ComboFix 08-03-14.4 - inge 2008-03-17 19:39:56.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.981 [GMT 1:00] Running from: C:\Users\inge\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-17 18:23 --------- d-----w C:\Users\inge\AppData\Roaming\Ventrilo 2008-03-17 17:45 --------- d-----w C:\Users\inge\AppData\Roaming\uTorrent 2008-03-17 16:55 --------- d-----w C:\Program Files\VentriloMIX 2008-03-16 23:00 --------- d-----w C:\Program Files\Trend Micro 2008-03-16 18:11 --------- d-----w C:\Program Files\MyFree Codec 2008-03-16 17:07 --------- d-----w C:\Program Files\MediaCoder 2008-03-15 16:17 --------- d-----w C:\Program Files\Handbrake 2008-03-15 14:05 --------- d-----w C:\Users\inge\AppData\Roaming\dvdcss 2008-03-14 21:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-14 20:55 --------- d-----w C:\Program Files\Lame MP3 Codec 2008-03-14 20:54 65,024 ----a-w C:\Windows\IFinst26.exe 2008-03-14 20:54 --------- d-----w C:\Program Files\XviD 2008-03-14 20:53 --------- d-----w C:\Users\inge\AppData\Roaming\DataCast 2008-03-14 20:53 --------- d-----w C:\Program Files\MarkAny 2008-03-14 20:52 --------- d-----w C:\Program Files\Samsung 2008-03-13 17:44 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-12 22:02 --------- d-----w C:\Program Files\Windows Mail 2008-03-05 00:07 --------- d-----w C:\Program Files\Windows Live 2008-03-03 23:21 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-03-03 23:14 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-03-03 23:11 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-03-03 23:02 --------- d-----w C:\ProgramData\WLInstaller 2008-02-28 22:56 --------- d-----w C:\Users\inge\AppData\Roaming\FrostWire 2008-02-26 22:07 --------- d-----w C:\Users\inge\AppData\Roaming\Hamachi 2008-02-14 00:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-14 00:33 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-14 00:28 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2008-02-14 00:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-14 00:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-14 00:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2008-02-14 00:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-14 00:28 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys 2008-02-14 00:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys 2008-02-14 00:27 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-14 00:27 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-14 00:27 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-14 00:27 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-14 00:27 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-14 00:27 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-14 00:27 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-14 00:27 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-14 00:27 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-14 00:27 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-14 00:27 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-02-14 00:24 824,832 ----a-w C:\Windows\System32\wininet.dll 2008-02-14 00:24 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-14 00:24 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-14 00:24 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-12 23:13 --------- d-----w C:\Program Files\iTunes 2008-02-12 23:12 --------- d-----w C:\ProgramData\Apple Computer 2008-02-12 23:12 --------- d-----w C:\Program Files\iPod 2008-02-12 23:09 --------- d-----w C:\Program Files\QuickTime 2008-02-08 17:07 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-02-05 09:50 --------- d-----w C:\Users\inge\AppData\Roaming\mIRC 2008-02-03 22:55 --------- d-----w C:\Program Files\GRETECH 2008-02-01 22:32 --------- d-----w C:\Users\inge\AppData\Roaming\Command & Conquer 3 Tiberium Wars 2008-02-01 18:24 --------- d-----w C:\Program Files\Electronic Arts 2008-02-01 18:05 --------- d-----w C:\Program Files\EA GAMES 2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR 2008-02-01 07:40 40,960 ----a-w C:\Windows\System32\MAMACExtract.dll 2008-02-01 07:40 110,592 ----a-w C:\Windows\System32\TG_DUMP0708.DLL 2008-01-16 12:41 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2008-01-09 20:29 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2007-12-26 00:31 12,299 ----a-w C:\Users\inge\cc_20071226_0130.reg 2007-12-22 21:39 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2007-12-22 21:04 22,328 ----a-w C:\Users\inge\AppData\Roaming\PnkBstrK.sys 2007-08-30 13:30 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:29 1232896] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-30 14:06 1006264] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 04:36 827392] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-05-16 00:38 8429568] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-05-16 00:38 81920] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224] "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208] "RegistryMechanic"="" [] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 08:23 132624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-10-23 15:47:55 106496] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 16:51 192512] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] backup=C:\Windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk] backup=C:\Windows\pss\Last.fm Helper.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] backup=C:\Windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^inge^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Last.fm Helper.lnk] path=C:\Users\inge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk backup=C:\Windows\pss\Last.fm Helper.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-04-04 13:41 970752 C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-08-16 12:24 167368 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-02-04 14:18 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanTalk.NET] --a------ 2007-12-12 06:22 324776 C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-08-08 08:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-10-08 01:18 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2007-02-13 10:38 159744 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] --a------ 2007-04-23 17:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2007-10-10 06:28 36352 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8E91A1DF-932D-4E39-8789-A3C767595E68}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{D92D1A50-E7D9-4D85-AEAE-748E5D6553A8}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{712AB7A2-EEC2-46C6-AE72-0B0882FCD9AD}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "TCP Query User{E8143981-528E-463F-80C3-EE11792CBEDD}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{5BC63621-139C-4F66-B666-3E09B29D591D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{583F1DFC-D907-44EF-A647-51D1BE6541EE}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{FFE0970E-3AD2-4724-8ED3-2F029DEC404D}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{1CE83761-9D5D-4FB3-A5C8-EF8B069BE5B4}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{D29A3BF9-770F-4FFE-9D06-E9B09FCCA726}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{EFC0A878-44E9-4C26-A969-3B5C0E20C1A3}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{03D6CFC7-CB7B-4CA0-9357-CA367B5392C5}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{02FC5192-AC6E-4DCD-8B4D-7F9A8EFBAA09}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{BCA583C8-04D3-40A0-BC94-919FC4757F56}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{8432CBAA-60DE-4009-88CD-0BB3D69C165B}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "{0E508A91-2C7B-44F5-A01A-DC6F44AB74A8}"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{BC8F08CE-A88E-4ED1-A6D3-5CEC83F9FC03}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{1A129709-545E-4E4E-AB52-B1D31FBE83DE}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{3F28DFAB-9B7D-4AAA-925A-08A9CD3F9EA3}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{90089EF7-3EA5-45C7-B9CE-1946553067D9}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus "UDP Query User{0CA1D2C1-EAB2-41D4-B136-C77B59CA2D7D}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus "TCP Query User{5E6216B5-D7DF-42C3-8169-A8350833FB1C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire "UDP Query User{0DE0C5BF-5F1F-495B-B4F6-BDB44AD4F231}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire "TCP Query User{C46AE963-DE72-4B1B-919B-2D591B4164FC}C:\\users\\inge\\spill\\far cry installasjon\\bin32\\farcry.exe"= UDP:C:\users\inge\spill\far cry installasjon\bin32\farcry.exe:farcry.exe "UDP Query User{CD9CD270-E285-41DC-9E80-DC8E033C1B07}C:\\users\\inge\\spill\\far cry installasjon\\bin32\\farcry.exe"= TCP:C:\users\inge\spill\far cry installasjon\bin32\farcry.exe:farcry.exe "TCP Query User{7478DDA8-92ED-4F39-808D-FE0AC9F67053}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{3C14EC5C-C8A1-4D6C-8179-4F05AF5CF266}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{BC3B81E3-7C7C-4BC7-86C6-131EDC353F98}C:\\program files\\frostwire\\frostwire.exe"= UDP:C:\program files\frostwire\frostwire.exe:FrostWire "UDP Query User{6057C49E-9363-4B51-B739-08233C1CE66B}C:\\program files\\frostwire\\frostwire.exe"= TCP:C:\program files\frostwire\frostwire.exe:FrostWire "TCP Query User{5F7AE497-86F4-4DD9-8B67-968727B2CA21}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{F8ECA85C-A3E5-4F0E-A3D5-644D89A68575}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{6119AAD0-9657-4D13-A9CE-332C7BD1A4A6}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{F514323F-075C-4B24-95E2-EDE08584D352}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{3311DB09-06CA-47FE-81F3-82BD55C5166F}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{51A8E28E-91CE-437B-83C1-70CAE6919608}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{48141A94-35DC-4AC3-B700-F1040EEB8A0C}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{438EDC38-96DB-4B74-BAF9-CE7620701F96}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{DA7D6FEA-8817-4A57-8539-D1996898D096}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{F6E25182-C6A8-4CD3-B879-DF19327F0841}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{313BECE1-489C-4562-B012-8D011632C5FF}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{E337F8DB-E991-4A06-BB65-9CC9B4110594}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{42BB9CFE-7AC5-4642-B2C4-86446EF366CC}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:LastFM "UDP Query User{F9429989-1DFB-4D07-8E59-07A6FFB108C9}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:LastFM "TCP Query User{7453062F-E5C9-4DC4-9131-607A1F693E66}C:\\program files\\last.fm\\lastfm.exe"= UDP:C:\program files\last.fm\lastfm.exe:Last.fm "UDP Query User{F096C5FB-E0AD-4577-927A-BAE3709A01FF}C:\\program files\\last.fm\\lastfm.exe"= TCP:C:\program files\last.fm\lastfm.exe:Last.fm "TCP Query User{4D9EB35E-EFDE-4853-9013-9E40C46F3A02}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{0664439D-62EB-4E15-9943-8BCE679FCC29}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "{CE8FBA01-763C-4129-A359-8AE9FE048050}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{1B59099D-58E0-4ACD-A115-18042C365579}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War "{49E04E37-0890-43C9-B90A-CEACA9D63FF8}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{1772FA92-DC5B-49C6-BFF5-A560BAB005AC}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{53222082-1829-4B56-B568-14FD1207A67E}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{CDA26519-AE8A-409B-BC42-864C4D1A4761}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{5D49B390-C9D2-47EB-B4A0-ACFA5F10C59C}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{3D50F505-7822-40EB-B28F-2780D22EF0DE}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{56FA4A1F-ED79-48A6-9E8C-1B02FC50A0A3}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{0CEAC844-F069-4E1D-8A45-D536CA33DEF7}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{D5C8EDDD-DDDF-4FBC-A37E-183976E7674C}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{208A4433-3808-4914-9C60-2D849D41D416}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{D1409EA6-59A9-4258-AD05-5DF2C74BE616}"= UDP:C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe:LanTalk NET Messenger "{E1684A7B-97C0-467D-90B9-2F734A930108}"= TCP:C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe:LanTalk NET Messenger "TCP Query User{1CA33CE3-1033-4B33-9C15-DCCF9BFA0728}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{2B434392-AAD6-433A-A540-0B07CF208448}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "TCP Query User{6B64BCC5-E802-4E58-A508-0E13343FF4B1}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.3.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.3.exe:iw3mpHAMACHI 1.3 "UDP Query User{F22BC2F2-22E2-4618-84BE-A6028BF6F730}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mphamachi 1.3.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mphamachi 1.3.exe:iw3mpHAMACHI 1.3 "TCP Query User{5AD7194E-96FE-4498-A7B8-CB45556E4B14}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{4C8DE9CA-B15C-45E5-BBC6-BB687BC7A3D5}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "{4CCB1F7B-B6F0-4D64-BCF8-CBF87C7BD083}"= C:\Program Files\Electronic Arts\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:Command & Conquer 3 Tiberium Wars "{A0F8C8BB-FD7C-4443-B2F5-7F631F7596D0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B6900FCF-7805-46D5-B6A2-2F4632B130C0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{5F9189F1-74D2-46A6-A516-12CBA5D0D88B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C8894109-1BE9-4E51-AC12-1E46AA2DC955}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player "{CF89E6CB-C2B4-4782-8C69-83FD521A123F}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-09-06 11:02] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44] R3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-04-18 09:51] R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-04-18 09:51] R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-04-18 09:51] R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-17 00:50] S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 16:43] S3 CrystalCpuInfo;CrystalCpuInfo;C:\Program Files\OCCT\CpuInfo.sys [2003-11-25 06:50] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel GPSvcGroup REG_MULTI_SZ GPSvc . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-17 19:48:12 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\conime.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hp\HP Software Update\HPWUCli.exe C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\\?\C:\Windows\system32\wbem\WMIADAP.EXE . ************************************************************************** . Completion time: 2008-03-17 19:53:30 - machine was rebooted . 2008-03-14 20:50:17 --- E O F ---