ComboFix 08-09-22.06 - logan 2008-09-24 0:34:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.379 [GMT -4:00]
Running from: C:\Users\logan\Downloads\ComboFix.exe
Command switches used :: C:\Users\logan\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Windows\SUE73BA.exe
C:\Windows\SUE7CBF.exe
C:\Windows\SUE81DD.exe
C:\Windows\SUE85D3.exe
C:\Windows\SUE978F.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\logan\AppData\Local\cageaew_navup.dat
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))
.
2008-09-23 11:16 . 2007-02-21 19:56 49,904 --a------ C:\Windows\System32\drivers\BVRPMPR5.SYS
2008-09-22 15:11 . 2008-09-22 15:11 <DIR> d-------- C:\Users\All Users\NortonInstaller
2008-09-22 15:11 . 2008-09-22 15:11 <DIR> d-------- C:\ProgramData\NortonInstaller
2008-09-22 10:19 . 2008-09-22 12:43 <DIR> d-------- C:\Users\logan\DoctorWeb
2008-09-21 19:45 . 2008-09-21 19:45 <DIR> d-------- C:\Program Files\Sun
2008-09-21 15:36 . 2008-09-21 15:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-21 15:32 . 2008-09-21 15:32 <DIR> d-------- C:\Windows\Sun
2008-09-21 12:46 . 2008-09-23 14:27 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-09-21 12:46 . 2008-09-21 12:46 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-09-21 12:46 . 2008-09-21 12:46 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-09-21 12:46 . 2008-09-21 12:46 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-09-21 12:36 . 2008-09-21 12:36 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-21 12:36 . 2008-09-21 12:36 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-21 12:35 . 2008-09-21 12:35 <DIR> d-------- C:\Users\logan\AppData\Roaming\SUPERAntiSpyware.com
2008-09-21 12:35 . 2008-09-21 12:35 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-21 12:16 . 2008-09-21 12:16 <DIR> d-------- C:\Program Files\CCleaner
2008-09-09 15:59 . 2008-07-30 19:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 15:59 . 2008-07-30 23:34 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-09-09 15:59 . 2008-07-30 23:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 15:58 . 2008-06-25 23:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-08-28 02:37 . 2007-09-02 23:56 1,686,016 --a------ C:\Windows\System32\clinetsuitex6.ocx
2008-08-28 02:37 . 2004-06-14 17:56 427,864 --a------ C:\Windows\System32\XceedZip.dll
2008-08-27 21:51 . 2004-03-09 19:45 662,288 --a------ C:\Windows\System32\MSCOMCT2.OCX
2008-08-26 17:14 . 2008-08-26 17:14 19,200 --a------ C:\Windows\System32\drivers\mxRCycle.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-23 18:26 --------- d-----w C:\ProgramData\BVRP Software
2008-09-22 19:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-22 02:58 --------- d---a-w C:\ProgramData\TEMP
2008-09-21 23:43 --------- d-----w C:\Program Files\Java
2008-09-21 19:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-21 16:45 --------- d-----w C:\ProgramData\avg8
2008-09-21 16:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-21 16:09 --------- d-----w C:\ProgramData\Viewpoint
2008-09-10 07:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-10 07:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-22 18:00 29,600 ----a-w C:\Windows\System32\mxntdfg.exe
2008-08-14 16:21 --------- d-----w C:\Program Files\Windows Mail
2008-08-09 05:37 --------- d-----w C:\Users\logan\AppData\Roaming\MySpace
2008-08-02 03:57 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 02:41 --------- d-----w C:\Program Files\Google
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-30 19:05 --------- d-----w C:\Users\logan\AppData\Roaming\Malwarebytes
2008-07-30 19:04 --------- d-----w C:\ProgramData\Malwarebytes
2008-07-30 16:36 --------- d-----w C:\Users\logan\AppData\Roaming\Download Manager
2008-07-30 06:16 --------- d-----w C:\Program Files\Enigma Software Group
2008-07-30 00:11 --------- d-----w C:\Users\logan\AppData\Roaming\Avanquest
2008-07-30 00:11 --------- d-----w C:\ProgramData\Avanquest
2008-07-30 00:09 --------- d-----w C:\ProgramData\CyberLink
2008-07-30 00:01 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-29 20:21 --------- d-----w C:\Program Files\Avanquest
2008-07-29 03:33 --------- d-----w C:\Program Files\Acer GameZone
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 05:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-10 17:13 174 --sha-w C:\Program Files\desktop.ini
2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-30 171448]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 768520]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"Acer Assist Launcher"="C:\Program Files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 286720]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"VirusScannerPro"="C:\PROGRA~1\AVANQU~1\Fix-It\MemCheck.exe" [2008-08-26 173312]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-21 1235736]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-05 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-09-03 535336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 19:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll eNetHook.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{35E1504D-0C3D-4D91-A511-B7B221F76B97}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{DC800F1B-8AA6-44D8-86A9-53ECB87BA070}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire 4.13.4
"{53D05FE2-1A08-4A0F-857E-C9683D4E147C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D443ADAE-32CC-49FE-8956-ABD796E68EF0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{5B4EE116-1030-43EE-BF46-A6D02A97AB5E}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{FCA82B38-FD2D-4107-B1AF-A54572EADA40}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{D36AFAE5-E0E9-4F2B-9902-BE77772F9C2C}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{142BBA8E-8FC0-4B8B-B228-C1C705B8FEA6}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{C8F9504C-48AB-4FC2-A43D-11DBF4205506}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8A520869-B294-42F2-BF00-E08DDE3B45F7}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7DFCFC22-520E-483C-B22B-F72E58FEA2E8}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{102650FA-50AC-46CF-B01F-D296F08B5A1B}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{D05D548F-3880-49B2-A709-A41373E47C35}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire
"UDP Query User{023572A0-541D-40C9-9451-38C553260CB4}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire
"TCP Query User{7B5B36E2-C1AE-465F-BEC9-BDC01F763295}C:\\program files\\avanquest\\fix-it\\fix-it.exe"= UDP:C:\program files\avanquest\fix-it\fix-it.exe:Fix-It Utilities 8 Professional
"UDP Query User{4F07F327-ACBA-430F-ADB5-089D929AE211}C:\\program files\\avanquest\\fix-it\\fix-it.exe"= TCP:C:\program files\avanquest\fix-it\fix-it.exe:Fix-It Utilities 8 Professional
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-09-21 97928]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-09-21 69128]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKCU-Run-Acer Tour Reminder - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-24 00:42:20
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\agrsmsvc.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxsrvc.exe
C:\Users\logan\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Windows\System32\lpremove.exe
C:\Windows\System32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-09-24 0:59:58 - machine was rebooted [logan]
ComboFix-quarantined-files.txt 2008-09-24 04:58:48
Pre-Run: 459,603,968 bytes free
Post-Run: 59,523,072 bytes free
234 --- E O F --- 2008-09-18 20:50:07