15:05 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\Users\All Users\avg8
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\ProgramData\avg8
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\Program Files\AVG
2008-05-27 16:40 . 2008-05-27 16:40 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-27 16:40 . 2008-05-27 16:40 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-27 16:40 . 2008-05-27 16:40 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-27 16:28 . 2008-05-27 16:28 <DIR> d-------- C:\PerfLogs
2008-05-27 16:20 . 2008-05-27 20:43 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-05-27 16:07 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-27 16:06 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-27 16:05 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-27 16:05 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-27 16:05 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-27 16:05 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-27 16:05 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-27 16:05 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-27 16:05 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-27 16:05 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-27 16:05 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-26 23:11 . 2008-05-26 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 14:28 . 2008-05-16 14:28 <DIR> d-------- C:\Program Files\bfgclient
2008-05-16 14:27 . 2008-05-16 14:34 <DIR> d-------- C:\BigFishGamesCache
2008-05-15 14:31 . 2008-05-15 14:31 <DIR> d-------- C:\Users\All Users\HipSoft
2008-05-15 14:31 . 2008-05-15 14:31 <DIR> d-------- C:\ProgramData\HipSoft
2008-05-09 15:00 . 2008-05-09 15:00 <DIR> d-------- C:\Users\paul and penny\AppData\Roaming\Template
2008-05-09 14:59 . 2008-05-09 14:59 0 --a------ C:\Users\paul and penny\AppData\Roaming\wklnhst.dat
2008-05-04 22:51 . 2008-05-04 22:59 <DIR> d-------- C:\Program Files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:51 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Ashampoo
2008-05-28 21:51 --------- d-----w C:\Program Files\Ashampoo
2008-05-27 15:36 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Calendar
2008-05-27 15:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 15:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-25 18:40 --------- d-----w C:\Program Files\Google
2008-05-25 14:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 14:34 --------- d-----w C:\Users\paul and penny\AppData\Roaming\LimeWire
2008-05-19 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-19 13:07 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-16 14:09 --------- d---a-w C:\ProgramData\TEMP
2008-05-15 12:36 --------- d-----w C:\Users\paul and penny\AppData\Roaming\iWin
2008-05-15 12:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:15 --------- d-----w C:\Program Files\a-squared Free
2008-05-07 20:21 --------- d-----w C:\Users\paul and penny\AppData\Roaming\CyberLink
2008-05-07 20:21 --------- d-----w C:\ProgramData\CyberLink
2008-04-29 21:08 --------- d-----w C:\Program Files\LimeWire
2008-04-27 20:14 --------- d--h--w C:\ProgramData\CanonBJ
2008-04-26 22:23 --------- d-----w C:\Program Files\GameHouse
2008-04-21 17:40 --------- d-----w C:\Users\paul and penny\AppData\Roaming\My Games
2008-04-20 19:35 --------- d-----w C:\Users\paul and penny\AppData\Roaming\GameHouse
2008-04-19 22:10 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-04-19 21:51 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Business Logic
2008-04-14 17:15 --------- d-----w C:\ProgramData\MumboJumbo
2008-04-12 19:38 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Ashampoo Photo Commander 5
2008-04-11 13:37 --------- d-----w C:\Program Files\Java
2008-04-07 14:48 --------- d-----w C:\Program Files\Rainforest Adventure
2008-04-07 14:47 --------- d-----w C:\Program Files\ReflexiveArcade
2008-04-06 17:11 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Comodo
2008-04-06 15:20 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-04-06 15:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-06 15:19 --------- d-----w C:\Users\paul and penny\AppData\Roaming\SUPERAntiSpyware.com
2008-04-06 00:06 --------- d-----w C:\ProgramData\Oberonv1005
2008-04-06 00:05 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-04-06 00:05 --------- d-----w C:\Program Files\Acer GameZone
2008-04-04 09:52 --------- d-----w C:\ProgramData\JollyBear
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( [email protected]_15.27.37.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 14:03:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 19:12:29 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-29 14:03:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-29 19:12:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-29 14:03:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-29 19:12:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 14:05:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 19:14:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 19:14:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 14:05:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 19:14:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 19:14:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-27 16:00:22 267,840 ----a-w C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe
- 2008-05-29 14:04:15 2,566 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-18.dat
+ 2008-05-29 21:12:43 2,566 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-18.dat
- 2008-05-29 14:04:31 6,438 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-21-1308273410-1801416135-2575181663-1000.dat
+ 2008-05-29 21:12:43 6,438 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-21-1308273410-1801416135-2575181663-1000.dat
- 2008-05-29 14:26:49 712,008 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-05-29 21:19:49 710,872 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
- 2008-05-29 14:10:56 105,852 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-29 19:19:54 105,852 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-29 14:10:56 600,378 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-29 19:19:54 600,378 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-29 14:05:43 9,726 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1308273410-1801416135-2575181663-1000_UserData.bin
+ 2008-05-29 19:14:12 9,892 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1308273410-1801416135-2575181663-1000_UserData.bin
- 2008-05-29 14:05:43 74,216 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 19:14:11 74,304 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 14:05:42 59,268 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 19:14:10 59,482 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 08:33 227840]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-27 16:40 1177368]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 23:54 5361464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^paul and penny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 12:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]
--a------ 2007-08-11 16:50 331264 C:\Program Files\NetMeter\NetMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
--a------ 2006-11-02 10:45 44544 C:\Windows\System32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"="rundll32.exe" oobefldr.dll,ShowWelcomeCenter
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"Persistence"=C:\Windows\system32\igfxpers.exe
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{55FA8D98-00EE-46D4-80F6-B2FE8E7C8C8D}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{EF222906-87A4-4828-9F6B-D7BB099B5C73}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4C9D47C0-EEF7-4203-8B67-FB56A04C48B9}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1055584B-7CE5-4C0D-85DF-5830B30182F0}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
V Wizard
"{B865A331-0198-4E67-8AB0-0829040F707B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFF9EBCC-F1FB-45DC-A85F-F986FB6DFA59}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8B4F0E4-2EFF-4FAC-95E1-EB10BD1B3C56}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exeVDivine
"{A2237169-D933-402C-963B-FFFF852B5BCD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exelay Movie
"{9C547A9B-6F2D-42BC-A42F-17947F1C78D4}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exelay Movie Resident Program
"{C0FD34BA-713B-4FE6-BF21-A38C72E13778}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{966E0273-75CA-4E04-8847-D0CAA5DEB2E4}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{EC9C71A9-5DFC-435B-B86C-024BF88FFA28}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{EC6C9BF7-6FFD-4C10-BDB2-0C8ABFFFFE1C}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{DC73115F-36F9-4580-ACE4-5DD10F5C226F}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"{66ACBBA3-BE89-4861-889A-7BA26A16F144}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D6237C54-8E77-4C4B-A61A-20F5F7AD43C2}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-26 00:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-26 00:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-26 00:34]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\Windows\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-27 16:40]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-03 00:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 22:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-27 16:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-27 16:40]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-26 00:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 23:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 22:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 20:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-17 06:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-27 16:40]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660debcf-6929-11dc-844a-806e6f6e6963}]
\shell\AutoRun\command - E:\Msetup4.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 21:00:00 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 22:19:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-29 22:21:09
ComboFix-quarantined-files.txt 2008-05-29 21:21:01
ComboFix2.txt 2008-05-29 14:46:15
ComboFix3.txt 2008-05-29 14:28:08
Pre-Run: 29,543,694,336 bytes free
Post-Run: 29,512,417,280 bytes free
259 --- E O F --- 2008-05-29 19:21:56
only avast alerted me, but cannot delete it.. help please..
ComboFix 08-05-28.4 - paul and penny 2008-05-29 22:17:08.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.973 [GMT 1:00]
Running from: C:\Users\paul and penny\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 )))))))))))))))))))))))))))))))
.
2008-05-28 23:18 . 2008-05-28 23:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-27 22:15 . 2008-05-28 12:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-27 16:40 . 2008-05-29 15:05 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\Users\All Users\avg8
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\ProgramData\avg8
2008-05-27 16:40 . 2008-05-27 16:40 <DIR> d-------- C:\Program Files\AVG
2008-05-27 16:40 . 2008-05-27 16:40 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-05-27 16:40 . 2008-05-27 16:40 67,080 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-05-27 16:40 . 2008-05-27 16:40 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-05-27 16:28 . 2008-05-27 16:28 <DIR> d-------- C:\PerfLogs
2008-05-27 16:20 . 2008-05-27 20:43 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2008-05-27 16:07 . 2008-01-19 08:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-05-27 16:06 . 2008-01-19 07:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-05-27 16:05 . 2008-01-19 08:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-05-27 16:05 . 2008-01-19 08:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-05-27 16:05 . 2008-01-19 08:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-05-27 16:05 . 2008-01-19 08:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-05-27 16:05 . 2008-01-19 08:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-05-27 16:05 . 2008-01-19 08:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-05-27 16:05 . 2008-01-19 08:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-05-27 16:05 . 2008-01-19 08:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-05-27 16:05 . 2008-01-19 08:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-05-26 23:11 . 2008-05-26 23:11 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-16 14:28 . 2008-05-16 14:28 <DIR> d-------- C:\Program Files\bfgclient
2008-05-16 14:27 . 2008-05-16 14:34 <DIR> d-------- C:\BigFishGamesCache
2008-05-15 14:31 . 2008-05-15 14:31 <DIR> d-------- C:\Users\All Users\HipSoft
2008-05-15 14:31 . 2008-05-15 14:31 <DIR> d-------- C:\ProgramData\HipSoft
2008-05-09 15:00 . 2008-05-09 15:00 <DIR> d-------- C:\Users\paul and penny\AppData\Roaming\Template
2008-05-09 14:59 . 2008-05-09 14:59 0 --a------ C:\Users\paul and penny\AppData\Roaming\wklnhst.dat
2008-05-04 22:51 . 2008-05-04 22:59 <DIR> d-------- C:\Program Files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 21:51 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Ashampoo
2008-05-28 21:51 --------- d-----w C:\Program Files\Ashampoo
2008-05-27 15:36 174 --sha-w C:\Program Files\desktop.ini
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Mail
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Journal
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Defender
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-27 15:29 --------- d-----w C:\Program Files\Windows Calendar
2008-05-27 15:17 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-27 15:17 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-25 18:40 --------- d-----w C:\Program Files\Google
2008-05-25 14:44 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-25 14:34 --------- d-----w C:\Users\paul and penny\AppData\Roaming\LimeWire
2008-05-19 13:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-19 13:07 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-16 14:09 --------- d---a-w C:\ProgramData\TEMP
2008-05-15 12:36 --------- d-----w C:\Users\paul and penny\AppData\Roaming\iWin
2008-05-15 12:21 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 20:15 --------- d-----w C:\Program Files\a-squared Free
2008-05-07 20:21 --------- d-----w C:\Users\paul and penny\AppData\Roaming\CyberLink
2008-05-07 20:21 --------- d-----w C:\ProgramData\CyberLink
2008-04-29 21:08 --------- d-----w C:\Program Files\LimeWire
2008-04-27 20:14 --------- d--h--w C:\ProgramData\CanonBJ
2008-04-26 22:23 --------- d-----w C:\Program Files\GameHouse
2008-04-21 17:40 --------- d-----w C:\Users\paul and penny\AppData\Roaming\My Games
2008-04-20 19:35 --------- d-----w C:\Users\paul and penny\AppData\Roaming\GameHouse
2008-04-19 22:10 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner
2008-04-19 21:51 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Business Logic
2008-04-14 17:15 --------- d-----w C:\ProgramData\MumboJumbo
2008-04-12 19:38 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Ashampoo Photo Commander 5
2008-04-11 13:37 --------- d-----w C:\Program Files\Java
2008-04-07 14:48 --------- d-----w C:\Program Files\Rainforest Adventure
2008-04-07 14:47 --------- d-----w C:\Program Files\ReflexiveArcade
2008-04-06 17:11 --------- d-----w C:\Users\paul and penny\AppData\Roaming\Comodo
2008-04-06 15:20 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-04-06 15:20 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-06 15:19 --------- d-----w C:\Users\paul and penny\AppData\Roaming\SUPERAntiSpyware.com
2008-04-06 00:06 --------- d-----w C:\ProgramData\Oberonv1005
2008-04-06 00:05 --------- d-----w C:\Program Files\Common Files\Oberon Media
2008-04-06 00:05 --------- d-----w C:\Program Files\Acer GameZone
2008-04-04 09:52 --------- d-----w C:\ProgramData\JollyBear
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( [email protected]_15.27.37.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 14:03:06 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 19:12:29 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-29 14:03:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-29 19:12:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-29 14:03:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-29 19:12:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-29 14:05:50 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 19:14:52 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 19:14:52 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 14:05:45 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 19:14:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 19:14:58 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-27 16:00:22 267,840 ----a-w C:\Windows\SoftwareDistribution\Download\Install\mpas-d.exe
- 2008-05-29 14:04:15 2,566 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-18.dat
+ 2008-05-29 21:12:43 2,566 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-18.dat
- 2008-05-29 14:04:31 6,438 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-21-1308273410-1801416135-2575181663-1000.dat
+ 2008-05-29 21:12:43 6,438 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\S-1-5-21-1308273410-1801416135-2575181663-1000.dat
- 2008-05-29 14:26:49 712,008 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
+ 2008-05-29 21:19:49 710,872 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat
- 2008-05-29 14:10:56 105,852 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-29 19:19:54 105,852 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-29 14:10:56 600,378 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-29 19:19:54 600,378 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-29 14:05:43 9,726 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1308273410-1801416135-2575181663-1000_UserData.bin
+ 2008-05-29 19:14:12 9,892 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1308273410-1801416135-2575181663-1000_UserData.bin
- 2008-05-29 14:05:43 74,216 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 19:14:11 74,304 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-29 14:05:42 59,268 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 19:14:10 59,482 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 23:49 151552]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 08:33 227840]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-27 16:40 1177368]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 23:54 5361464]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Users^paul and penny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 12:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]
--a------ 2007-08-11 16:50 331264 C:\Program Files\NetMeter\NetMeter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
--a------ 2006-11-02 10:45 44544 C:\Windows\System32\rundll32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"="rundll32.exe" oobefldr.dll,ShowWelcomeCenter
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"Persistence"=C:\Windows\system32\igfxpers.exe
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{55FA8D98-00EE-46D4-80F6-B2FE8E7C8C8D}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{EF222906-87A4-4828-9F6B-D7BB099B5C73}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4C9D47C0-EEF7-4203-8B67-FB56A04C48B9}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1055584B-7CE5-4C0D-85DF-5830B30182F0}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
V Wizard"{B865A331-0198-4E67-8AB0-0829040F707B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFF9EBCC-F1FB-45DC-A85F-F986FB6DFA59}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D8B4F0E4-2EFF-4FAC-95E1-EB10BD1B3C56}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe
VDivine"{A2237169-D933-402C-963B-FFFF852B5BCD}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe
lay Movie"{9C547A9B-6F2D-42BC-A42F-17947F1C78D4}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
lay Movie Resident Program"{C0FD34BA-713B-4FE6-BF21-A38C72E13778}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{966E0273-75CA-4E04-8847-D0CAA5DEB2E4}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{EC9C71A9-5DFC-435B-B86C-024BF88FFA28}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"TCP Query User{EC6C9BF7-6FFD-4C10-BDB2-0C8ABFFFFE1C}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{DC73115F-36F9-4580-ACE4-5DD10F5C226F}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"{66ACBBA3-BE89-4861-889A-7BA26A16F144}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D6237C54-8E77-4C4B-A61A-20F5F7AD43C2}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-26 00:34]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-26 00:34]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-26 00:34]
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\Windows\system32\Drivers\SSFS0BB8.SYS [2007-07-19 23:42]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-05-27 16:40]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-03 00:51]
R2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 22:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-27 16:40]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-27 16:40]
R2 eDataSecurity Service;eDataSecurity Service;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-26 00:34]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 23:00]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 22:05]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 20:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-17 06:15]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 06:23]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-18 11:03]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-05-27 16:40]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 09:57]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 17:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{660debcf-6929-11dc-844a-806e6f6e6963}]
\shell\AutoRun\command - E:\Msetup4.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 21:00:00 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 22:19:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-29 22:21:09
ComboFix-quarantined-files.txt 2008-05-29 21:21:01
ComboFix2.txt 2008-05-29 14:46:15
ComboFix3.txt 2008-05-29 14:28:08
Pre-Run: 29,543,694,336 bytes free
Post-Run: 29,512,417,280 bytes free
259 --- E O F --- 2008-05-29 19:21:56
