ComboFix 08-05-29.1 - Teacup 2008-05-30 17:49:01.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2508 [GMT 1:00] Running from: C:\Users\Teacup\Desktop\wooyt.exe . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-30 ))))))))))))))))))))))))))))))) . 2008-05-30 18:00 . 2008-05-30 18:00 54,156 --ah----- C:\Windows\QTFont.qfn 2008-05-30 18:00 . 2008-05-30 18:00 1,409 --a------ C:\Windows\QTFont.for 2008-05-30 00:44 . 2008-05-30 00:44 d-------- C:\Combo-Fix 2008-05-29 20:32 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll 2008-05-29 20:32 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll 2008-05-29 20:32 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll 2008-05-29 20:32 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll 2008-05-29 20:32 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll 2008-05-29 20:32 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll 2008-05-29 20:32 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll 2008-05-29 20:32 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll 2008-05-29 20:32 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll 2008-05-29 20:32 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll 2008-05-27 23:47 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-27 23:47 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-27 19:01 . 2008-05-27 19:01 d-------- C:\Deckard 2008-05-27 18:57 . 2008-05-27 18:57 d-------- C:\Program Files\Trend Micro 2008-05-27 18:56 . 2008-05-27 18:56 d-------- C:\fsaua.data 2008-05-27 18:01 . 2008-05-27 18:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-27 18:01 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys 2008-05-27 18:01 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys 2008-05-27 01:55 . 2008-05-27 01:55 d-------- C:\kav 2008-05-27 00:50 . 2008-05-27 00:50 d-------- C:\Windows\System32\Kaspersky Lab 2008-05-26 01:07 . 2008-05-26 01:07 d-------- C:\Program Files\DVDVideoSoft 2008-05-26 01:07 . 2008-05-26 01:07 d-------- C:\Program Files\Common Files\DVDVideoSoft 2008-05-26 00:41 . 2008-05-26 00:41 d-------- C:\Program Files\Red Kawa 2008-05-26 00:41 . 2008-05-26 00:41 d-------- C:\Program Files\AviSynth 2.5 2008-05-25 20:17 . 2008-05-25 20:17 249,856 --------- C:\Windows\Setup1.exe 2008-05-25 20:17 . 2008-05-25 20:17 73,216 --a------ C:\Windows\ST6UNST.EXE 2008-05-25 18:24 . 2008-05-25 18:25 d-------- C:\Program Files\Easy Duplicate Finder 2008-05-25 16:20 . 2008-05-25 18:06 d-------- C:\Program Files\Common Files\Acronis 2008-05-22 23:47 . 2007-04-23 13:12 343,216 --a------ C:\Windows\System32\KeyHelp.ocx 2008-05-18 23:53 . 2008-05-18 23:53 d-------- C:\Program Files\MozyHome 2008-05-18 23:53 . 2008-05-15 20:08 53,752 --a------ C:\Windows\System32\drivers\mozy.sys 2008-05-18 23:53 . 2008-05-26 22:01 6,466 --a------ C:\Windows\mozy.blk 2008-05-18 23:53 . 2008-05-26 22:01 68 --a------ C:\Windows\mozy.flt 2008-05-17 00:37 . 2008-05-17 00:37 d-------- C:\Program Files\Trials 2 Second Edition 2008-05-17 00:37 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll 2008-05-11 11:55 . 2007-02-16 11:55 302 --a------ C:\Windows\System32\gmsblist.dll 2008-05-11 11:54 . 2008-05-11 18:30 d-------- C:\gsak 2008-05-11 11:54 . 2000-01-24 06:01 111,104 --a------ C:\Windows\System32\midas.dll 2008-05-11 11:54 . 2005-11-22 22:20 7,348 --a------ C:\Windows\SDENSX.UDF 2008-05-08 18:43 . 2008-05-08 18:43 d-------- C:\logs3 2008-05-07 00:32 . 2008-05-07 00:32 d-------- C:\Program Files\GeoSetter 2008-05-02 18:05 . 2008-05-25 15:23 d-------- C:\Program Files\Flock 2008-04-14 23:33 . 2008-04-14 23:33 d-------- C:\Program Files\Memory-Map 2008-04-14 23:17 . 2008-05-30 17:57 12 --a------ C:\Windows\bthservsdp.dat 2008-04-14 23:15 . 2008-04-14 23:15 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2008-04-14 23:06 . 2008-04-14 23:06 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi_01_00_00.Wdf 2008-04-14 22:23 . 2008-04-14 22:49 1,663 --a------ C:\printersettings 2008-04-13 13:48 . 2008-04-13 13:48 d-------- C:\Program Files\iPod 2008-04-09 00:41 . 2008-04-09 00:46 6,213,632 --a------ C:\Windows\System32\microdem.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-29 20:46 --------- d-----w C:\Program Files\DigiGuide TV Guide 2008-05-29 19:55 --------- d-----w C:\Program Files\FlashGet 2008-05-29 19:54 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-05-26 18:35 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-25 17:07 395,744 ----a-w C:\Windows\system32\drivers\timntr.sys 2008-05-25 17:07 39,264 ----a-w C:\Windows\system32\drivers\tifsfilt.sys 2008-05-25 17:06 114,048 ----a-w C:\Windows\system32\drivers\snapman.sys 2008-05-25 14:28 --------- d-----w C:\Program Files\P.H.L.O.P 2008-05-25 14:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-25 14:27 --------- d-----w C:\Program Files\NFR 2008-05-25 14:27 --------- d-----w C:\Program Files\MPDemo 2008-05-25 14:23 --------- d-----w C:\Program Files\eMusic Download Manager 2008-05-25 14:19 --------- d-----w C:\Program Files\Steam 2008-05-25 14:17 --------- d-----w C:\Program Files\Azureus 2008-05-21 02:00 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-13 23:54 --------- d-----w C:\Program Files\Windows Mail 2008-05-12 21:05 --------- d-----w C:\Program Files\Flickr Uploadr 2008-05-08 17:43 --------- d-----w C:\Program Files\Kontiki 2008-05-02 17:05 --------- d-----w C:\Program Files\Opera 2008-04-21 17:45 --------- d-----w C:\Program Files\Apple Software Update 2008-04-19 22:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-13 12:48 --------- d-----w C:\Program Files\iTunes 2008-04-13 12:47 --------- d-----w C:\Program Files\QuickTime 2008-03-29 16:18 --------- d-----w C:\Program Files\Google 2008-03-29 13:19 --------- d-----w C:\Program Files\Pantone 2008-03-23 23:17 174 --sha-w C:\Program Files\desktop.ini 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2007-11-24 18:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007112420071125\index.dat 2007-12-03 18:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007112620071203\index.dat 2007-12-03 18:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120320071204\index.dat 2007-12-04 17:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120420071205\index.dat 2007-12-06 23:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120620071207\index.dat 2007-12-07 14:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120720071208\index.dat 2007-12-09 13:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007120920071210\index.dat 2007-12-24 12:46 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007121720071224\index.dat 2008-01-07 20:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007122420071231\index.dat 2008-01-14 20:33 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011420080115\index.dat 2008-01-15 18:15 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011520080116\index.dat 2008-01-16 18:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011620080117\index.dat 2008-01-17 18:14 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011720080118\index.dat 2008-01-18 18:29 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011820080119\index.dat 2008-01-19 12:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011920080120\index.dat 2008-01-20 22:42 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012020080121\index.dat 2008-01-28 21:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012820080129\index.dat 2008-01-29 17:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012920080130\index.dat 2008-01-30 17:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013020080131\index.dat 2008-01-31 17:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008013120080201\index.dat 2008-02-01 17:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020120080202\index.dat 2008-02-02 12:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020220080203\index.dat 2008-02-03 12:39 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020320080204\index.dat 2008-02-25 10:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008021820080225\index.dat 2008-02-25 18:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022520080226\index.dat 2008-02-26 10:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022620080227\index.dat 2008-02-27 17:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022720080228\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-27_23.54.58.51 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-29 19:15:13 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll + 2008-05-29 19:32:10 53,248 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll - 2008-04-29 19:15:14 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll + 2008-05-29 19:32:10 12,800 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll - 2008-04-29 19:15:14 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll + 2008-05-29 19:32:11 473,600 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll - 2008-04-29 19:15:08 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:04 2,676,224 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:10 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:05 2,846,720 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:11 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:06 563,712 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:11 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:06 567,296 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:12 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:07 576,000 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:12 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:07 577,024 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:12 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:07 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:12 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:08 577,536 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:13 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:08 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:14 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll + 2008-05-29 19:32:11 578,560 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll - 2008-04-29 19:15:15 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll + 2008-05-29 19:32:12 145,920 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll - 2008-04-29 19:15:15 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll + 2008-05-29 19:32:12 159,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll - 2008-04-29 19:15:15 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll + 2008-05-29 19:32:12 364,544 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll - 2008-04-29 19:15:15 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll + 2008-05-29 19:32:13 178,176 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll - 2008-04-29 19:15:13 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll + 2008-05-29 19:32:09 223,232 ----a-w C:\Windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll - 2008-05-27 22:32:48 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-30 16:59:12 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-02-27 14:59:28 290,816 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\auc_lib.dll + 2008-02-27 14:59:28 495,616 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\daas_s.dll + 2008-02-27 15:00:12 262,144 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\fscax.dll + 2008-02-27 14:59:16 588,392 ----a-w C:\Windows\Downloaded Program Files\CONFLICT.1\gatelauncher.exe - 2008-05-27 22:32:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-05-30 16:59:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-05-27 22:32:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-05-30 16:59:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-27 22:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-05-30 16:59:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-05-27 22:33:20 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-05-30 17:02:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-05-27 22:33:01 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-30 16:59:24 65,536 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-29 23:43:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008053020080531\index.dat - 2008-05-27 22:33:01 475,136 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-30 16:59:24 475,136 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-27 22:33:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-30 16:59:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-27 20:39:19 14,822 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\WTablet\tablet.dat + 2008-05-30 16:44:58 14,822 ----a-w C:\Windows\System32\config\systemprofile\AppData\Roaming\WTablet\tablet.dat - 2008-05-27 22:26:50 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-05-30 00:03:28 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-05-30 00:03:28 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-04-22 16:32:01 1,714,312 ----a-w C:\Windows\System32\FNTCACHE.DAT + 2008-05-29 23:43:07 1,722,848 ----a-w C:\Windows\System32\FNTCACHE.DAT - 2008-05-15 00:18:58 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2008-05-28 02:07:37 6,553,600 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT - 2008-05-27 22:36:05 24,860 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3018700875-756917214-4125846603-1000_UserData.bin + 2008-05-30 17:01:39 25,146 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3018700875-756917214-4125846603-1000_UserData.bin - 2008-05-27 22:36:05 109,082 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-30 17:01:38 110,278 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-27 20:04:35 100,760 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-30 16:46:51 101,188 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-05-13 20:02:49 121,855,565 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-05-27 22:46:37 122,292,487 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll + 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll + 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll + 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll + 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll + 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll + 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll + 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll + 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll + 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll + 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll + 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll + 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll + 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll + 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll + 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll + 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll + 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll + 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll + 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll + 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll + 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll + 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @={747E722C-CB46-4A9D-BDFE-192AAD5099B1} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @={EE6F5A00-7898-40F7-AB77-51FF9D6DEB20} [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4A9D-BDFE-192AAD5099B1}] 2008-05-15 20:09 2393392 --a------ C:\Program Files\MozyHome\mozyshell.dll [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}] 2008-05-15 20:09 2393392 --a------ C:\Program Files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952] "Realtime Monitor"="C:\Program Files\CA\eTrust Antivirus\realmon.exe" [ ] "COMMUNICATOR"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 10:33 5803368] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="C:\Windows\JM\JMInsIDE.exe" [2006-10-30 20:44 36864] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 13:00 174872] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384] "XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 15:45 279912] "VX6000"="C:\Windows\vVX6000.exe" [2007-04-10 15:46 996712] "MyScreenCam"="C:\Program Files\My Screen Cam\scrcam.exe" [ ] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-12-04 03:07 61440] "4oD"="C:\Program Files\Kontiki\KHost.exe" [2008-02-27 17:56 1032376] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 19:04 4423680 C:\Windows\RtHDVCpl.exe] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-18 20:55 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-18 20:55 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-18 20:55 81920] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ] "EntaTool"="C:\Users\Teacup\Desktop\Desktop\EntaToolv0-6d\EntaTool.exe" [2007-07-20 23:06 303104] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-16 21:12 1164912] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-16 21:17 1941784] "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-16 21:13 87584] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "SENTINEL"= snti386.dll "vidc.iv32"= C:\Windows\system32\ir32_32.dll "vidc.iv31"= C:\Windows\system32\ir32_32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 relog_ap [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=C:\Windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk backup=C:\Windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3018700875-756917214-4125846603-1000] "EnableNotificationsRef"=dword:00000006 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3018700875-756917214-4125846603-1003] "EnableNotificationsRef"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3018700875-756917214-4125846603-1006] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{18BDF8B2-297B-41ED-B785-4456C4C35F0E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{7F191103-DA52-4A8B-994F-CF3B20D80ED9}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{8ED78554-DAF7-4C6A-A489-5A660ED02118}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{9B02CA99-573B-4871-A8C8-A12BF8B1ED6A}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander "{63B0B5A3-97FD-4933-8888-5EC7A29994C3}"= UDP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{3C60C82B-AF6A-44CB-8975-8C9D5C1A0493}"= TCP:C:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe:Battlefield 2 "{CCB576D5-DBF5-40C6-92A2-537AA5093BCA}"= Disabled:UDP:3703:Adobe Version Cue CS3 Server "{69477381-72CD-46D4-BEC0-B513DA95BC75}"= Disabled:UDP:3704:Adobe Version Cue CS3 Server "{54DE8F49-6021-4A93-8616-E8A5FCB76F6E}"= Disabled:UDP:50900:Adobe Version Cue CS3 Server "{48EE45D7-D6A6-48AF-9E0F-46D4A48BD469}"= Disabled:UDP:50901:Adobe Version Cue CS3 Server "{7E6E8870-7F18-45CE-8224-3A87D5DD0839}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{4785F4DB-55D4-494A-A9D9-E925E5F9097E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FA010D46-165A-4454-BDB2-2D7900DBED48}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{BB9C8FB1-4E73-4567-A68A-D3112724C75E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FA7CBF35-A07A-47E0-A9D7-50C20535E862}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{461787F7-1521-4122-B621-1BC60DAA28C8}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "UDP Query User{07F74CBF-B916-460D-8BAD-D7416A5BD19D}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "TCP Query User{5FE214F2-AC23-4207-86B9-525F0494BEB6}C:\\program files\\world of warcraft\\repair.exe"= UDP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{3F95654F-1281-489A-B008-2C1322E4FFCC}C:\\program files\\world of warcraft\\repair.exe"= TCP:C:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "TCP Query User{9193A6E3-7CBB-42DC-873D-9ABE4D39CC24}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{9841163A-2F93-44BE-82DB-F4B99B5EF1A7}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "{5B7A00E7-2B54-451B-B366-5A378F41A311}"= UDP:23486:az "TCP Query User{8DEFD4B0-634E-4A79-8A5A-0005FFF2CA67}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule "UDP Query User{4ED61228-C7A0-4357-A2E6-B3E774AB461D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule "{1867AF51-F149-4540-B0F6-AF33971442D0}"= Disabled:UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "{7360D78F-4FAF-4346-8E47-334F006198F0}"= Disabled:TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server "TCP Query User{06E6C814-219F-4963-9F3C-AA6D4B7233B4}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{1C5CB88E-34AF-4FC8-B982-6499E1C5E4FD}C:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:C:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{B1A3F406-5339-47F7-A78F-FA812145B7A4}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\counter-strike source\hl2.exe:hl2 "UDP Query User{5BE0DE14-55D0-4897-AE8D-21AF7E7EFA03}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\counter-strike source\hl2.exe:hl2 "TCP Query User{B81AB4F5-686E-4BB5-B9E5-073F43D01F0F}C:\\ut2003\\system\\ut2003.exe"= UDP:C:\ut2003\system\ut2003.exe:UT2003 "UDP Query User{DE240339-6278-42D1-AF37-AF8F5C428B3A}C:\\ut2003\\system\\ut2003.exe"= TCP:C:\ut2003\system\ut2003.exe:UT2003 "{92046C7E-6146-4F4E-90B0-FFC7C1B7D9EA}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{93FD8633-9D90-4A50-9D4E-1A448F3197E6}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{6B560FD2-6288-4D9D-86BE-FF4964D42598}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{3B03B7E4-23F2-4B26-B38E-535441EBFA2F}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{BEA3D129-6890-4FA7-9E15-FD33D3393768}"= UDP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{45287821-1A28-445E-8E9C-2CE6B836B2A3}"= TCP:C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:Microsoft Office Live Meeting 2007 "{8BE4C0CB-59FA-4D70-9969-932C4A0D8BAD}"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Microsoft Office Communicator 2007 "{8EFBEB31-9C73-4F7C-87D8-6BD4E2702788}"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Microsoft Office Communicator 2007 "{1928BBA8-81FD-4279-BF3F-212C6D3617CE}"= UDP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator "{4E8311DB-5FD0-4DD2-9D09-E84A693C104F}"= TCP:C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator "TCP Query User{325BF7F9-9721-49BC-B66D-23B8E2D210BA}C:\\users\\teacup\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\teacup\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "UDP Query User{0DB2E8C9-5D60-4E6F-8626-DCE802447E5C}C:\\users\\teacup\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\teacup\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe "TCP Query User{75EC61A2-4ECF-476B-B316-EA0B4BB547F2}C:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= UDP:C:\program files\autodesk\maya2008\bin\maya.exe:Maya "UDP Query User{38E6771D-3F5C-4A86-A1D7-4BDC9F0E792C}C:\\program files\\autodesk\\maya2008\\bin\\maya.exe"= TCP:C:\program files\autodesk\maya2008\bin\maya.exe:Maya "TCP Query User{132E4993-E899-47F9-8EF3-DCD104D6D78F}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{8D708B08-C9B0-43D1-BCBF-8858DBA0D016}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "TCP Query User{1D761CD4-4DA7-416F-B17F-58DB06FB6454}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam "UDP Query User{531ADF73-460D-4668-A1C4-294D6EF1B1B3}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam "TCP Query User{3B7688ED-AB6B-42BF-9D32-EF345E512F52}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K "UDP Query User{0DC3396F-9179-44A8-ABF0-47D556B73ED5}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K "TCP Query User{3E51C875-37E3-4026-B4B3-272023FA5451}C:\\users\\teacup\\appdata\\local\\micro forte\\kwari\\kwari_launcher.exe.part.1"= UDP:C:\users\teacup\appdata\local\micro forte\kwari\kwari_launcher.exe.part.1:kwari_launcher.exe.part.1 "UDP Query User{C598DB01-F87B-46BC-86CD-B60C90228541}C:\\users\\teacup\\appdata\\local\\micro forte\\kwari\\kwari_launcher.exe.part.1"= TCP:C:\users\teacup\appdata\local\micro forte\kwari\kwari_launcher.exe.part.1:kwari_launcher.exe.part.1 "TCP Query User{6266E821-F617-4C95-886C-B78495226262}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{81C97655-3250-4F94-914F-B56A2601080E}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{8C3442FA-6D2A-4408-B15D-82E03938181B}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{06D9E3D7-F7A3-456E-A69A-1BD3D241427C}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "TCP Query User{6F0D7DB8-352D-49A9-BF15-079D552C11EF}C:\\aeriagames\\12sky\\twelvesky.exe"= UDP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky "UDP Query User{0D4E321B-AD2F-4B75-A8D5-559D25CDDA29}C:\\aeriagames\\12sky\\twelvesky.exe"= TCP:C:\aeriagames\12sky\twelvesky.exe:TwelveSky "TCP Query User{34943C87-20FF-40B7-AAA2-FB25C81F5B73}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\team fortress 2\hl2.exe:hl2 "UDP Query User{4F415124-4E46-4832-947C-7595970C364D}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\team fortress 2\hl2.exe:hl2 "TCP Query User{E7400F46-DA85-431F-9A76-E296F770D10E}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\day of defeat source\hl2.exe:hl2 "UDP Query User{F4859058-E9DC-4CE7-8CE0-ACD64B6D42A7}C:\\program files\\steam\\steamapps\\teacup42729@yahoo.co.uk\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\teacup42729@yahoo.co.uk\day of defeat source\hl2.exe:hl2 "{021A1887-AE38-4F27-8002-4EDAA85D32F4}"= UDP:L:\games\SettlersVI\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{F107FA13-EF2E-4B03-9A9A-A3FA40ABD27F}"= TCP:L:\games\SettlersVI\base\bin\Settlers6.exe:THE SETTLERS - Rise of an Empire "{97BF3F98-879C-4ED0-B6E2-3DA19181E87A}"= UDP:Q:\Crysis\Bin32\Crysis.exe:Crysis_32 "{DBCED2A4-1A49-470C-B63F-00C2754ACB33}"= TCP:Q:\Crysis\Bin32\Crysis.exe:Crysis_32 "{1EC83135-3718-474D-8A58-4D2DC96B1062}"= UDP:Q:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{A4622FAC-8136-41A5-B57A-24F7D58C77E4}"= TCP:Q:\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{F91A78E6-505F-44F9-9645-E6C186C2A7DA}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B304E257-54AA-47D6-92EE-85F78C87BFAC}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FA7D5919-060F-480E-AD40-75057B806D6E}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{8B8FB35A-DD4F-427C-9AA9-C12AC3D0514D}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{BDDAD19D-5E05-4FC4-B372-4B7522035589}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{559CE9BE-22D9-4AE2-969A-F6FDBE64AC71}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{752CD407-5B6B-4863-A1B5-27F19710C13A}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{9E8E19E6-4F55-4616-9C0E-A11C2B6E17AD}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{D9668FE8-8086-4BBB-B985-C9F57F1BC9A2}"= UDP:Q:\ut3\Binaries\UT3.exe:Unreal Tournament 3 "{588267D2-93E7-4C78-895D-71F8F5F36ABC}"= TCP:Q:\ut3\Binaries\UT3.exe:Unreal Tournament 3 "TCP Query User{50C85E55-2007-46B3-A4C5-3EDE00B3D6C7}C:\\program files\\microsoft lifecam\\lifeexp.exe"= UDP:C:\program files\microsoft lifecam\lifeexp.exe:LifeExp.exe "UDP Query User{872F0BEB-A94B-46FE-A8EE-5109C2A7075E}C:\\program files\\microsoft lifecam\\lifeexp.exe"= TCP:C:\program files\microsoft lifecam\lifeexp.exe:LifeExp.exe "{D8327333-C35E-416E-93A6-B721770351DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{4DF67023-04D2-45F8-AED9-09EACD2D9608}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{49124406-D4CB-4BD4-A4C1-8358B0080874}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{D29180BD-1320-43B0-8D17-21841F8EF4D4}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{DB0E8B5B-798E-48FF-8F40-0F271FFF0117}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{4F115BED-BB21-46DA-92EF-11EEE06030DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E064BF92-C93B-4366-89EC-523B3C363AB0}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{EEC3B38E-7133-43AC-925B-6F2334DFFCB2}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{AA69FF85-8860-46E3-AD09-5B0D1CD32BD2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B4786107-6B46-4F54-9503-ABE76A0CF4FF}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{B9876473-803E-4CE4-9605-63D4EA7512F4}Q:\\tmunitedforever\\tmforever.exe"= UDP:Q:\tmunitedforever\tmforever.exe:TmForever "UDP Query User{FDCA6782-2962-478A-9829-A2A1B5802B30}Q:\\tmunitedforever\\tmforever.exe"= TCP:Q:\tmunitedforever\tmforever.exe:TmForever "TCP Query User{00EE6AEF-21C2-4998-AC96-36338F0B8B37}Q:\\trackmania united\\tmunited.exe"= UDP:Q:\trackmania united\tmunited.exe:TmUnited "UDP Query User{45AC8227-399B-4C8C-A1F6-4CF47EBB3A2D}Q:\\trackmania united\\tmunited.exe"= TCP:Q:\trackmania united\tmunited.exe:TmUnited R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-12-06 16:11] R1 mozyFilter;mozyFilter;C:\Windows\system32\DRIVERS\mozy.sys [2008-05-15 20:08] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 15:45] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33] R2 SRUserService;IT Connection Manager;"C:\Program Files\IT Connection Manager\SRUserService.exe" [2007-04-06 14:44] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-19 08:33] R3 HabuFltr;Habu Mouse;C:\Windows\system32\drivers\habu.sys [2006-10-23 12:09] R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2006-11-15 11:55] R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30] S3 Alpham1;Ideazon Fang USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham1.sys [2007-03-20 10:49] S3 Alpham2;Ideazon Fang MM USB Human Interface Device;C:\Windows\system32\DRIVERS\Alpham2.sys [2007-03-20 10:49] S3 Boonty Games;Boonty Games;"C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [] S3 GEMPC430;GEMPC430;C:\Windows\system32\Drivers\gemusb.sys [2001-12-04 10:03] S3 Kwari.xLoader;Kwari.xLoader;C:\Users\Teacup\AppData\Local\Micro Forte\Kwari\Kwari.xLoader.32 [] S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-24 18:24] S3 uisp;Freescale USB JW32 driver;C:\Windows\system32\Drivers\usbicp.sys [2005-12-21 11:23] S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 06:53] S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2007-04-10 15:46] S3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2006-02-14 13:18] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{974d5f1f-0b87-11dc-aaeb-001a4d40a1fa}] \shell\AutoRun\command - L:\CaptureNXSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d12eb66d-08ac-11dc-8713-806e6f6e6963}] \shell\AutoRun\command - D:\setup.exe /autorun [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0a16974-5b07-11dc-b854-001a4d40a1fa}] \shell\AutoRun\command - H:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-30 18:00:11 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\MozyHome\mozyshell.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Windows\System32\wisptis.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\System32\wisptis.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Alias\Maya7.0\docs\wrapper.exe C:\Program Files\MozyHome\mozybackup.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\System32\Tablet.exe C:\Windows\System32\WTablet\TabUserW.exe C:\Program Files\MozyHome\mozybackup.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\Tablet.exe C:\Windows\System32\rundll32.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Pantone\huey\hueyTray.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\DigiGuide TV Guide\DigiGuide.exe C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-05-30 18:19:07 - machine was rebooted [Teacup] ComboFix-quarantined-files.txt 2008-05-30 17:19:02 ComboFix2.txt 2008-05-27 22:55:47 Pre-Run: 57,787,527,168 bytes free Post-Run: 57,827,815,424 bytes free 488 --- E O F --- 2008-05-28 02:01:41