ComboFix 08-06-01.6 - Carlos 2008-06-03 11:25:20.8 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2123 [GMT 1:00] Running from: C:\Users\Carlos\Downloads\ComboFix.exe Command switches used :: C:\Users\Carlos\Desktop\CFScript.txt FILE :: C:\Users\Carlos\Downloads\Age2XPatch.exe C:\Users\Carlos\Downloads\Halo - KeyGen by DerMunch.zip C:\Users\Carlos\Downloads\ra2keys C:\Users\Carlos\Downloads\Tom_Clancy_Rainbow_Six_Vegas_2_Keygen_Serial_Only.torrent C:\Users\Carlos\Downloads\TuneUp.Utilities.2008.v7.0.7991-TE\Crack . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Carlos\Downloads\Age2XPatch.exe C:\Users\Carlos\Downloads\Age2XPatch.exe\ C:\Users\Carlos\Downloads\Halo - KeyGen by DerMunch.zip C:\Users\Carlos\Downloads\Halo - KeyGen by DerMunch.zip\ C:\Users\Carlos\Downloads\ra2keys C:\Users\Carlos\Downloads\ra2keys\key1\ra2.reg C:\Users\Carlos\Downloads\ra2keys\key1\Woldata.key C:\Users\Carlos\Downloads\ra2keys\key2\ra2.reg C:\Users\Carlos\Downloads\ra2keys\key2\Woldata.key C:\Users\Carlos\Downloads\Tom_Clancy_Rainbow_Six_Vegas_2_Keygen_Serial_Only.torrent C:\Users\Carlos\Downloads\Tom_Clancy_Rainbow_Six_Vegas_2_Keygen_Serial_Only.torrent\ C:\Users\Carlos\Downloads\TuneUp.Utilities.2008.v7.0.7991-TE\Crack C:\Users\Carlos\Downloads\TuneUp.Utilities.2008.v7.0.7991-TE\Crack\AppInitialization.bpl C:\Users\Carlos\Downloads\TuneUp.Utilities.2008.v7.0.7991-TE\Crack\CommonForms.bpl C:\Users\Carlos\Downloads\TuneUp.Utilities.2008.v7.0.7991-TE\Crack\Registration.reg . ((((((((((((((((((((((((( Files Created from 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))) . 2008-06-01 23:25 . 2008-06-01 23:25 d-------- C:\Windows\System32\Kaspersky Lab 2008-06-01 20:07 . 2008-06-01 20:07 d-------- C:\Program Files\Atari 2008-05-29 12:31 . 2006-11-08 13:44 525,624 --a------ C:\Users\Public\WindowsXP-KB922120-v5-x86-ENU.exe 2008-05-28 10:33 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 10:33 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-20 17:25 . 2008-05-20 17:25 d-------- C:\Users\All Users\Ubisoft 2008-05-20 17:25 . 2008-05-20 17:25 d-------- C:\ProgramData\Ubisoft 2008-05-11 21:50 . 2004-08-03 22:03 88,448 --a------ C:\Windows\nwlnkipx.sys 2008-05-11 21:50 . 2001-08-23 13:00 63,232 --a------ C:\Windows\nwlnknb.sys 2008-05-11 21:50 . 2001-08-23 13:00 55,936 --a------ C:\Windows\nwlnkspx.sys 2008-05-11 21:50 . 2001-08-23 13:00 32,512 --a------ C:\Windows\nwlnkfwd.sys 2008-05-11 21:50 . 2001-08-23 13:00 12,416 --a------ C:\Windows\nwlnkflt.sys 2008-05-10 19:32 . 2008-05-11 17:40 d-------- C:\Westwood 2008-05-09 15:26 . 2008-05-09 15:26 d-------- C:\Program Files\Real 2008-05-09 15:26 . 2008-05-09 15:26 d-------- C:\Program Files\Common Files\xing shared 2008-05-09 15:26 . 2008-05-09 15:26 d-------- C:\Program Files\Common Files\Real 2008-05-05 11:22 . 2008-05-05 11:22 d-------- C:\Program Files\EVGA Precision . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-02 19:24 --------- d-----w C:\Program Files\Steam 2008-06-02 17:59 --------- d-----w C:\Program Files\Morpheus 2008-06-01 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-31 17:54 --------- d-----w C:\Program Files\Common Files\Steam 2008-05-28 14:27 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-05-28 14:27 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-05-26 21:00 --------- d-----w C:\Program Files\Sega 2008-05-26 17:57 --------- d-----w C:\Program Files\Microsoft Games 2008-05-26 14:35 --------- d-----w C:\Program Files\Uplink 2008-05-26 14:33 --------- d-----w C:\Program Files\EA SPORTS 2008-05-26 14:25 --------- d-----w C:\Program Files\Sierra Entertainment 2008-05-26 14:23 --------- d-----w C:\Program Files\KONAMI 2008-05-26 14:22 --------- d-----w C:\Program Files\Ubisoft 2008-05-23 14:15 --------- d-----w C:\Program Files\LucasArts 2008-05-21 09:27 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-20 16:25 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe 2008-05-15 08:29 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-15 08:29 --------- d-----w C:\Program Files\Windows Mail 2008-05-14 13:06 --------- d-----w C:\Program Files\DivX 2008-05-05 20:06 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe 2008-05-05 20:06 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-05-01 21:10 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-26 21:21 --------- d-----w C:\Program Files\DOSBox-0.72 2008-04-26 21:04 --------- d-----w C:\Program Files\ImgBurn 2008-04-26 20:57 --------- d-----w C:\Program Files\IPX-SPX Protocol 2008-04-26 18:04 --------- d-----w C:\Program Files\GameSpy Arcade 2008-04-23 15:28 --------- d-----w C:\Program Files\QuickTime 2008-04-23 15:28 --------- d-----w C:\Program Files\iTunes 2008-04-23 15:28 --------- d-----w C:\Program Files\iPod 2008-04-18 21:52 --------- d-----w C:\Program Files\7-Zip 2008-04-18 18:35 --------- d-----w C:\Program Files\MSXML 4.0 2008-04-17 22:44 --------- d-----w C:\ProgramData\Microsoft Games 2008-04-12 10:13 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-04-10 17:32 --------- d-----w C:\Program Files\Yamicsoft 2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-03-19 12:56 174 --sha-w C:\Program Files\desktop.ini 2008-03-19 12:42 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-03-19 12:42 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-03-19 12:14 47,560 ----a-w C:\Windows\System32\SPReview.exe 2008-03-19 12:14 152,576 ----a-w C:\Windows\System32\SPWizUI.dll 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-03-05 15:49 86,016 ----a-w C:\Windows\System32\OpenAL32.dll 2008-03-05 15:49 262,144 ----a-w C:\Windows\System32\wrap_oal.dll 2008-01-06 00:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-06 00:47 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-06 00:47 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-06-02_ 1.17.52.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-01 17:22:25 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-03 10:19:21 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-06-01 17:22:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-03 10:19:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-01 17:22:26 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-06-03 10:19:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-01 17:24:44 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-06-03 10:21:46 1,310,720 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - 2008-06-01 17:24:49 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-06-03 10:21:41 1,310,720 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - 2008-06-01 22:19:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-03 10:22:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-01 22:19:44 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-03 10:22:56 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-06-01 22:19:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-03 10:22:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-06-01 10:45:35 10,698 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2384733316-1052832952-1687537222-1000_UserData.bin + 2008-06-03 10:22:06 10,698 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2384733316-1052832952-1687537222-1000_UserData.bin - 2008-06-01 10:45:35 79,868 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-03 10:22:06 80,240 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-17 13:10 171448] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 05:40 218032] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-19 21:13 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 18:05 734264] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 10:48 579584] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2008-01-17 12:43 63712] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-02-13 18:34 170528] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-02-13 18:34 13507104] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-02-13 18:34 92704] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-05-09 15:26 185896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-17 12:56 219136] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-17 13:10 171448] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2008-01-17 12:56 9216 C:\Windows\System32\avgwlntf.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C72F60AC-EB0A-4E9E-B7A2-A74493BFB93F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{569CB1A1-FBCD-474F-8666-3A398801DF23}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{9305BCDC-90B3-4AF7-9D3F-5FB4B932EAC8}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict "{70661BE0-A78F-4518-8AEB-06A9AD0F4274}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict "{C7DB1A6A-5F70-484D-8990-3990EE584720}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only "{F2525A21-2299-4280-8877-68F12DEA3779}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only "{B6F2C2FF-0058-41FE-9C41-013328423B98}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server "{2C58C5E2-C7CB-46C2-BC85-B13B7F10384E}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server "TCP Query User{1271E388-7EA3-4916-9520-AC2084FDA9DA}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus "UDP Query User{F09BC7E2-4B34-48A7-9486-8015B375DCC8}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus "TCP Query User{EC950C13-6FEF-4D53-8962-1768248468E7}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe "UDP Query User{77C85A1A-DA86-4354-8AE2-FB5748B14AC7}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exe:pes6.exe "{3AF321EC-50AF-491E-9B62-DAD476F2AF71}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{0A9F4D30-8F2F-4089-81F0-369403C72ACD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{E4A051D7-37F2-451B-8442-F794BAEB0D84}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{03E2D523-A261-4ED3-969E-6E007B93BE42}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{2EADC144-106B-4C4F-9C51-256FCA684359}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{80571E39-B7F8-467C-A911-4827BE8C0FD5}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{A8E8FA15-2F06-4F9C-9057-83DFFD9838E5}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{C75DB72F-A291-4049-89E9-E0B505CFAA64}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam "UDP Query User{DD4FA32B-148E-4A5B-BF94-2D6FEDD878AA}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam "TCP Query User{3F668D4B-D565-41F8-91DE-3052E5E2B612}C:\\program files\\steam\\steamapps\\artic666devil\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\artic666devil\team fortress 2\hl2.exe:hl2 "UDP Query User{5738288A-C4CF-45DB-B742-A20DC48F7906}C:\\program files\\steam\\steamapps\\artic666devil\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\artic666devil\team fortress 2\hl2.exe:hl2 "TCP Query User{584C0A75-E2F2-4294-B9FA-AD9C10550BF3}C:\\program files\\thq\\dawn of war\\w40k.exe"= UDP:C:\program files\thq\dawn of war\w40k.exe:W40K "UDP Query User{E5F3CD9A-4AC9-4A97-AECC-D2BB4229D8DA}C:\\program files\\thq\\dawn of war\\w40k.exe"= TCP:C:\program files\thq\dawn of war\w40k.exe:W40K "{8AB650CF-21FB-497D-9E25-C43F190FDD9B}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{49FD9142-6F8B-4E36-8899-962F40347928}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{C9F025B6-AAD8-49B0-85D1-BA320E3641DB}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{EE649523-60A3-4E46-997A-29E1E19BEAA5}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{4DDC7555-6B42-4F9A-BAC6-3617AF2EB3E0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{78AAE553-6F90-47D5-B0F1-A7B548329BD4}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{F85E4799-1132-4C5C-9257-DDAC5DDE0DF0}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B4E6D669-A148-450A-BDF4-77869706E10E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{86FCDBF9-0541-4874-901E-43FD6C5A05B7}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{932163BE-26E1-40F7-944C-45723C066467}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{41C9EC60-E3D0-4F31-896E-E47B97839E24}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= UDP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "UDP Query User{A9180082-5ED4-46C2-A678-62701BB2D679}C:\\program files\\activision value\\soldier of fortune payback\\sof3.exe"= TCP:C:\program files\activision value\soldier of fortune payback\sof3.exe:sof3 "{9BE07A1D-17B9-4438-B524-F687472219BB}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{C6F22C76-B079-420D-B7E3-211A67ABCB5C}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{9E3B3A09-425C-4D93-8FC9-2D4B06A0143B}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{290BBCE9-FF30-4994-98F5-3D8107BAB15F}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "TCP Query User{4D2EFEEE-AA0C-4226-824B-3DB1546B9C26}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade "UDP Query User{990DD344-7A62-4262-B104-DC1824C12F5D}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade "TCP Query User{6ACF7283-7205-41B3-85AB-6A7CC201C8A2}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{62598F99-3904-430A-882D-DD8E178FA834}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{FFFD47B0-5A06-4980-9FA3-613C6403DAEB}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{15245573-D530-4D6C-A2E1-4FA1734088C6}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "TCP Query User{3F921223-99F0-43A7-ACF9-EE2A552D5C0A}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= UDP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008 "UDP Query User{67085499-75B2-4C80-8B1F-592B20265B52}C:\\program files\\konami\\pro evolution soccer 2008\\pes2008.exe"= TCP:C:\program files\konami\pro evolution soccer 2008\pes2008.exe:Pro Evolution Soccer 2008 "TCP Query User{7095FAA1-AE37-4C50-8141-885A6B651631}C:\\program files\\steam\\steamapps\\artic666devil\\team fortress 2\\hl2.exe"= UDP:C:\program files\steam\steamapps\artic666devil\team fortress 2\hl2.exe:hl2 "UDP Query User{6A77451B-F080-483C-9718-274F26FCA251}C:\\program files\\steam\\steamapps\\artic666devil\\team fortress 2\\hl2.exe"= TCP:C:\program files\steam\steamapps\artic666devil\team fortress 2\hl2.exe:hl2 "TCP Query User{5C0EE67B-1278-4F5D-8BCD-B32B0ADF60B3}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FCCD517D-742A-4135-98C4-968E7768AD9D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{EBA0B598-A364-41A8-8D07-CCADA183E541}C:\\program files\\morpheus\\morpheus.exe"= UDP:C:\program files\morpheus\morpheus.exe:Morpheus "UDP Query User{56B5917D-C918-4D07-84C2-054A718660C6}C:\\program files\\morpheus\\morpheus.exe"= TCP:C:\program files\morpheus\morpheus.exe:Morpheus "TCP Query User{928DF438-9A06-4015-BF08-9941B2B6475A}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "UDP Query User{AACFB53D-D97C-42DE-A6EE-4080C1E5CC57}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "TCP Query User{15C107B8-F1D1-45F8-A697-945E573965F3}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= UDP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "UDP Query User{9E7A96EA-12D7-43C9-A329-C208893583B6}C:\\program files\\namco bandai games\\warhammer mark of chaos\\warhammer.exe"= TCP:C:\program files\namco bandai games\warhammer mark of chaos\warhammer.exe:Warhammer®: Mark of Chaos™ "{0750682D-D29C-47CA-9AFB-5077CC947AA3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{1B16BB7F-5271-47F8-B259-B65505286215}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{7C749142-2A50-4E35-A7D9-E26EED4AD9C8}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{48ED0821-DB49-48B7-B925-9FD14659CF29}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{A6318397-F218-4A0B-A7F0-D91FC65495FA}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{DC246361-F6A4-43ED-B7C6-3BCF97CDC97A}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application "{442331D0-8E5E-402A-A9AF-DE4CA935F6B6}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{F479D72B-DFA4-489C-ACD8-4DE7686CE120}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{DF0E65A4-1CE9-49BF-A39C-7C8E66EF93BA}"= UDP:C:\Program Files\McAfee\MWL\MwlSvc.exe:McAfee Wireless Network Security "{3E1A678D-9262-44FE-8C41-2B424982BA9C}"= TCP:C:\Program Files\McAfee\MWL\MwlSvc.exe:McAfee Wireless Network Security "{0161053D-515E-4C0B-8D27-CED1D186D435}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{F8BA689E-18C8-4DDB-BC39-3B4AECC9BF08}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{284DFE1D-2753-4A72-89B4-54A3A1AD3545}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{00268AFC-7425-4235-AB73-81D8523F8947}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{23278241-1CA2-46D6-B5E5-6574110C1F3B}"= UDP:C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game "{8FA6CADB-1B13-4BCB-BE26-3D26F79B9A6E}"= TCP:C:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:Frontlines Game "{8D6A602A-0F41-4645-80C9-D1F9F2FB0A3D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{B8DFE811-7D3F-4555-B0F8-C5B154CB0D23}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= UDP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm "UDP Query User{F0D65ED4-D687-4DDB-A429-0B4FAC1ED503}C:\\program files\\thq\\dawn of war - soulstorm\\soulstorm.exe"= TCP:C:\program files\thq\dawn of war - soulstorm\soulstorm.exe:Soulstorm "TCP Query User{214D93E7-6162-4B1A-86BD-2817884D83FC}C:\\program files\\steam\\steamapps\\artic666devil\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\artic666devil\counter-strike source\hl2.exe:hl2 "UDP Query User{3BE60B0A-E6C6-4CD3-8C91-B4D9F77E3CDE}C:\\program files\\steam\\steamapps\\artic666devil\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\artic666devil\counter-strike source\hl2.exe:hl2 "TCP Query User{395CE574-B948-4F87-8707-65B6489A538D}C:\\program files\\steam\\steamapps\\artic666devil\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\artic666devil\counter-strike source\hl2.exe:hl2 "UDP Query User{46786539-9BFF-404B-95FA-CDADFC049B4F}C:\\program files\\steam\\steamapps\\artic666devil\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\artic666devil\counter-strike source\hl2.exe:hl2 "TCP Query User{ECC20284-9994-4FE9-BA3F-843047F3C307}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{13C24F23-4996-4E9C-AAA9-80422A1E95BF}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{A2895B32-3FA8-4499-94BC-BAC1564BB267}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{63BE9D13-D22A-47E3-8F30-9F6A1CB9B91D}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "TCP Query User{B383F84F-BC2E-42F1-8A49-D3257A68CCE1}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{099D9840-4D20-4159-8768-838B01B8F438}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "TCP Query User{6E9BB26A-ABA9-4C70-964B-BCAF2C7EE8D6}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "UDP Query User{B658465F-8873-4110-BCFB-CC89E1FE43BB}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "TCP Query User{AB034572-BCDC-45CB-9D35-EBC7D493E481}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "UDP Query User{7BAC1276-1639-460B-A04B-21BF74C2D1EE}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader "{15135B5D-1B01-46B7-8333-703EDFA06472}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{076C8591-E037-458A-9547-EAA3CCC5FF42}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "TCP Query User{3C579C19-0D71-448B-9F2A-CF2542B27A0A}C:\\program files\\microsoft games\\halo\\halo.exe"= UDP:C:\program files\microsoft games\halo\halo.exe:Halo "UDP Query User{A3A09D67-8865-4A18-8F5A-6C970D25140F}C:\\program files\\microsoft games\\halo\\halo.exe"= TCP:C:\program files\microsoft games\halo\halo.exe:Halo "{565DE84F-26B6-4417-8B5F-911CF37A22CB}"= UDP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{DF8F4534-BC6E-4240-BFD8-63F2E358C2B6}"= TCP:C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:Pro Evolution Soccer 2008 "{DC0BB67A-2665-45D2-AE6E-B75C6B236E09}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{D0E6DFA5-33EB-4064-A909-9C5244927AE9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{C66504CB-56A4-491B-8399-107DD9C27F2C}C:\\program files\\sega\\iron man\\ironman.exe"= UDP:C:\program files\sega\iron man\ironman.exe:A2M Game Engine "UDP Query User{8344115E-BE6D-42CB-B2AD-721538ABD356}C:\\program files\\sega\\iron man\\ironman.exe"= TCP:C:\program files\sega\iron man\ironman.exe:A2M Game Engine "TCP Query User{AD65C4A7-6FD2-4027-BC31-62412F76DEAB}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer "UDP Query User{2D7C2179-2F2D-4184-BC00-565216CF70F4}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer "TCP Query User{F9688401-F968-4197-9113-B8C63F13AAE7}C:\\westwood\\ra2\\game.exe"= UDP:C:\westwood\ra2\game.exe:Main executable for Red Alert 2 "UDP Query User{74995070-7EFD-4354-917D-01B0372E5301}C:\\westwood\\ra2\\game.exe"= TCP:C:\westwood\ra2\game.exe:Main executable for Red Alert 2 "TCP Query User{56B7818C-D9CA-4EE9-9FED-4B35060DD66A}C:\\program files\\orbitdownloader\\orbitdm.exe"= UDP:C:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader "UDP Query User{9ACFCC5F-531D-48C8-9983-8EEC8EBAED75}C:\\program files\\orbitdownloader\\orbitdm.exe"= TCP:C:\program files\orbitdownloader\orbitdm.exe:Orbit Downloader "{FE6E5FE9-3FC8-4027-886B-49B1BE9F554B}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{F95C8E52-291D-4E5A-92F1-0E163E8EBEDF}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{9DF769D6-170E-4966-A757-6C7E137A5468}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{D5C92D4A-9A67-4D6C-BD79-CDD0FAE5ABBC}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "TCP Query User{44C95779-8680-4082-BFDF-873CAD17A169}C:\\program files\\microsoft games\\age of empires ii\\age2_x1.exe"= UDP:C:\program files\microsoft games\age of empires ii\age2_x1.exe:Age of Empires II Expansion "UDP Query User{C435409D-6627-43F6-90AA-D44494539AFD}C:\\program files\\microsoft games\\age of empires ii\\age2_x1.exe"= TCP:C:\program files\microsoft games\age of empires ii\age2_x1.exe:Age of Empires II Expansion "TCP Query User{DEDA15AE-5655-4DED-A854-2DC34E082313}C:\\windows\\system32\\dplaysvr.exe"= UDP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "UDP Query User{94557A45-532E-4AF9-8E59-F32791B6A99F}C:\\windows\\system32\\dplaysvr.exe"= TCP:C:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper "{96C7E22A-A217-4A56-B3A5-BAB5D4EF29F7}"= UDP:C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:Age of Empires II "{F94BA9E6-EE14-4FD6-B9D3-1F86D7FD7B25}"= TCP:C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:Age of Empires II "{526FE062-9F27-4640-B40E-0930BE02DE65}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{1A3488E1-616C-48D8-8827-E6A732E0A2E1}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{4FB880F4-2C31-43A5-A6F7-0AE7D9B2945B}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{884961CD-BA4C-4A6F-8709-D81A213290AE}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{220B157A-2FCD-4F7A-B1F6-D41C30024BCE}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{5A0AF970-22FF-4C21-A13D-B3B3F2A0FD73}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{7A5017BF-3046-4F28-B8EE-33712EC21394}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{859BB015-C7F7-4945-9B53-9997D60A9731}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\Orbitdownloader\\orbitdm.exe"= C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit "C:\\Program Files\\Orbitdownloader\\orbitnet.exe"= C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46] R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 00:33] R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28u.sys [2007-08-15 23:49] S3 rt61x86;Sitecom RT61 Wireless Network Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr61.sys [2007-09-28 14:37] S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-30 18:04] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-05-05 21:06] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder "2008-05-30 16:55:26 C:\Windows\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClick.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-03 11:27:19 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... folder error: C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\ scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-03 11:28:12 ComboFix-quarantined-files.txt 2008-06-03 10:27:57 ComboFix2.txt 2008-06-02 18:01:50 ComboFix3.txt 2008-06-02 10:58:42 ComboFix4.txt 2008-06-02 00:18:21 Pre-Run: 105,799,864,320 bytes free Post-Run: 105,766,006,784 bytes free 341 --- E O F --- 2008-05-30 08:18:26