Virtumonde.sdn Need Assistance Please May be from P2P
Hello
I am running OS Windows Vista. I have already started with HJT and Combofix from bleeping computer.com.
The Spybot S&D 1.6.2 finds and eliminates Virtumonde.sdn, but it returns just as fast.
I suspect that when I downloaded Bit Torrent that I got this problem.
On the reports the x3watch is a accountability program for a issue I have and should not be the problem.
In this post I will put the HJT report. Then the next post I will put the Combofix report. Thanks
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:55 PM, on 6/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\X3watch\x3watch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Landon\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
D:\Realplayer dl\RealPlay.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/yco...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ixquick.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Realplayer dl\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: IXQUICKTB - {C5CAA6CD-8EE4-40a3-92E0-385561406C50} - C:\PROGRA~1\IXQUIC~1\tbu07925\ix_quick.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Ixquick Toolbar - {70F241F6-52AB-4D45-993E-C1C09920095B} - C:\Program Files\Ixquick Toolbar\tbu07925\ix_quick.dll
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LaunchList] D:Pinnacle\Studio 10\LaunchList.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "D:Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [x3watch] C:\Program Files\X3watch\x3watch.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Landon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10742 bytes
Virtumonde.sdn Need Assistance combo fix report
ComboFix 09-06-18.02 - Landon 06/18/2009 23:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1013.357 [GMT -5:00]
Running from: c:\users\Landon\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2787322657-2932596189-1710620633-500
c:\$recycle.bin\S-1-5-21-2787322657-2932596189-1710620633-500\desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-19 04:06 . 2009-06-19 04:06 -------- d-----w- c:\program files\Trend Micro
2009-06-19 03:51 . 2009-06-19 03:59 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-06-19 02:59 . 2009-06-19 02:59 -------- d-----w- c:\users\Landon\AppData\Roaming\Bullzip
2009-06-14 22:32 . 2009-05-19 06:36 2884832 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
2009-06-14 22:32 . 2009-05-19 06:36 28 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unregister.bat
2009-06-14 22:32 . 2009-05-19 06:36 30512 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\Uninstaller.exe
2009-06-14 22:32 . 2009-05-19 06:35 376568 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\unagi3.exe
2009-06-14 22:32 . 2009-05-19 06:36 1484856 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\toolbar.exe
2009-06-04 04:49 . 2009-06-04 04:49 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-02 03:49 . 2009-06-19 02:35 -------- d-----w- c:\program files\DNA
2009-05-22 03:38 . 2009-05-22 03:38 -------- d-----w- c:\programdata\Digsby
2009-05-22 03:31 . 2009-05-22 03:38 -------- d-----w- c:\users\Landon\AppData\Local\Digsby
2009-05-22 03:31 . 2009-05-22 03:38 -------- d-----w- c:\users\Landon\AppData\Roaming\Digsby
2009-05-20 23:19 . 2009-05-20 23:19 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 03:59 . 2008-06-13 14:50 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-06-09 03:18 . 2008-05-16 19:09 -------- d-----w- c:\users\Landon\AppData\Roaming\Skype
2009-06-08 22:18 . 2008-05-16 19:11 -------- d-----w- c:\users\Landon\AppData\Roaming\skypePM
2009-06-04 04:49 . 2008-06-10 18:32 -------- d-----w- c:\program files\Common Files\Real
2009-06-01 02:15 . 2008-06-23 23:38 -------- d-----w- c:\users\Landon\AppData\Roaming\Hoyle Puzzle and Board Games
2009-05-22 10:52 . 2007-06-12 18:02 56680 ----a-w- c:\windows\system32\rpcnet.exe
2009-05-21 03:48 . 2009-05-16 02:42 -------- d-----w- c:\program files\a-squared HiJackFree
2009-05-19 06:36 . 2009-06-14 22:31 25 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\register.bat
2009-05-19 06:36 . 2009-06-14 22:31 97072 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\bsetutil.exe
2009-05-19 06:36 . 2009-06-14 22:31 142040 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\alsetup.exe
2009-05-19 06:36 . 2009-06-14 22:31 111920 ------w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\AOLSearch.dll
2009-05-17 19:06 . 2008-07-16 22:01 -------- d-----w- c:\users\Landon\AppData\Roaming\Hoyle Casino
2009-05-15 20:49 . 2009-05-15 20:48 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-14 20:07 . 2009-05-14 20:07 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-05-13 21:37 . 2007-07-26 03:06 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 21:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-09 03:02 . 2009-05-09 03:02 -------- d-----w- c:\program files\Bullzip
2009-05-07 22:10 . 2007-07-26 01:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-05 21:10 . 2009-05-05 21:09 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-05 21:10 . 2009-05-05 21:09 -------- d-----w- c:\program files\iTunes
2009-05-05 21:09 . 2009-05-05 21:09 -------- d-----w- c:\program files\iPod
2009-05-05 21:09 . 2008-08-13 21:22 -------- d-----w- c:\program files\Common Files\Apple
2009-05-05 21:05 . 2009-05-05 21:05 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-26 07:11 . 2008-09-28 17:07 -------- d-----w- c:\program files\Winamp
2009-04-26 06:21 . 2008-06-13 14:51 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-04-26 06:21 . 2008-03-26 23:10 -------- d-----w- c:\program files\McAfee
2009-04-23 00:53 . 2009-05-09 03:02 194560 ----a-w- c:\windows\system32\bzpdf.dll
2009-03-25 22:55 . 2008-01-22 01:43 33280 ----a-w- c:\windows\system32\identprv.dll
2008-07-24 02:04 . 2008-07-24 02:05 774144 ----a-w- c:\program files\RngInterstitial.dll
2002-07-26 23:02 . 2008-11-08 02:57 153088 ----a-w- c:\program files\UNWISE.EXE
.
------- Sigcheck -------
[-] 2008-01-19 07:33 21504 3794B461C45882E06856F282EEF025AF c:\windows\System32\svchost.exe
[-] 2006-11-02 09:45 22016 10DA15933D582D2FEDCF705EFE394B09 c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[-] 2008-01-19 07:33 21504 3794B461C45882E06856F282EEF025AF c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[-] 2008-01-19 07:36 627200 B974D9F06DC7D1908E825DC201681269 c:\windows\System32\user32.dll
[-] 2006-11-02 09:46 633856 E698A5437B89A285ACA3FF022356810A c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[-] 2007-07-26 02:11 633856 63B4F59D7C89B1BF5277F1FFEFD491CD c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[-] 2007-07-26 02:11 633856 9D9F061EDA75425FC67F0365E3467C86 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[-] 2008-01-19 07:36 627200 B974D9F06DC7D1908E825DC201681269 c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[-] 2008-01-19 07:37 179200 B304D47D5744BA20FCB99FB8B2C07B0B c:\windows\System32\ws2_32.dll
[-] 2006-11-02 09:46 178688 D99A071C1018BB3D4ABAAD4B62048AC2 c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6000.16386_none_f080eec6d16af4f0\ws2_32.dll
[-] 2008-01-19 07:37 179200 B304D47D5744BA20FCB99FB8B2C07B0B c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll
[-] 2009-03-03 04:40 827392 6E115E2D3FAE5077A361A5BCE78FF170 c:\windows\System32\wininet.dll
[-] 2006-11-02 09:46 822272 214A456AADCC7DD1B36E2287BA71A9CA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16386_none_ffb23181a4e80112\wininet.dll
[-] 2007-07-26 02:15 822784 7DBB98EBB2D267ACF9E6BC04AEC6CBF3 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16448_none_ffdf73aba4c5c123\wininet.dll
[-] 2007-07-26 02:20 822784 9C1C977FA682D428C7133CF29013211B c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16473_none_ffba0275a4e29643\wininet.dll
[-] 2008-03-27 23:30 824832 0AD9BE4F82F0389EC9B8A58F2FD16442 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16609_none_000bb771a4a46504\wininet.dll
[-] 2008-04-09 22:09 826368 DAEED2799D4D19F955C3E90B22A1E91E c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16643_none_ffda7605a4ca3cbe\wininet.dll
[-] 2008-04-25 04:23 826368 9191790BF02A8D759EC2B4E4FA868407 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16681_none_ffad35c1a4ec79d4\wininet.dll
[-] 2008-06-27 03:54 826368 E74D932CA7B3DA8CDB7A5F11F5A03ABC c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16711_none_fff8e71ba4b3b364\wininet.dll
[-] 2008-10-02 03:49 826368 8BF7D225505A4ADA25D9444E91811CEA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16757_none_ffd3a927a4cebb32\wininet.dll
[-] 2008-10-16 04:40 826368 F18C1B151A0B18C35BF0919A9BA0FA0F c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16764_none_ffc5d85da4d98b1e\wininet.dll
[-] 2009-01-15 04:16 826368 FF35D495AC08549154D1D96990513CD9 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16809_none_000bbb3da4a45f52\wininet.dll
[-] 2009-03-03 04:20 826368 BA68744F8FE1BAAC35362F18774972A3 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.16830_none_ffe248dfa4c4cf16\wininet.dll
[-] 2007-07-26 02:15 823296 1EA5200F3D45EFDFC25F630A52DDF9E5 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20547_none_0068102cbde44796\wininet.dll
[-] 2007-07-26 02:20 823808 355F1F19DAAD8F769936752F993EA8BF c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20583_none_0038cf54be0851fe\wininet.dll
[-] 2008-03-27 23:30 825344 39FBDEC53D5F7C5F4B7C35B9B1926A0F c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20734_none_006fe306bdded9ee\wininet.dll
[-] 2008-04-09 22:09 827392 F7FF1E0D443788D6AE4CBCA593530099 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20777_none_0047a434bdfc95b7\wininet.dll
[-] 2008-04-25 04:09 827392 F40594128A6BFDA6C3F0900796895078 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20823_none_0079b48ebdd7a1cd\wininet.dll
[-] 2008-06-27 03:49 827904 AE7150C0696C656D02FDD48259F4EFF5 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20868_none_00537650bdf39044\wininet.dll
[-] 2008-10-02 03:30 827904 C85EF7DE97ABBF00B16AD11EDFEAC637 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20927_none_007db79cbdd40450\wininet.dll
[-] 2008-10-16 04:24 827904 622FE627D15DD920238A993021F0A4D1 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20937_none_0072e7b0bddc2041\wininet.dll
[-] 2009-01-15 04:19 827904 65647F41CEC0C8EEC9DF5BC1168EC76C c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.20996_none_003107debe0dae90\wininet.dll
[-] 2009-03-03 04:18 828416 88B57405AC5B2BF513069086F8963635 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.21023_none_00798e96bdd7d236\wininet.dll
[-] 2008-01-19 07:36 825856 455D715A840579BDC1CF8E5C1DA76849 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\wininet.dll
[-] 2008-04-09 22:09 826880 482BCCBF1FCBB3378100FF97081438C1 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18023_none_01d65483a1e095cd\wininet.dll
[-] 2008-04-25 04:35 826880 44FD3968AD885026D94450832A78DE8A c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18063_none_01ab14d3a2010591\wininet.dll
[-] 2008-06-27 04:15 827392 618A51B5FB9DD5810960F6044C0E9289 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\wininet.dll
[-] 2008-10-02 03:49 827392 C373C19F10601C1AFE7E40907AE48694 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18148_none_01c5b803a1ec4989\wininet.dll
[-] 2008-10-16 04:47 827392 8F89FFECF6989DD7D9ECCEC6D95D7419 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\wininet.dll
[-] 2009-01-15 06:11 827392 FB79A2AA5E92653B9A394FE26D799BF8 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\wininet.dll
[-] 2009-03-03 04:40 827392 6E115E2D3FAE5077A361A5BCE78FF170 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\wininet.dll
[-] 2008-04-09 22:09 826880 4E962B645608E6EDB7D31B75921D07FA c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22120_none_025cf070bb00e992\wininet.dll
[-] 2008-04-25 04:22 826880 A86218059C228E7691A13E4CB63C4CDF c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22167_none_0238b2c6bb1b0ab7\wininet.dll
[-] 2008-06-27 03:50 827904 EDF59D63DDBC8BE0BB4836EFFFC04BDC c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22212_none_0269c2d6baf6fd76\wininet.dll
[-] 2008-10-02 03:34 827904 6B2591CDCEFEB8451594288426677CBB c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22278_none_022ee50abb223d26\wininet.dll
[-] 2008-10-16 04:38 827904 4944C9FFE8903A276590D4215F74B937 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22288_none_0224151ebb2a5917\wininet.dll
[-] 2009-01-16 05:00 827904 6A986C2CD30633447DAB21A4852E40D6 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22355_none_024185eabb14b666\wininet.dll
[-] 2009-03-03 04:32 827904 3ED9859939928CA568F487AB42175A33 c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.22389_none_0225174ebb296f95\wininet.dll
[-] 2008-01-19 07:33 314880 C2610B6BDBEFC053BBDAB4F1B965CB24 c:\windows\System32\winlogon.exe
[-] 2006-11-02 09:45 308224 9F75392B9128A91ABAFB044EA350BAAD c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[-] 2008-01-19 07:33 314880 C2610B6BDBEFC053BBDAB4F1B965CB24 c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[-] 2008-10-29 06:29 2927104 4F554999D7D5F05DAAEBBA7B5BA1089D c:\windows\explorer.exe
[-] 2006-11-02 09:45 2923520 FD8C53FB002217F6F888BCF6F5D7084D c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[-] 2008-03-28 00:08 2923520 6D06CD98D954FE87FB2DB8108793B399 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[-] 2008-10-29 06:20 2923520 37440D09DEAE0B672A04DCCF7ABF06BE c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[-] 2008-03-28 00:08 2923520 BD06F0BF753BC704B653C3A50F89D362 c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[-] 2008-10-28 02:15 2923520 E7156B0B74762D9DE0E66BDCDE06E5FB c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[-] 2008-01-19 07:33 2927104 FFA764631CB70A30065C12EF8E174F9F c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[-] 2008-10-29 06:29 2927104 4F554999D7D5F05DAAEBBA7B5BA1089D c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[-] 2008-10-30 03:59 2927616 50BA5850147410CDE89C523AD3BC606E c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[-] 2008-01-19 07:33 279040 2B336AB6286D6C81FA02CBAB914E3C6C c:\windows\System32\services.exe
[-] 2006-11-02 09:45 279552 329CF3C97CE4C19375C8ABCABAE258B0 c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[-] 2008-01-19 07:33 279040 2B336AB6286D6C81FA02CBAB914E3C6C c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[-] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\System32\lsass.exe
[-] 2006-11-02 09:45 7680 6A0E382E74280E4CC0DF17FE2661D003 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16386_none_a413c8c65fe02762\lsass.exe
[-] 2009-02-13 07:26 7680 59DE082968FDD257FFF0D209B9A5B460 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[-] 2009-02-13 04:58 7680 AFF8A58280863629CA4FFA9E0B259F1E c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[-] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[-] 2008-01-19 07:33 9728 DCF733788C7D088D814E5F80EB4B3E0F c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[-] 2009-02-13 08:20 9728 F4C62B07E5BF96F1FDCA9DB393ECED22 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe
[-] 2006-11-02 09:45 8704 22BFD03DF51065A9ED8D17F8FB72296B c:\windows\System32\ctfmon.exe
[-] 2006-11-02 09:45 8704 22BFD03DF51065A9ED8D17F8FB72296B c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe
[-] 2008-01-19 07:33 125952 846CDF9A3CF4DA9B306ADFB7D55EE4C2 c:\windows\System32\spoolsv.exe
[-] 2006-11-02 09:45 124928 DA612EF2556776DF2630B68BF2D48935 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[-] 2008-01-19 07:33 125952 846CDF9A3CF4DA9B306ADFB7D55EE4C2 c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[-] 2008-01-19 07:33 25088 0E135526E9785D085BCD9AEDE6FBCBF9 c:\windows\System32\userinit.exe
[-] 2006-11-02 09:45 24576 22027835939F86C3E47AD8E3FBDE3D11 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[-] 2008-01-19 07:33 25088 0E135526E9785D085BCD9AEDE6FBCBF9 c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[-] 2008-01-19 07:36 448512 D605031E225AACCBCEB5B76A4F1603A6 c:\windows\System32\termsrv.dll
[-] 2006-11-02 09:46 427520 FAD71C1E8E4047B154E899AE31EB8CAA c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll
[-] 2008-01-19 07:36 448512 D605031E225AACCBCEB5B76A4F1603A6 c:\windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[-] 2009-02-13 08:49 888832 DB6E3731E6F5C8AE2843F80B5787F7C6 c:\windows\System32\kernel32.dll
[-] 2006-11-02 09:46 874496 1E36AE445E4DA83B82D51FEB2D4F8772 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[-] 2009-02-13 07:26 875520 B82C7AC1D559F0FD088792171D64C7F3 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[-] 2009-02-13 07:13 875520 BB792054BD990EC05D9E260D50FEAD39 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[-] 2008-01-19 07:34 888320 DC2338093F91BA4E0512208E60206DDD c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[-] 2009-02-13 08:49 888832 DB6E3731E6F5C8AE2843F80B5787F7C6 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[-] 2009-02-13 08:21 890880 1987D817D08F5EAF0B7F334026FDDB79 c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[-] 2008-01-19 07:36 97280 51832219A52C3535BF4771C375E63F9B c:\windows\System32\powrprof.dll
[-] 2006-11-02 09:46 96768 3CDEC51291F735C5C276B957239017A3 c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6000.16386_none_a0e2dc64ffed4e9d\powrprof.dll
[-] 2008-01-19 07:36 97280 51832219A52C3535BF4771C375E63F9B c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.0.6001.18000_none_a3199e60fcd85f71\powrprof.dll
[-] 2008-01-19 07:34 114688 EC17194A193CD8E90D27CFB93DFA9A2E c:\windows\System32\imm32.dll
[-] 2006-11-02 09:46 115200 EE12864398F1C3BF5BEE91F6AF9842E1 c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\imm32.dll
[-] 2008-01-19 07:34 114688 EC17194A193CD8E90D27CFB93DFA9A2E c:\windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\imm32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5CAA6CD-8EE4-40a3-92E0-385561406C50}]
2007-04-27 07:33 557056 ----a-w- c:\progra~1\IXQUIC~1\tbu07925\ix_quick.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2005-12-21 73728]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"x3watch"="c:\program files\X3watch\x3watch.exe" [2008-06-01 299008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-04 198160]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-07-06 4669440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-25 535336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{55FA8D98-00EE-46D4-80F6-B2FE8E7C8C8D}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{EF222906-87A4-4828-9F6B-D7BB099B5C73}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4C9D47C0-EEF7-4203-8B67-FB56A04C48B9}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{1055584B-7CE5-4C0D-85DF-5830B30182F0}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{B865A331-0198-4E67-8AB0-0829040F707B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FFF9EBCC-F1FB-45DC-A85F-F986FB6DFA59}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3BE4C26D-CE8A-4D21-8AA1-99EF2A29708F}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{D2B4B153-FA73-461E-949E-C01F81C013EF}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{4A5FCEFB-9438-4030-9980-D6F6EF9209F7}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{81BDCB8E-5F8C-41EB-B2D2-B2F0FDAC64F6}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{841D0004-2CEB-4D6D-BF8E-EAEA1D1AA324}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{F95DBEAD-46A3-4656-B9BC-3C9F3880B804}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{DD1528D3-C64C-4DF1-A651-89294E645B8D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{CCC7F901-C680-4C37-B45D-5C5E5BEFB878}"= UDP:d:\pinnacle\Studio 10\programs\RM.exe:Render Manager
"{AB765C05-AE96-45D0-8A6E-B29C7EBC465C}"= TCP:d:\pinnacle\Studio 10\programs\RM.exe:Render Manager
"{19B56F5F-2478-4437-80A6-8F626AF2C270}"= UDP:d:\pinnacle\Studio 10\programs\Studio.exe:Studio
"{CA01AE35-2A1E-4977-8B1B-27B70026005C}"= TCP:d:\pinnacle\Studio 10\programs\Studio.exe:Studio
"{40552C58-D9E2-484A-A58F-86C339B8821E}"= UDP:d:\pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{93893181-3479-4E30-9E2E-4E626E9218E4}"= TCP:d:\pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{1432C56E-D4E1-4B19-84BC-71B67C947FEF}"= UDP:d:\pinnacle\Studio 10\programs\umi.exe:umi
"{F8564DE8-EF68-49C5-AA46-5367F27E168C}"= TCP:d:\pinnacle\Studio 10\programs\umi.exe:umi
"{46CC1E45-C010-4D14-BC8E-318236776E92}"= UDP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application
"{DA23C039-5E8A-4844-9E77-C10EC97A2841}"= TCP:c:\program files\Pando Networks\Pando\pando.exe:Pando Application
"{47F4DC18-86EF-4500-BD12-C15A0B84F676}"= UDP:58327:Pando P2P TCP Listening Port
"{1F8FDDCD-F5BF-47A2-B51F-EFEBDBFDF4E1}"= TCP:58327:Pando P2P UDP Listening Port
"TCP Query User{7E4B4A53-5857-4901-84F7-B1901DE8D1B4}d:\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= UDP:d:\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{C9B256B0-508D-40E5-8ED4-90F3F2239263}d:\\world of warcraft\\wow-2.3.0-enus-downloader.exe"= TCP:d:\world of warcraft\wow-2.3.0-enus-downloader.exe:Blizzard Downloader
"{EC538A41-E12C-40FB-BB65-CA202C778C91}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6FED9D28-3B97-43A4-986A-A05080757A22}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D07962EF-9075-42E6-ADAC-7FF9986737D7}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{6F46F23D-165C-4756-B65B-19575A3B8A62}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{DA957F7B-31E9-472B-9468-5C23787EE01C}c:\\program files\\real\\realplayer\\recordingmanager.exe"= UDP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{37D5AD59-B8ED-4778-9963-420DEC46E189}c:\\program files\\real\\realplayer\\recordingmanager.exe"= TCP:c:\program files\real\realplayer\recordingmanager.exe:RealNetworks Download and Record Manager
"{B431F180-883A-4179-BE2B-D69C7F0AF193}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{11594F3C-FC74-4DE8-8E32-4CF63D4EF51E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{65B7FB03-7C1F-4319-AC69-DC0A5DF1D87E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{43F09779-E09F-4D6E-927C-948AE8BF38BC}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{60ECA1D5-7907-49AA-ACBB-69BC2A4CE210}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E03C272C-5246-45F5-82C3-D69F0879629A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{D76E4B99-E50E-4B9E-ABC1-4B9EF3431929}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{EB13B7D5-E428-4281-91E9-9EB6274C81A5}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{E7F1F1F8-5974-4340-8964-8AEF379A3421}d:\\realplayer dl\\recordingmanager.exe"= UDP:d:\realplayer dl\recordingmanager.exe:RealNetworks Download and Record Manager
"UDP Query User{906540DB-0388-48FF-8AD8-ADF831DAEC0D}d:\\realplayer dl\\recordingmanager.exe"= TCP:d:\realplayer dl\recordingmanager.exe:RealNetworks Download and Record Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [1/16/2008 12:34 AM 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [7/25/2007 10:29 PM 50688]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [8/7/2008 7:38 PM 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/28/2008 3:05 PM 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7/25/2007 8:02 PM 179712]
S3 APL531;OVT Scanner;c:\windows\System32\drivers\ov550i.sys [7/31/2006 7:44 AM 580992]
S3 SndTAudio;SndTAudio;c:\windows\System32\drivers\SndTAudio.sys [12/25/2008 11:14 AM 23096]
S3 SndTVideo;SndTVideo;c:\windows\System32\drivers\SndTVideo.sys [12/25/2008 11:14 AM 3768]
.
Contents of the 'Scheduled Tasks' folder
2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-17 18:32]
2008-11-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-17 18:32]
2009-06-19 c:\windows\Tasks\User_Feed_Synchronization-{642ED4B7-8637-485E-BA42-D5788B55A707}.job
- c:\windows\system32\msfeedssync.exe [2008-05-29 07:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKCU-Run-Google Update - c:\users\Landon\AppData\Local\Google\Update\GoogleUpdate.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-LaunchList - D:Pinnacle\Studio 10\LaunchList.exe
HKLM-Run-USBToolTip - D:Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ixquick.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: select2perform.com\www
FF - ProfilePath - c:\users\Landon\AppData\Roaming\Mozilla\Firefox\Profiles\xj8v1uma.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick
FF - prefs.js: browser.startup.homepage - hxxp://www.ixquick.com/
FF - component: d:\realplayer dl\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: d:\realplayer dl\Netscape6\nppl3260.dll
FF - plugin: d:\realplayer dl\Netscape6\nprjplug.dll
FF - plugin: d:\realplayer dl\Netscape6\nprpjplug.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 23:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2787322657-2932596189-1710620633-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6b,97,ef,e9,47,4d,da,e1,f2,c1,5a,dc,5e,25,d6,8b,10,53,a7,c2,96,42,99,
0d,69,94,a4,52,b9,d3,80,f8,d7,90,42,8d,4d,ff,e7,28,11,73,97,cb,d4,0f,d9,60,\
"??"=hex:09,59,e0,15,8a,9f,f3,6f,08,c3,ec,92,b2,c8,16,af
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\windows\system32\eNetHook.dll
- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\eNetHook.dll
.
Completion time: 2009-06-19 23:40
ComboFix-quarantined-files.txt 2009-06-19 04:40
Pre-Run: 10,127,831,040 bytes free
Post-Run: 10,056,290,304 bytes free
346 --- E O F --- 2009-05-13 23:17