ComboFix 09-08-26.05 - daniel 08/26/2009 19:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.717 [GMT -4:00]
Running from: c:\users\daniel\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-3635493022-1987165414-2180967125-500
c:\users\daniel\AppData\Roaming\.#
c:\windows\Installer\baaa0.msi
c:\windows\run.log
c:\windows\system32\drivers\hjgruiegwxswvp.sys
c:\windows\system32\drivers\SKYNETafirxijp.sys
c:\windows\system32\drivers\SKYNETccmpfkar.sys
c:\windows\system32\drivers\UACuondnriyss.sys
c:\windows\system32\hjgruiblxgmhru.dat
c:\windows\system32\hjgruioxxkirun.dll
c:\windows\system32\hjgruitxekcequ.dll
c:\windows\system32\hjgruiuyttwvpj.dat
c:\windows\system32\SKYNETbnwiwtwk.dll
c:\windows\system32\SKYNETcbqpwxec.dll
c:\windows\system32\SKYNEThlbxmvxv.dll
c:\windows\system32\SKYNEThweaxgec.dat
c:\windows\system32\SKYNETmniieuxs.dat
c:\windows\system32\SKYNETrjymemst.dll
c:\windows\system32\UAChtbrxplmqdgqwqqqm.db
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruivyqohcnn
-------\Service_SKYNETpdenpbpi
-------\Service_UACd.sys
-------\Legacy_hjgruivyqohcnn
-------\Legacy_SKYNETpdenpbpi
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.
2009-08-26 23:10 . 2009-08-26 23:13 -------- d-----w- c:\users\daniel\AppData\Local\temp
2009-08-26 23:10 . 2009-08-26 23:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-26 07:00 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 06:39 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-26 06:39 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 22:59 . 2009-08-24 22:59 -------- d-----w- c:\windows\system32\EventProviders
2009-08-16 15:44 . 2009-08-19 00:39 -------- d-----w- c:\users\daniel\AppData\Roaming\DVD Flick
2009-08-16 15:43 . 2003-01-26 17:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-08-16 15:43 . 2009-08-16 15:43 -------- d-----w- c:\program files\DVD Flick
2009-08-16 15:32 . 2009-08-16 15:32 -------- d-----w- c:\programdata\NtiDvdCopy
2009-08-13 04:30 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-13 04:30 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-13 04:30 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-13 04:30 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-13 04:29 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-13 04:29 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-13 04:29 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-13 04:29 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-09 16:41 . 2009-08-09 16:41 -------- d-----w- c:\program files\Trend Micro
2009-08-09 16:06 . 2009-08-09 16:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 16:06 . 2009-08-09 16:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 13:42 . 2009-08-08 13:42 3942048 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 22:58 . 2009-07-15 01:46 -------- d-----w- c:\users\daniel\AppData\Roaming\SUPERAntiSpyware.com
2009-08-26 22:58 . 2009-07-15 01:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-26 15:14 . 2008-06-26 23:28 -------- d-----w- c:\programdata\Google Updater
2009-08-23 04:09 . 2008-05-03 02:00 -------- d-----w- c:\users\daniel\AppData\Roaming\LimeWire
2009-08-23 00:35 . 2008-05-05 03:14 2176 ----a-w- c:\users\daniel\AppData\Roaming\wklnhst.dat
2009-08-13 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-08 13:42 . 2009-07-15 03:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 01:56 . 2008-05-08 18:19 -------- d-----w- c:\programdata\iWin Games
2009-08-03 17:36 . 2009-07-15 03:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-07-15 03:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 16:06 . 2009-07-28 21:36 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 21:36 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 21:36 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-15 22:59 . 2009-07-15 22:59 -------- d-----w- c:\programdata\Citrix
2009-07-15 22:55 . 2009-07-15 22:55 -------- d-----w- c:\program files\Citrix
2009-07-15 04:21 . 2008-05-02 17:46 -------- d-----w- c:\programdata\McAfee
2009-07-15 03:55 . 2009-07-15 03:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-15 03:43 . 2009-07-15 03:43 -------- d-----w- c:\users\daniel\AppData\Roaming\Malwarebytes
2009-07-15 03:42 . 2009-07-15 03:42 -------- d-----w- c:\programdata\Malwarebytes
2009-07-15 02:05 . 2009-07-15 02:03 -------- d-----w- c:\programdata\Lavasoft
2009-07-15 02:04 . 2009-07-15 02:04 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-15 02:03 . 2009-07-15 02:03 -------- d-----w- c:\program files\Lavasoft
2009-07-15 01:26 . 2008-05-02 17:46 -------- d-----w- c:\program files\McAfee
2009-07-08 17:28 . 2009-07-15 02:04 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-07-03 14:49 . 2009-07-15 02:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-03 14:49 . 2009-07-15 02:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-03 12:32 . 2008-02-26 07:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 00:25 . 2008-05-18 04:07 -------- d-----w- c:\program files\DivX
2009-06-28 00:25 . 2009-06-28 00:25 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-27 21:57 . 2009-06-27 21:57 0 ----a-w- c:\windows\PowerReg.dat
2009-06-27 21:35 . 2009-06-27 21:35 294 ----a-w- c:\windows\EReg515.dat
2009-06-15 15:24 . 2009-07-15 05:14 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 05:14 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 05:14 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-15 05:14 289792 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Octoshape Streaming Services"="c:\users\daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-12 70936]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-01-23 34552]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-26 204908]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-23 4423680]
c:\users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RCA Detective.lnk - c:\users\daniel\Documents\RCA Detective\RCADetective.exe [2008-11-29 1070080]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DDECFC1A-943C-475A-86AC-067A006AEF12}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{EDFE95DC-538D-4A77-9F86-036EAF0F008C}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E9A58426-59F6-4D48-8290-41AC89E55B90}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{54DC87CE-21BD-4943-B7C3-8E63EBB4F7EC}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{A3B67C9E-41D7-4610-A176-CEE5758E2622}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{85B30592-2319-4109-8DA6-186FD76841D6}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{53A279C9-94CB-4A8A-A6EE-DDEA81D23602}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FBEEBDA8-BD89-48CB-B267-6A4A9B6C8BEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{475B3E77-EDDF-4BE8-9872-3EE2A2CCA3DC}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{74027377-7E08-40B5-9877-6232F2B5C24F}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{E33715D5-3E44-4CC4-9F02-4ECBF1025D1B}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{CE47B956-C137-46AA-8EBD-8937F47CB507}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{10DAFB14-8D9B-4B11-BB8D-0DC93F1163B4}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{3BE693F5-7130-4BC7-9A6C-4A6205845946}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{968871DE-8189-45BD-A9B4-9939E1B2BA14}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{2424BBFC-DA74-4FA1-A988-DA7C7CD15A56}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F77C497B-598A-4494-B8B9-4074CE1DC9BF}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{4D7F4FB9-FCAC-4947-9ECA-938A9813C3DB}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{F93CDEA8-93CF-45A0-803A-21C321D7755A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2A1D23DF-8141-4596-BDCA-85975CD101F9}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0D26CBDE-F852-4CA9-BB29-33886474D865}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BDACC12B-2C49-485F-AC6F-95C2F6CAF236}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0E6DF70C-7C01-4648-8E85-5D673F806E04}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{6BE6273C-A328-4717-B99E-07B86B5BEF98}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7/14/2009 10:05 PM 64160]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2/26/2008 4:09 AM 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [1/23/2008 4:33 PM 21752]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [12/9/2006 7:04 PM 128832]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [1/22/2008 8:46 PM 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [1/22/2008 8:45 PM 131072]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-08-26 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-26 18:50]
2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 14:53]
2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-26 14:53]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-Easy Dock - (no file)
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = tdsproxyarray.odvendor.net:8080
LSP: c:\program files\Microsoft Firewall Client 2004\FwcWsp.dll
FF - ProfilePath - c:\users\daniel\AppData\Roaming\Mozilla\Firefox\Profiles\0wdmvohn.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\daniel\AppData\Roaming\Mozilla\Firefox\Profiles\0wdmvohn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\daniel\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-26 19:12
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3635493022-1987165414-2180967125-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c1,17,5f,3d,c5,be,8e,9a,88,24,69,c2,80,21,b3,46,2d,5c,03,3d,34,e4,e7,
c4,7b,f4,39,2a,66,c2,32,43,f4,3c,82,34,1e,5d,b4,94,46,73,71,ee,eb,01,05,de,\
"??"=hex:41,8b,9d,4a,87,34,71,9c,63,67,c1,30,5c,9f,ea,7e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4064)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-08-26 19:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-26 23:16
Pre-Run: 107,933,261,824 bytes free
Post-Run: 107,244,843,008 bytes free
291 --- E O F --- 2009-08-26 07:01
DDS (Ver_09-07-30.01) - NTFSx86
Run by daniel at 19:30:30.18 on Wed 08/26/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.1055 [GMT -4:00]
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\ehome\ehtray.exe
C:\Users\daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Users\daniel\Documents\RCA Detective\RCADetective.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Users\daniel\Desktop\dds.scr
============== Pseudo HJT Report ===============
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = tdsproxyarray.odvendor.net:8080
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Octoshape Streaming Services] "c:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
StartupFolder: c:\users\daniel\appdata\roaming\micros~1\windows\startm~1\programs\startup\rcadet~1.lnk - c:\users\daniel\documents\rca detective\RCADetective.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft firewall client 2004\FwcMgmt.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\microsoft firewall client 2004\FwcWsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
================= FIREFOX ===================
FF - ProfilePath - c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\0wdmvohn.default\
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\users\daniel\appdata\roaming\mozilla\firefox\profiles\0wdmvohn.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\users\daniel\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-14 64160]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-2-26 269448]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-1-23 21752]
R2 FwcAgent;Firewall Client Agent;c:\program files\microsoft firewall client 2004\FwcAgent.exe [2006-12-9 128832]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-1-22 49152]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-1-22 131072]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
=============== Created Last 30 ================
2009-08-26 19:16 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-08-26 18:58 229,376 a------- c:\windows\PEV.exe
2009-08-26 18:58 161,792 a------- c:\windows\SWREG.exe
2009-08-26 18:58 98,816 a------- c:\windows\sed.exe
2009-08-26 03:00 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 02:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-26 02:39 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-24 18:59 <DIR> --d----- c:\windows\system32\EventProviders
2009-08-16 11:44 <DIR> --d----- c:\users\daniel\appdata\roaming\DVD Flick
2009-08-16 11:43 662,288 a------- c:\windows\system32\mscomct2.ocx
2009-08-16 11:43 609,824 a------- c:\windows\system32\comctl32.ocx
2009-08-16 11:43 212,240 a------- c:\windows\system32\richtx32.ocx
2009-08-16 11:43 164,144 a------- c:\windows\system32\comct232.ocx
2009-08-16 11:43 40,960 a------- c:\windows\system32\ssubtmr6.dll
2009-08-16 11:43 36,864 a------- c:\windows\system32\trayicon_handler.ocx
2009-08-16 11:43 28,672 a------- c:\windows\system32\mousewheel.ocx
2009-08-16 11:43 <DIR> --d----- c:\program files\DVD Flick
2009-08-16 11:32 <DIR> --d----- c:\programdata\NtiDvdCopy
2009-08-16 11:32 <DIR> --d----- c:\progra~2\NtiDvdCopy
2009-08-13 00:30 71,680 a------- c:\windows\system32\atl.dll
2009-08-13 00:30 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-13 00:30 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-13 00:30 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-13 00:29 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-13 00:29 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-13 00:29 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-13 00:29 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-13 00:29 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-13 00:29 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-13 00:29 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-09 12:41 <DIR> --d----- c:\program files\Trend Micro
2009-08-09 12:21 960 a------- c:\windows\wininit.ini
2009-08-09 12:06 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-08-09 12:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-09 12:06 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-07-28 17:35 1,383,424 a------- c:\windows\system32\mshtml.tlb
==================== Find3M ====================
2009-08-22 20:35 2,176 a------- c:\users\daniel\appdata\roaming\wklnhst.dat
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-18 12:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 12:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 05:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-03 10:49 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-03 10:49 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-15 11:24 156,672 a------- c:\windows\system32\t2embed.dll
2009-06-15 11:20 72,704 a------- c:\windows\system32\fontsub.dll
2009-06-15 11:20 10,240 a------- c:\windows\system32\dciman32.dll
2009-06-15 08:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-06-05 08:34 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-06-05 08:33 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-06-05 08:33 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-06-05 08:33 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2008-12-08 21:54 51,200 a------- c:\windows\inf\infpub.dat
2008-12-08 21:53 86,016 a------- c:\windows\inf\infstrng.dat
2008-12-08 21:53 86,016 a------- c:\windows\inf\infstor.dat
2008-06-11 03:08 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 19:30:48.76 ===============