ComboFix 08-05-27.4 - Teacup 2008-05-27 23:27:36.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2144 [GMT 1:00] Running from: C:\Users\Teacup\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Users\Teacup\AppData\Roaming\m C:\Users\Teacup\AppData\Roaming\m\data.oct C:\Users\Teacup\AppData\Roaming\m\list.oct C:\Users\Teacup\AppData\Roaming\m\shared C:\Users\Teacup\AppData\Roaming\m\shared\[u]0[/u]00-094 - Application Development with IBM WebSphere Integration Developer 6.0.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\131 Ice Cream Maker Recipes 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\3D Topicscape Pro 1.59.zip C:\Users\Teacup\AppData\Roaming\m\shared\646-057 - Cisco Storage Sales Specialist (CSSS) Practice Test Questions 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Ad Buster 1.1.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\Advanced_Grapher_2.11.zip C:\Users\Teacup\AppData\Roaming\m\shared\AGUTA PAD Submitter 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Amadis AVI DIVX XVID to DVD Creator 1.0.4.zip C:\Users\Teacup\AppData\Roaming\m\shared\AngeliaSync 1.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Antares_PasSafe_Password_Manager_2.0_(Cracked).zip C:\Users\Teacup\AppData\Roaming\m\shared\ATSA Chat 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Auto Surround Panner DirectX [Key+Serial].zip C:\Users\Teacup\AppData\Roaming\m\shared\B&G_Calculator_1.10.zip C:\Users\Teacup\AppData\Roaming\m\shared\BackupXfer_for_Palm_1.2d1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Bitdefender.Antivirus.Plus.Version.10.Fr.+.Serial.zip C:\Users\Teacup\AppData\Roaming\m\shared\Blowsearch_Toolbar_2.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Boggle_2.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Cardlabel 1.32.zip C:\Users\Teacup\AppData\Roaming\m\shared\Churches_1.1_[Key+Serial].zip C:\Users\Teacup\AppData\Roaming\m\shared\CL_Program_Editor_1.5_build_1091.zip C:\Users\Teacup\AppData\Roaming\m\shared\CobraSoft Pop Up Stopper 2.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\CyberSky_3.3.zip C:\Users\Teacup\AppData\Roaming\m\shared\dArt North Pole Screensaver 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\DBDiff Squared 3.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\DigiGenius_Video_to_iPod_Converter_3.6.7.zip C:\Users\Teacup\AppData\Roaming\m\shared\Document2PDF_Pilot_1.4.2.191.zip C:\Users\Teacup\AppData\Roaming\m\shared\DVD_Pro_5.0.1_With_Crack.zip C:\Users\Teacup\AppData\Roaming\m\shared\DzSoft_PHP_Editor_4.1.1.2_Key+Serial.zip C:\Users\Teacup\AppData\Roaming\m\shared\e-Daily_Assistant_1.0_(Key).zip C:\Users\Teacup\AppData\Roaming\m\shared\EasyPattern Helper 2.8.zip C:\Users\Teacup\AppData\Roaming\m\shared\EasyPhotoImager 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Excel_Viewer_OCX_2.1.39_[Cracked].zip C:\Users\Teacup\AppData\Roaming\m\shared\Excel_XML_Open_&_Import_Software_1.1_[Key+Serial].zip C:\Users\Teacup\AppData\Roaming\m\shared\Expense Book Plus 2.5.zip C:\Users\Teacup\AppData\Roaming\m\shared\Fatman_ScreenMate_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\FirmTools_Album_Creator_Basic_3.5.zip C:\Users\Teacup\AppData\Roaming\m\shared\FolderBox 1.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\FolderMagic_1.0_(Patch).zip C:\Users\Teacup\AppData\Roaming\m\shared\Font Matching Tool 1.5.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Free_XP_Style_Icons_0.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Gas_Calculator_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Gmail_Explorer_1.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Hearts_of_Iron_1.05_patch_(Asian).zip C:\Users\Teacup\AppData\Roaming\m\shared\Hot_Rod_American_Street_Drag_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\iStateSoft Property Manager 2.5.zip C:\Users\Teacup\AppData\Roaming\m\shared\JJ_Reminder_1.20.zip C:\Users\Teacup\AppData\Roaming\m\shared\John_Gould_Hummingbirds_1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Kauai Hotels Screensaver 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Kernel_SQL_Recovery_7.07.01.zip C:\Users\Teacup\AppData\Roaming\m\shared\Keygen.Kaspersky.Internet.Security.6.0.0.300.zip C:\Users\Teacup\AppData\Roaming\m\shared\Ladybug_Jigsaw_Puzzle_130pc.zip C:\Users\Teacup\AppData\Roaming\m\shared\Legion_Windows_NT_patch.zip C:\Users\Teacup\AppData\Roaming\m\shared\Linera Uninstall Manager Lite 1.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\Lyrics Hunter 2.0 Beta 6.zip C:\Users\Teacup\AppData\Roaming\m\shared\Magic_Garden_Screensaver_1.0_Key+Serial.zip C:\Users\Teacup\AppData\Roaming\m\shared\Math_Solver_1.2.11.56_(Serial).zip C:\Users\Teacup\AppData\Roaming\m\shared\MB_Free_Taurus_Astrology_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Mexico_Postal_Code_Database_(Gold_Edition)_September_2006.zip C:\Users\Teacup\AppData\Roaming\m\shared\MiniDiary 3.12 (Cracked).zip C:\Users\Teacup\AppData\Roaming\m\shared\Morning_Glory_1.0.14.zip C:\Users\Teacup\AppData\Roaming\m\shared\MySwissAlps_Active_Desktop_1024x768_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Nemesis_Player_1.1_Beta.zip C:\Users\Teacup\AppData\Roaming\m\shared\Net-Regulator Personal 1.1.5.269.zip C:\Users\Teacup\AppData\Roaming\m\shared\NirCmd 2.1.0.182.zip C:\Users\Teacup\AppData\Roaming\m\shared\Nod32.2.7.espaƱol.+.fix.2.1.+.nodlogin.(por.Aguja).updated-fixed.Release.11-2006.zip C:\Users\Teacup\AppData\Roaming\m\shared\NTFSDOS Professional 4.01.zip C:\Users\Teacup\AppData\Roaming\m\shared\NTP Digital Clock 1.0.001.zip C:\Users\Teacup\AppData\Roaming\m\shared\ObjectMapper_.NET_1.80.1811.0_[Serial].zip C:\Users\Teacup\AppData\Roaming\m\shared\Oh Christmas Tree Demo Screensaver 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\One_Click_Turkish_Dictionary_0.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\OrangeCD Player 6.2.3.12503.zip C:\Users\Teacup\AppData\Roaming\m\shared\PAPAROACH Script 1.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\Pariah_single-player_demo.zip C:\Users\Teacup\AppData\Roaming\m\shared\PayPunchWeb_Enterprise_3.2.21_KeyGen.zip C:\Users\Teacup\AppData\Roaming\m\shared\PC TimeWatch 1.5.0.8.zip C:\Users\Teacup\AppData\Roaming\m\shared\Personal_Finance_Quizzes_1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Plastic Flash Template 1.0 build 2007.01.11.zip C:\Users\Teacup\AppData\Roaming\m\shared\PopSurfer 1.1 (With Crack).zip C:\Users\Teacup\AppData\Roaming\m\shared\PQ DVD to iPhone Video Converter Suite 1.0 Build 01.zip C:\Users\Teacup\AppData\Roaming\m\shared\Presto!_PhotoAlbum_1.55_[With_Crack].zip C:\Users\Teacup\AppData\Roaming\m\shared\Proxy Finder Pro 2.20.zip C:\Users\Teacup\AppData\Roaming\m\shared\Puzzlers_Cave_Crossword_Compiler_1.0.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\Quick_Calculator_2.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Radio_Station_Plus_3.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Riffster_Lite_Free_Edition_2318.zip C:\Users\Teacup\AppData\Roaming\m\shared\RIPStrike_Back_1.6.zip C:\Users\Teacup\AppData\Roaming\m\shared\River_Past_Audio_Converter_Pro_7.5.zip C:\Users\Teacup\AppData\Roaming\m\shared\RiyazStudio 1.20.zip C:\Users\Teacup\AppData\Roaming\m\shared\Scott's Box Shot Maker 4.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\SearchGun_1.3_(Key+Serial).zip C:\Users\Teacup\AppData\Roaming\m\shared\Smoooth_Deep_Breathing_Assistant_3.1.1_Key+Serial.zip C:\Users\Teacup\AppData\Roaming\m\shared\Snaptune_One_1.0.61025.2.zip C:\Users\Teacup\AppData\Roaming\m\shared\Soft191 Process Viewer 1.00.zip C:\Users\Teacup\AppData\Roaming\m\shared\Sothink_Flash_Player_1.0_build_70604.zip C:\Users\Teacup\AppData\Roaming\m\shared\Speak-to-Mail_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\SS_System_Cleaner_2.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\SSH_Explorer_1.7_(With_Crack).zip C:\Users\Teacup\AppData\Roaming\m\shared\Student_Organizer_5.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Studiomatics_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Stupid_Invaders_updated_demo.zip C:\Users\Teacup\AppData\Roaming\m\shared\Surveillance Scan II 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\SWF Debug Remover 2.0.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\swProp2 1.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\The Howard Stern Widget 1.1.zip C:\Users\Teacup\AppData\Roaming\m\shared\Tree_MDI_3.65.zip C:\Users\Teacup\AppData\Roaming\m\shared\TuFtp_1.40.zip C:\Users\Teacup\AppData\Roaming\m\shared\Twin_Files_(Lite)_1.3.zip C:\Users\Teacup\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_Starfall_deathmatch_map.zip C:\Users\Teacup\AppData\Roaming\m\shared\vCAP Calendar Server 1.9.0 beta.zip C:\Users\Teacup\AppData\Roaming\m\shared\Visual_Basic_for_Kids_2.zip C:\Users\Teacup\AppData\Roaming\m\shared\Visually_Safe_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Wavosaur_1.0.0.9000.zip C:\Users\Teacup\AppData\Roaming\m\shared\Web_Sweeper_2.0_(With_Crack).zip C:\Users\Teacup\AppData\Roaming\m\shared\webcamXP_PRO_TRIAL_2007_4.00.500_Beta.zip C:\Users\Teacup\AppData\Roaming\m\shared\WebM8 U3 1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Weight Converter 1.0.0.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\Whizlabs_OCP_9i_(1Z0-033)_Kit_6.0.1_[Crack].zip C:\Users\Teacup\AppData\Roaming\m\shared\Winscore_2007_Rev_3.zip C:\Users\Teacup\AppData\Roaming\m\shared\WizzTones_2.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\X10Net_1.0_Build_22.12.zip C:\Users\Teacup\AppData\Roaming\m\shared\XPSecurity 2005c.zip C:\Users\Teacup\AppData\Roaming\m\shared\XSizer_1.3.zip C:\Users\Teacup\AppData\Roaming\m\shared\ZiNE_Secure_Archiving_Lite_1.0.zip C:\Users\Teacup\AppData\Roaming\m\shared\ZPaint 1.4.zip C:\Users\Teacup\AppData\Roaming\m\srvlist.oct C:\Windows\system32\ban_list.txt C:\Windows\system32\drivers\downld C:\Windows\system32\drivers\downld\1263108.exe C:\Windows\system32\drivers\downld\1269255.exe C:\Windows\system32\drivers\downld\1324900.exe C:\Windows\system32\drivers\downld\1473289.exe C:\Windows\system32\drivers\downld\1477969.exe C:\Windows\system32\drivers\downld\14893290.exe C:\Windows\system32\drivers\downld\14897315.exe C:\Windows\system32\drivers\downld\14928858.exe C:\Windows\system32\drivers\downld\14992054.exe C:\Windows\system32\drivers\downld\15004410.exe C:\Windows\system32\drivers\downld\15014425.exe C:\Windows\system32\drivers\downld\15122175.exe C:\Windows\system32\drivers\downld\15154919.exe C:\Windows\system32\drivers\downld\15161362.exe C:\Windows\system32\drivers\downld\15405863.exe C:\Windows\system32\drivers\downld\15416050.exe C:\Windows\system32\drivers\downld\15417532.exe C:\Windows\system32\drivers\downld\15421681.exe C:\Windows\system32\drivers\downld\266465.exe C:\Windows\system32\drivers\downld\29430259.exe C:\Windows\system32\drivers\downld\29435797.exe C:\Windows\system32\drivers\downld\29456654.exe C:\Windows\system32\drivers\downld\29462036.exe C:\Windows\system32\drivers\downld\295216.exe C:\Windows\system32\drivers\downld\29613310.exe C:\Windows\system32\drivers\downld\29641578.exe C:\Windows\system32\drivers\downld\29648333.exe C:\Windows\system32\drivers\downld\321206.exe C:\Windows\system32\drivers\downld\339005.exe C:\Windows\system32\drivers\downld\371157.exe C:\Windows\system32\drivers\downld\371485.exe C:\Windows\system32\drivers\downld\384199.exe C:\Windows\system32\drivers\downld\391921.exe C:\Windows\system32\drivers\downld\392248.exe C:\Windows\system32\drivers\downld\396648.exe C:\Windows\system32\drivers\downld\399752.exe C:\Windows\system32\drivers\downld\401000.exe C:\Windows\system32\drivers\downld\404432.exe C:\Windows\system32\drivers\downld\44054853.exe C:\Windows\system32\drivers\downld\44057661.exe C:\Windows\system32\drivers\downld\44084088.exe C:\Windows\system32\drivers\downld\44092465.exe C:\Windows\system32\drivers\downld\44316826.exe C:\Windows\system32\drivers\downld\44330726.exe C:\Windows\system32\drivers\downld\44338198.exe C:\Windows\system32\drivers\downld\464290.exe C:\Windows\system32\drivers\downld\467706.exe C:\Windows\system32\drivers\downld\468845.exe C:\Windows\system32\drivers\downld\475678.exe C:\Windows\system32\drivers\downld\476473.exe C:\Windows\system32\drivers\downld\477675.exe C:\Windows\system32\drivers\downld\481263.exe C:\Windows\system32\drivers\downld\485038.exe C:\Windows\system32\drivers\downld\557516.exe C:\Windows\system32\drivers\downld\567032.exe C:\Windows\system32\drivers\downld\571525.exe C:\Windows\system32\drivers\downld\58805232.exe C:\Windows\system32\drivers\downld\58809849.exe C:\Windows\system32\drivers\downld\58867211.exe C:\Windows\system32\drivers\downld\58877647.exe C:\Windows\system32\drivers\downld\58885728.exe C:\Windows\system32\drivers\downld\610556.exe C:\Windows\system32\drivers\downld\6629122.exe C:\Windows\system32\drivers\downld\6630058.exe C:\Windows\system32\drivers\downld\6631914.exe C:\Windows\system32\drivers\downld\6637577.exe C:\Windows\system32\drivers\downld\665937.exe C:\Windows\system32\drivers\downld\678339.exe C:\Windows\system32\drivers\downld\680507.exe C:\Windows\system32\drivers\downld\685327.exe C:\Windows\system32\drivers\downld\73292420.exe C:\Windows\system32\drivers\downld\73389983.exe C:\Windows\system32\drivers\downld\73441526.exe C:\Windows\system32\drivers\downld\73457142.exe C:\Windows\system32\drivers\downld\73461463.exe C:\Windows\system32\drivers\hldrrr.exe C:\Windows\system32\drivers\mdelk.exe C:\Windows\system32\drivers\srosa.sys C:\Windows\system32\mdelk.exe C:\Windows\system32\wintems.exe ----- BITS: Possible infected sites ----- hxxp://tabularasa.patcher.ncsoft.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA ((((((((((((((((((((((((( Files Created from 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))) . 2008-05-27 19:42 . 2008-05-27 19:42 d-------- C:\Users\All Users\WindowsSearch 2008-05-27 19:42 . 2008-05-27 19:42 d-------- C:\ProgramData\WindowsSearch 2008-05-27 19:01 . 2008-05-27 19:01 d-------- C:\Deckard 2008-05-27 18:57 . 2008-05-27 18:57 d-------- C:\Program Files\Trend Micro 2008-05-27 18:56 . 2008-05-27 18:56 d-------- C:\fsaua.data 2008-05-27 18:01 . 2008-05-27 18:01 d-------- C:\Users\Teacup\AppData\Roaming\Malwarebytes 2008-05-27 18:01 . 2008-05-27 18:01 d-------- C:\Users\All Users\Malwarebytes 2008-05-27 18:01 . 2008-05-27 18:01 d-------- C:\ProgramData\Malwarebytes 2008-05-27 18:01 . 2008-05-27 18:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-27 18:01 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-27 18:01 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-27 18:00 . 2008-05-27 18:00 d-------- C:\Users\Teacup\AppData\Roaming\Download Manager 2008-05-27 01:55 . 2008-05-27 01:55 d-------- C:\kav 2008-05-27 01:47 . 2008-05-27 01:47 dr------- C:\Windows\System32\config\systemprofile\Documents 2008-05-27 01:31 . 2008-05-27 01:31 0 --a------ C:\xx16 2008-05-27 01:31 . 2008-05-27 01:31 0 --a------ C:\xx15 2008-05-27 01:31 . 2008-05-27 01:31 0 --a------ C:\xx14 2008-05-27 01:31 . 2008-05-27 01:31 0 --a------ C:\xx13 2008-05-27 01:31 . 2008-05-27 01:31 0 --a------ C:\xx12 2008-05-27 01:30 . 2008-05-27 01:30 0 --a------ C:\xx9 2008-05-27 01:30 . 2008-05-27 01:30 0 --a------ C:\xx8 2008-05-27 01:30 . 2008-05-27 01:30 0 --a------ C:\xx7 2008-05-27 01:30 . 2008-05-27 01:30 0 --a------ C:\xx11 2008-05-27 01:30 . 2008-05-27 01:30 0 --a------ C:\xx10 2008-05-27 01:27 . 2008-05-27 20:06 d-------- C:\Windows\System32\config\systemprofile\.housecall6.6 2008-05-27 01:27 . 2008-05-27 01:27 0 --a------ C:\xx6 2008-05-27 01:27 . 2008-05-27 01:27 0 --a------ C:\xx5 2008-05-27 01:27 . 2008-05-27 01:27 0 --a------ C:\xx4 2008-05-27 01:27 . 2008-05-27 01:27 0 --a------ C:\xx3 2008-05-27 01:27 . 2008-05-27 01:27 0 --a------ C:\xx2 2008-05-27 01:21 . 2008-05-27 01:23 d-------- C:\Users\Backup_2\.housecall6.6 2008-05-27 01:17 . 2008-05-27 01:17 d-------- C:\Users\Backup_2\AppData\Roaming\Pantone 2008-05-27 01:11 . 2008-05-27 01:13 d-------- C:\Users\Teacup\.housecall6.6 2008-05-27 00:50 . 2008-05-27 00:50 d-------- C:\Windows\System32\Kaspersky Lab 2008-05-27 00:50 . 2008-05-27 00:50 d-------- C:\Users\All Users\Kaspersky Lab 2008-05-27 00:50 . 2008-05-27 00:50 d-------- C:\ProgramData\Kaspersky Lab 2008-05-26 17:44 . 2008-05-26 17:44 d-------- C:\Users\Teacup\AppData\Roaming\Acronis 2008-05-26 01:07 . 2008-05-26 01:07 d-------- C:\Program Files\DVDVideoSoft 2008-05-26 01:07 . 2008-05-26 01:07 d-------- C:\Program Files\Common Files\DVDVideoSoft 2008-05-26 00:41 . 2008-05-26 00:41 d-------- C:\Program Files\Red Kawa 2008-05-26 00:41 . 2008-05-26 00:41 d-------- C:\Program Files\AviSynth 2.5 2008-05-25 21:25 . 2008-05-27 21:38 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-25 21:25 . 2008-05-25 21:25 1,409 --a------ C:\Windows\QTFont.for 2008-05-25 20:17 . 2008-05-25 20:17 249,856 --------- C:\Windows\Setup1.exe 2008-05-25 20:17 . 2008-05-25 20:17 73,216 --a------ C:\Windows\ST6UNST.EXE 2008-05-25 18:24 . 2008-05-25 18:25 d-------- C:\Program Files\Easy Duplicate Finder 2008-05-25 16:20 . 2008-05-25 18:06 d-------- C:\Program Files\Common Files\Acronis 2008-05-22 23:48 . 2008-05-22 23:48 d-------- C:\Users\All Users\Musicnotes 2008-05-22 23:48 . 2008-05-22 23:48 d-------- C:\ProgramData\Musicnotes 2008-05-22 23:47 . 2007-04-23 13:12 343,216 --a------ C:\Windows\System32\KeyHelp.ocx 2008-05-18 23:53 . 2008-05-18 23:53 d-------- C:\Program Files\MozyHome 2008-05-18 23:53 . 2008-05-15 20:08 53,752 --a------ C:\Windows\System32\drivers\mozy.sys 2008-05-18 23:53 . 2008-05-26 22:01 6,466 --a------ C:\Windows\mozy.blk 2008-05-18 23:53 . 2008-05-26 22:01 68 --a------ C:\Windows\mozy.flt 2008-05-17 00:37 . 2008-05-17 00:37 d-------- C:\Program Files\Trials 2 Second Edition 2008-05-17 00:37 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll 2008-05-11 11:55 . 2007-02-16 11:55 302 --a------ C:\Windows\System32\gmsblist.dll 2008-05-11 11:54 . 2008-05-11 18:30 d-------- C:\gsak 2008-05-11 11:54 . 2000-01-24 06:01 111,104 --a------ C:\Windows\System32\midas.dll 2008-05-11 11:54 . 2005-11-22 22:20 7,348 --a------ C:\Windows\SDENSX.UDF 2008-05-10 22:39 . 2008-05-10 22:39 d-------- C:\Users\Teacup\AppData\Roaming\GARMIN 2008-05-08 18:43 . 2008-05-08 18:43 d-------- C:\logs3 2008-05-07 00:32 . 2008-05-07 00:40 d-------- C:\Users\Teacup\AppData\Roaming\GeoSetter 2008-05-07 00:32 . 2008-05-07 00:32 d-------- C:\Program Files\GeoSetter 2008-05-03 01:58 . 2008-05-03 01:58 d-------- C:\Users\Backup\AppData\Roaming\FlashGet 2008-05-02 18:05 . 2008-05-02 18:05 d-------- C:\Users\Teacup\AppData\Roaming\Flock 2008-05-02 18:05 . 2008-05-25 15:23 d-------- C:\Program Files\Flock 2008-04-29 21:13 . 2008-04-29 22:26 d-------- C:\Users\All Users\TrackMania United 2008-04-29 21:13 . 2008-04-29 22:26 d-------- C:\ProgramData\TrackMania United 2008-04-29 20:27 . 2008-05-03 18:48 d-------- C:\Users\All Users\TrackMania 2008-04-29 20:27 . 2008-05-03 18:48 d-------- C:\ProgramData\TrackMania . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-27 22:34 --------- d-----w C:\ProgramData\Kontiki 2008-05-27 22:33 --------- d-----w C:\Users\Teacup\AppData\Roaming\WTablet 2008-05-27 21:01 --------- d-----w C:\ProgramData\eMule 2008-05-27 20:46 --------- d-----w C:\Program Files\DigiGuide TV Guide 2008-05-27 20:37 --------- d-----w C:\Users\Backup\AppData\Roaming\WTablet 2008-05-27 19:31 --------- d-----w C:\Users\Backup_2\AppData\Roaming\WTablet 2008-05-26 22:34 --------- d-----w C:\Users\Teacup\AppData\Roaming\JDiskReport 2008-05-26 18:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-26 18:35 --------- d-----w C:\ProgramData\Media Center Programs 2008-05-25 17:07 395,744 ----a-w C:\Windows\system32\drivers\timntr.sys 2008-05-25 17:07 39,264 ----a-w C:\Windows\system32\drivers\tifsfilt.sys 2008-05-25 17:06 114,048 ----a-w C:\Windows\system32\drivers\snapman.sys 2008-05-25 14:31 --------- d-----w C:\Users\Teacup\AppData\Roaming\InstallShield Installation Information 2008-05-25 14:28 --------- d-----w C:\Program Files\P.H.L.O.P 2008-05-25 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-25 14:27 --------- d-----w C:\Program Files\NFR 2008-05-25 14:27 --------- d-----w C:\Program Files\MPDemo 2008-05-25 14:23 --------- d-----w C:\Program Files\eMusic Download Manager 2008-05-25 14:19 --------- d-----w C:\Program Files\Steam 2008-05-25 14:17 --------- d-----w C:\Program Files\Azureus 2008-05-21 16:38 --------- d-----w C:\Program Files\FlashGet 2008-05-21 02:00 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-13 23:54 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-13 23:54 --------- d-----w C:\Program Files\Windows Mail 2008-05-12 21:05 --------- d-----w C:\Program Files\Flickr Uploadr 2008-05-08 17:43 --------- d-----w C:\Program Files\Kontiki 2008-05-02 17:05 --------- d-----w C:\Program Files\Opera 2008-04-21 17:45 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 22:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-14 22:33 --------- d-----w C:\Program Files\Memory-Map 2008-04-14 22:15 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2008-04-14 22:06 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2008-04-13 12:48 --------- d-----w C:\Program Files\iTunes 2008-04-13 12:48 --------- d-----w C:\Program Files\iPod 2008-04-13 12:47 --------- d-----w C:\Program Files\QuickTime 2008-03-31 19:11 --------- d-----w C:\Users\Backup\AppData\Roaming\Pantone 2008-03-29 16:18 --------- d-----w C:\Program Files\Google 2008-03-29 13:32 --------- d-----w C:\Users\Teacup\AppData\Roaming\Pantone 2008-03-29 13:19 --------- d-----w C:\Program Files\Pantone 2008-03-23 23:17 174 --sha-w C:\Program Files\desktop.ini 2008-01-09 01:02 22,328 ----a-w C:\Users\Teacup\AppData\Roaming\PnkBstrK.sys 2007-11-13 22:56 20 ---h--w C:\Users\All Users\PKP_DLeh.DAT 2007-11-13 22:56 20 ---h--w C:\ProgramData\PKP_DLeh.DAT 2007-09-30 20:21 27,525 ----a-w C:\Users\dbuttre\AppData\Roaming\nvModes.dat 2007-09-23 10:41 0 ---h--w C:\Users\All Users\PKP_DLds.DAT 2007-09-23 10:41 0 ---h--w C:\ProgramData\PKP_DLds.DAT 2007-06-23 16:47 20 ---h--w C:\Users\All Users\PKP_DLbz.DAT 2007-06-23 16:47 20 ---h--w C:\ProgramData\PKP_DLbz.DAT 2007-06-10 17:01 20 ---h--w C:\Users\All Users\PKP_DLec.DAT 2007-06-10 17:01 20 ---h--w C:\ProgramData\PKP_DLec.DAT 2007-11-24 18:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007112420071125\index.dat 2007-12-03 18:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007112620071203\index.dat 2007-12-03 18:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120320071204\index.dat 2007-12-04 17:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120420071205\index.dat 2007-12-06 23:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120620071207\index.dat 2007-12-07 14:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120720071208\index.dat 2007-12-09 13:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120920071210\index.dat 2007-12-24 12:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007121720071224\index.dat 2008-01-07 20:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007122420071231\index.dat 2008-01-14 20:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080115\index.dat 2008-01-15 18:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat 2008-01-16 18:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011620080117\index.dat 2008-01-17 18:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011720080118\index.dat 2008-01-18 18:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat 2008-01-19 12:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011920080120\index.dat 2008-01-20 22:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012020080121\index.dat 2008-01-28 21:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012820080129\index.dat 2008-01-29 17:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012920080130\index.dat 2008-01-30 17:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013020080131\index.dat 2008-01-31 17:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013120080201\index.dat 2008-02-01 17:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020120080202\index.dat 2008-02-02 12:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020220080203\index.dat 2008-02-03 12:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020320080204\index.dat 2008-02-25 10:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008021820080225\index.dat 2008-02-25 18:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022520080226\index.dat 2008-02-26 10:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022620080227\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @={747E722C-CB46-4A9D-BDFE-192AAD5099B1} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20} [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}] 2008-05-15 20:09 2393392 --a------ C:\Program Files\MozyHome\mozyshell.dll [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}] 2008-05-15 20:09 2393392 --a------ C:\Program Files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952] "Realtime Monitor"="C:\Program Files\CA\eTrust Antivirus\realmon.exe" [2008-05-27 23:29 504080] "COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384] "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 15:45 279912] "VX6000"="C:\Windows\vVX6000.exe" [2007-04-10 15:46 996712] "MyScreenCam"="C:\Program Files\My Screen Cam\scrcam.exe" [ ] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 03:07 61440] "4oD"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 19:04 4423680 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-18 20:55 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-18 20:55 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-18 20:55 81920] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ] "EntaTool"="C:\Users\Teacup\Desktop\Desktop\EntaToolv0-6d\EntaTool.exe" [2007-07-20 23:06 303104] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 21:12 1164912] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 21:17 1941784] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 21:13 87584] C:\Users\Teacup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ DigiGuide TV Guide.lnk - C:\Program Files\DigiGuide TV Guide\Client.exe [9/8/2007 4:06:38 PM 180224] OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 5:45:42 AM 101784] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe [3/29/2008 2:19:26 PM 901120] MozyHome Status.lnk - C:\Program Files\MozyHome\mozystat.exe [5/18/2008 11:53:23 PM 1914160] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll "vidc.iv32"= C:\Windows\system32\ir32_32.dll "vidc.iv31"= C:\Windows\system32\ir32_32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3018700875-756917214-4125846603-1000] "EnableNotificationsRef"=dword:00000006 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3018700875-756917214-4125846603-1003] "EnableNotificationsRef"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3018700875-756917214-4125846603-1006] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{18BDF8B2-297B-41ED-B785-4456C4C35F0E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{7F191103-DA52-4A8B-994F-CF3B20D80ED9}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{8ED78554-DAF7-4C6A-A489-5A660ED02118}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{9B02CA99-573B-4871-A8C8-A12BF8B1ED6A}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{63B0B5A3-97FD-4933-8888-5EC7A29994C3}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{3C60C82B-AF6A-44CB-8975-8C9D5C1A0493}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{CCB576D5-DBF5-40C6-92A2-537AA5093BCA}"= Disabled:UDP:3703:Adobe Version Cue CS3 Server "{69477381-72CD-46D4-BEC0-B513DA95BC75}"= Disabled:UDP:3704:Adobe Version Cue CS3 Server "{54DE8F49-6021-4A93-8616-E8A5FCB76F6E}"= Disabled:UDP:50900:Adobe Version Cue CS3 Server "{48EE45D7-D6A6-48AF-9E0F-46D4A48BD469}"= Disabled:UDP:50901:Adobe Version Cue CS3 Server "{7E6E8870-7F18-45CE-8224-3A87D5DD0839}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{4785F4DB-55D4-494A-A9D9-E925E5F9097E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FA010D46-165A-4454-BDB2-2D7900DBED48}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{BB9C8FB1-4E73-4567-A68A-D3112724C75E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FA7CBF35-A07A-47E0-A9D7-50C20535E862}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{461787F7-1521-4122-B621-1BC60DAA28C8}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "UDP Query User{07F74CBF-B916-460D-8BAD-D7416A5BD19D}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "TCP Query User{5FE214F2-AC23-4207-86B9-525F0494BEB6}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{3F95654F-1281-489A-B008-2C1322E4FFCC}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "TCP Query User{9193A6E3-7CBB-42DC-873D-9ABE4D39CC24}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{9841163A-2F93-44BE-82DB-F4B99B5EF1A7}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{5B7A00E7-2B54-451B-B366-5A378F41A311}"= UDP:23486:az "TCP Query User{8DEFD4B0-634E-4A79-8A5A-0005FFF2CA67}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{4ED61228-C7A0-4357-A2E6-B3E774AB461D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{1867AF51-F149-4540-B0F6-AF33971442D0}"= Disabled:UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{7360D78F-4FAF-4346-8E47-334F006198F0}"= Disabled:TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{06E6C814-219F-4963-9F3C-AA6D4B7233B4}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{1C5CB88E-34AF-4FC8-B982-6499E1C5E4FD}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{B1A3F406-5339-47F7-A78F-FA812145B7A4}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\counter-strike source\hl2.exe:hl2 "UDP Query User{5BE0DE14-55D0-4897-AE8D-21AF7E7EFA03}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\counter-strike source\hl2.exe:hl2 "TCP Query User{B81AB4F5-686E-4BB5-B9E5-073F43D01F0F}C:\\ut2003\\system\\ut2003.exe"= UDP:C:\ut2003\system\ut2003.exe:UT2003 "UDP Query User{DE240339-6278-42D1-AF37-AF8F5C428B3A}C:\\ut2003\\system\\ut2003.exe"= TCP:C:\ut2003\system\ut2003.exe:UT2003 "{92046C7E-6146-4F4E-90B0-FFC7C1B7D9EA}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{93FD8633-9D90-4A50-9D4E-1A448F3197E6}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{6B560FD2-6288-4D9D-86BE-FF4964D42598}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{3B03B7E4-23F2-4B26-B38E-535441EBFA2F}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{BEA3D129-6890-4FA7-9E15-FD33D3393768}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{45287821-1A28-445E-8E9C-2CE6B836B2A3}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{8BE4C0CB-59FA-4D70-9969-932C4A0D8BAD}"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Microsoft Office Communicator 2007 "{8EFBEB31-9C73-4F7C-87D8-6BD4E2702788}"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Microsoft Office Communicator 2007 "{1928BBA8-81FD-4279-BF3F-212C6D3617CE}"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator "{4E8311DB-5FD0-4DD2-9D09-E84A693C104F}"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator "TCP Query User{325BF7F9-9721-49BC-B66D-23B8E2D210BA}C:\\users\\teacup\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\teacup\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{0DB2E8C9-5D60-4E6F-8626-DCE802447E5C}C:\\users\\teacup\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\teacup\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "TCP Query User{75EC61A2-4ECF-476B-B316-EA0B4BB547F2}C:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:C:\program files\autodesk\maya2008\bin\maya.exe:Maya "UDP Query User{38E6771D-3F5C-4A86-A1D7-4BDC9F0E792C}C:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:C:\program files\autodesk\maya2008\bin\maya.exe:Maya "TCP Query User{132E4993-E899-47F9-8EF3-DCD104D6D78F}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{8D708B08-C9B0-43D1-BCBF-8858DBA0D016}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "TCP Query User{1D761CD4-4DA7-416F-B17F-58DB06FB6454}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam "UDP Query User{531ADF73-460D-4668-A1C4-294D6EF1B1B3}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam "TCP Query User{3B7688ED-AB6B-42BF-9D32-EF345E512F52}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K "UDP Query User{0DC3396F-9179-44A8-ABF0-47D556B73ED5}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K "TCP Query User{3E51C875-37E3-4026-B4B3-272023FA5451}C:\\users\\teacup\\appdata\\local\\micro forte\\kwari\\kwari_launcher.exe.part.1"= UDP:C:\users\teacup\appdata\local\micro forte\kwari\kwari_launcher.exe.part.1:kwari_launcher.exe.part.1 "UDP Query User{C598DB01-F87B-46BC-86CD-B60C90228541}C:\\users\\teacup\\appdata\\local\\micro forte\\kwari\\kwari_launcher.exe.part.1"= TCP:C:\users\teacup\appdata\local\micro forte\kwari\kwari_launcher.exe.part.1:kwari_launcher.exe.part.1 "TCP Query User{6266E821-F617-4C95-886C-B78495226262}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{81C97655-3250-4F94-914F-B56A2601080E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{8C3442FA-6D2A-4408-B15D-82E03938181B}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{06D9E3D7-F7A3-456E-A69A-1BD3D241427C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{6F0D7DB8-352D-49A9-BF15-079D552C11EF}C:\\aeriagames\\12sky\\twelvesky.exe"= UDP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky "UDP Query User{0D4E321B-AD2F-4B75-A8D5-559D25CDDA29}C:\\aeriagames\\12sky\\twelvesky.exe"= TCP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky "TCP Query User{34943C87-20FF-40B7-AAA2-FB25C81F5B73}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\team fortress 2\hl2.exe:hl2 "UDP Query User{4F415124-4E46-4832-947C-7595970C364D}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\team fortress 2\hl2.exe:hl2 "TCP Query User{E7400F46-DA85-431F-9A76-E296F770D10E}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\day of defeat source\hl2.exe:hl2 "UDP Query User{F4859058-E9DC-4CE7-8CE0-ACD64B6D42A7}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\day of defeat source\hl2.exe:hl2 "{021A1887-AE38-4F27-8002-4EDAA85D32F4}"= UDP:L:\games\SettlersVI\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{F107FA13-EF2E-4B03-9A9A-A3FA40ABD27F}"= TCP:L:\games\SettlersVI\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{97BF3F98-879C-4ED0-B6E2-3DA19181E87A}"= UDP:Q:\Crysis\Bin32\Crysis.exe:Crysis_32 "{DBCED2A4-1A49-470C-B63F-00C2754ACB33}"= TCP:Q:\Crysis\Bin32\Crysis.exe:Crysis_32 "{1EC83135-3718-474D-8A58-4D2DC96B1062}"= UDP:Q:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{A4622FAC-8136-41A5-B57A-24F7D58C77E4}"= TCP:Q:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{F91A78E6-505F-44F9-9645-E6C186C2A7DA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B304E257-54AA-47D6-92EE-85F78C87BFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FA7D5919-060F-480E-AD40-75057B806D6E}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{8B8FB35A-DD4F-427C-9AA9-C12AC3D0514D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{BDDAD19D-5E05-4FC4-B372-4B7522035589}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{559CE9BE-22D9-4AE2-969A-F6FDBE64AC71}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{752CD407-5B6B-4863-A1B5-27F19710C13A}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{9E8E19E6-4F55-4616-9C0E-A11C2B6E17AD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{D9668FE8-8086-4BBB-B985-C9F57F1BC9A2}"= UDP:Q:\ut3\Binaries\UT3.exe:Unreal Tournament 3 "{588267D2-93E7-4C78-895D-71F8F5F36ABC}"= TCP:Q:\ut3\Binaries\UT3.exe:Unreal Tournament 3 "TCP Query User{50C85E55-2007-46B3-A4C5-3EDE00B3D6C7}C:\\program files\\microsoft lifecam\\lifeexp.exe"= UDP:C:\program files\microsoft lifecam\lifeexp.exe:LifeExp.exe "UDP Query User{872F0BEB-A94B-46FE-A8EE-5109C2A7075E}C:\\program files\\microsoft lifecam\\lifeexp.exe"= TCP:C:\program files\microsoft lifecam\lifeexp.exe:LifeExp.exe "{D8327333-C35E-416E-93A6-B721770351DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4DF67023-04D2-45F8-AED9-09EACD2D9608}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{49124406-D4CB-4BD4-A4C1-8358B0080874}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{D29180BD-1320-43B0-8D17-21841F8EF4D4}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{DB0E8B5B-798E-48FF-8F40-0F271FFF0117}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{4F115BED-BB21-46DA-92EF-11EEE06030DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E064BF92-C93B-4366-89EC-523B3C363AB0}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{EEC3B38E-7133-43AC-925B-6F2334DFFCB2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{AA69FF85-8860-46E3-AD09-5B0D1CD32BD2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B4786107-6B46-4F54-9503-ABE76A0CF4FF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{B9876473-803E-4CE4-9605-63D4EA7512F4}Q:\\tmunitedforever\\tmforever.exe"= UDP:Q:\tmunitedforever\tmforever.exe:TmForever "UDP Query User{FDCA6782-2962-478A-9829-A2A1B5802B30}Q:\\tmunitedforever\\tmforever.exe"= TCP:Q:\tmunitedforever\tmforever.exe:TmForever "TCP Query User{00EE6AEF-21C2-4998-AC96-36338F0B8B37}Q:\\trackmania united\\tmunited.exe"= UDP:Q:\trackmania united\tmunited.exe:TmUnited "UDP Query User{45AC8227-399B-4C8C-A1F6-4CF47EBB3A2D}Q:\\trackmania united\\tmunited.exe"= TCP:Q:\trackmania united\tmunited.exe:TmUnited R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-12-06 16:11] R1 mozyFilter;mozyFilter;C:\Windows\system32\DRIVERS\mozy.sys [2008-05-15 20:08] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 15:45] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33] R2 SRUserService;IT Connection Manager;"C:\Program Files\IT Connection Manager\SRUserService.exe" [2007-04-06 14:44] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33] R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-10-23 12:09] R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2006-11-15 11:55] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30] S3 Alpham1;Ideazon Fang USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham1.sys [2007-03-20 10:49] S3 Alpham2;Ideazon Fang MM USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 10:49] S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [2007-07-01 19:54] S3 GEMPC430;GEMPC430;C:\Windows\system32\Drivers\gemusb.sys [2001-12-04 10:03] S3 Kwari.xLoader;Kwari.xLoader;C:\Users\Teacup\AppData\Local\Micro Forte\Kwari\Kwari.xLoader.32 [] S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-24 18:24] S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23] S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 06:53] S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 15:46] S3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2006-02-14 13:18] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974d5f1f-0b87-11dc-aaeb-001a4d40a1fa}] \shell\AutoRun\command - L:\CaptureNXSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a16974-5b07-11dc-b854-001a4d40a1fa}] \shell\AutoRun\command - H:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-27 23:33:26 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\MozyHome\mozyshell.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\wisptis.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\MozyHome\mozybackup.exe C:\Windows\System32\wisptis.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\Tablet.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\WTablet\TabUserW.exe C:\Windows\System32\Tablet.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\DigiGuide TV Guide\DigiGuide.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Windows\System32\taskmgr.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-05-27 23:55:46 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-27 22:55:31 Pre-Run: 57,813,471,232 bytes free The system cannot find message text for message number 0x2379 in the message file for Application. 642 --- E O F --- 2008-05-23 14:45:07