ComboFix 08-06-03.1 - Daniel 2008-06-04 10:42:36.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1044.18.956 [GMT 2:00] Running from: C:\Users\Daniel\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-04 08:17 --------- d-----w C:\Users\Daniel\AppData\Roaming\Skype 2008-06-04 06:08 --------- d-----w C:\Users\Daniel\AppData\Roaming\skypePM 2008-06-03 21:27 --------- d---a-w C:\ProgramData\TEMP 2008-06-03 21:25 --------- d-----w C:\Program Files\SpywareBlaster 2008-06-02 10:50 --------- d-----w C:\Program Files\Trend Micro 2008-06-02 10:04 95,542 ----a-w C:\Users\Daniel\AppData\Roaming\nvModes.dat 2008-06-02 08:59 --------- d-----w C:\ProgramData\Lavasoft 2008-06-02 08:57 --------- d-----w C:\Program Files\Lavasoft 2008-06-02 08:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-30 10:56 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-05-30 10:55 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-05-27 22:00 --------- d-----w C:\Program Files\VistaCodecPack 2008-05-27 21:59 --------- d-----w C:\Program Files\BitLord 2008-05-27 21:58 --------- d-----w C:\ProgramData\VistaCodecs 2008-05-27 21:38 --------- d-----w C:\Users\Daniel\AppData\Roaming\Media Player Classic 2008-05-27 06:20 --------- d-----w C:\Program Files\DAEMON Tools 2008-05-26 17:55 6,741 ----a-w C:\Program Files\install.log 2008-05-26 17:55 --------- d-----w C:\ProgramData\Gamespot 2008-05-21 12:28 --------- d-----w C:\ProgramData\TrackMania 2008-05-21 10:27 --------- d-----w C:\Program Files\Creative 2008-05-21 10:23 --------- d-----w C:\Program Files\EphPod 2008-05-20 22:16 --------- d-----w C:\Program Files\iPod To Computer Transfer 2008-05-20 22:16 --------- d-----w C:\Program Files\Common Files\eSellerate 2008-05-19 21:32 5,192 ----a-w C:\Windows\System32\PerfStringBackup.TMP 2008-05-19 21:11 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-19 21:11 --------- d-----w C:\Program Files\Windows Mail 2008-05-16 09:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe 2008-05-15 06:14 --------- d-----w C:\Program Files\Launch Manager 2008-05-14 17:20 --------- d-----w C:\Users\Daniel\AppData\Roaming\Xfire 2008-05-14 17:20 --------- d-----w C:\ProgramData\Xfire 2008-05-14 17:20 --------- d-----w C:\Program Files\Opera 2008-04-30 10:27 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-04-29 09:20 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys 2008-04-21 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-21 15:54 --------- d-----w C:\Program Files\EASEUS 2008-04-21 15:53 --------- d-----w C:\Program Files\WinUndelete 2008-04-12 10:04 --------- d-s---w C:\Program Files\Xfire 2008-04-12 05:41 180,224 ----a-w C:\Windows\System32\xvidvfw.dll 2008-04-12 05:30 765,952 ----a-w C:\Windows\System32\xvidcore.dll 2008-04-10 21:16 --------- d-----w C:\Program Files\iTunes 2008-04-10 19:25 --------- d-----w C:\Users\Daniel\AppData\Roaming\Apple Computer 2008-04-10 19:24 --------- d-----w C:\ProgramData\Apple Computer 2008-04-10 19:24 --------- d-----w C:\Program Files\QuickTime 2008-04-10 19:24 --------- d-----w C:\Program Files\iPod 2008-04-10 19:24 --------- d-----w C:\Program Files\Bonjour 2008-04-10 19:21 --------- d-----w C:\Program Files\Common Files\Apple 2008-04-09 21:37 --------- d-----w C:\Program Files\MagicISO 2008-04-09 20:52 --------- d-----w C:\Program Files\MSBuild 2008-04-09 20:49 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-09 07:06 --------- d-----w C:\Program Files\ElastoManiaRegistered 2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll 2008-03-22 08:57 32 ----a-w C:\Users\All Users\ezsid.dat 2008-03-22 08:57 32 ----a-w C:\ProgramData\ezsid.dat 2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-03-06 16:29 966,656 ----a-w C:\Windows\System32\VSFilter.dll 2008-03-05 14:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll 2008-03-05 14:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll 2008-03-05 14:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll 2008-03-05 13:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll 2008-03-05 13:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll 2008-02-08 09:05 0 ----a-w C:\Users\Daniel\AppData\Roaming\wklnhst.dat 2007-12-28 15:05 22,328 ----a-w C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys 2007-12-28 14:22 174 --sha-w C:\Program Files\desktop.ini 2007-11-22 15:06 961,024 ----a-w C:\Users\Public\win_undelete_setup.exe . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 23:21 1232896] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440] "Skype"="C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phone\Skype.exe" [2008-02-01 18:22 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 07:09 865840] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216] "eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144] "Acer Tour"="" [] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-26 09:33 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-26 09:32 8433664] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-26 09:33 81920] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 11:10 4468736 C:\Windows\RtHDVCpl.exe] "PLFSet"="C:\Windows\PLFSet.dll" [2007-04-25 14:47 45056] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872] "SetPanel"="C:\Acer\APanel\APanel.cmd" [ ] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 03:36 707080] "PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952] "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 22:48 57344] "eRecoveryService"="" [] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] "CreativeMS2020"="C:\Program Files\Creative\Fatal1ty Professional Laser Mouse\ctusbms.exe" [2006-05-09 14:58 143360] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552] C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664] Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2008-04-04 23:31:48 2987856] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-12-28 15:50:14 1208320] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 14:11:50 719664] Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-16 06:52:34 535336] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AE2BF644-D639-445C-84C4-ED01488B8E04}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe "{C838F199-B1ED-4E88-AEBF-E9A4D29805AC}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician "{AEFAA8AC-EDC0-4749-A353-C462F267EB99}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia "{4660D352-2FAC-4636-AB0B-D8372BE3D089}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard "{069A8F76-CA27-471B-B85B-BB1463800054}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{DA2ADCFE-F75E-4C7B-BC68-8D688E3BC345}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{FE72A700-A5FE-402B-8DD5-3E21DE3908F1}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine "{84A05711-0FA3-45F1-8136-28C884D1C1AA}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie "{6FF180FF-9B7D-483E-BD20-08D32CD7BF6F}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program "{11493912-6F64-4EF2-9C6C-F134696AB930}"= C:\Program Files\Acer\Acer VCM\VC.exe:Acer VCM "{E31E4A66-7826-42AB-A159-C05F461C8A92}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{DAACC271-4403-4429-9381-AB47CEE0D226}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{36114A51-9692-474C-A544-305C9902EF44}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{9B6DF2F4-0F38-4F1F-BB96-A0D0C52A3C5C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{DBFAF022-093B-4346-B7DF-9DEAA3E02CA0}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{8443F3A1-7630-47F4-BE3F-8E1FAB1F5DDB}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{8956B141-80A1-4AB4-868A-53704E82961E}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{AB234A0E-AEDB-42E2-B2E5-EACFA1ED025A}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= UDP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "UDP Query User{2C139832-AADB-4C4F-8403-18D02289B488}C:\\program files\\activision\\call of duty 4 - modern warfare\\iw3mp.exe"= TCP:C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe:iw3mp "TCP Query User{0F3ABDF4-257F-4EB1-B3EE-10EABE842C04}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire "UDP Query User{9C18FA7E-7A09-4982-B4E2-8FA3D5F361E2}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire "TCP Query User{982CAF20-7F59-4816-BF37-01FD84816B3E}C:\\program files\\hamachi\\hamachi.exe"= UDP:C:\program files\hamachi\hamachi.exe:Hamachi Client "UDP Query User{BE98A785-E36C-4C11-8BED-176E1AC2D792}C:\\program files\\hamachi\\hamachi.exe"= TCP:C:\program files\hamachi\hamachi.exe:Hamachi Client "{0C0AFF54-E7D5-4EFE-9F45-EE1D6B5273D8}"= Disabled:UDP:C:\Acer pc\Skype\Phone\Skype.exe:Skype "{87BA3448-C047-4D10-9956-6FF92BD07C77}"= Disabled:TCP:C:\Acer pc\Skype\Phone\Skype.exe:Skype "TCP Query User{27A80600-28B8-474F-B77E-DE6E8898A011}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{52465A98-EE5B-4B9F-A76B-71BD266F2288}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{141F7EF0-73FD-4CEC-8153-6D2E7A89B7E8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{198397C3-36F4-4BC1-94CA-DB53E80985E8}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{5208332E-99F7-42ED-BCA5-54AA4D45AFB3}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{8874936E-8D3C-45B6-8D80-2EE68E7BB9D7}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{4B034DA8-1F2E-4DCB-9916-B5C0D1ABBBDD}"= Disabled:UDP:C:\Acer pc\Skype\Phone\Skype.exe:Skype "{90B11633-736A-4CA4-9490-3ED5631786C9}"= Disabled:TCP:C:\Acer pc\Skype\Phone\Skype.exe:Skype "TCP Query User{3AEE4E3A-B245-4E9A-8B40-501F9EBBA6C9}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{2919D26B-74DA-4DE8-8356-E6DD0B56EC4B}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord "{32E5BE8C-093E-4E12-9DA6-E8E3845B7033}"= UDP:43594:runescape "TCP Query User{65D439B4-E94D-42D5-A6B2-EEF3E9D329AF}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= UDP:C:\program files\ea games\battlefield 2\bf2.exe:BF2 "UDP Query User{12505EC5-9D57-42EB-A82A-5DFC980F76F1}C:\\program files\\ea games\\battlefield 2\\bf2.exe"= TCP:C:\program files\ea games\battlefield 2\bf2.exe:BF2 "{D33E3A16-B27F-43A6-853E-93AF8E8C4C03}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{B9A6CD87-F7B0-4C19-AF97-0383F3AF15EF}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{DE2E96F3-4469-40CF-AC99-7D61FB4A3F23}F:\\bitlord\\bitlord.exe"= UDP:F:\bitlord\bitlord.exe:BitLord "UDP Query User{C5670FC2-8ECD-44A6-90AD-1997EC64476E}F:\\bitlord\\bitlord.exe"= TCP:F:\bitlord\bitlord.exe:BitLord "TCP Query User{95FE51C8-242B-46C2-BFD2-AF85B310E9B4}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord "UDP Query User{EEBFA036-B70A-44AB-9C51-60D0397653E0}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord "{E55A4947-3AE5-4E69-B095-A5E65538D9B2}"= Disabled:UDP:C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skype.exe:Skype "{017AC83A-C2AE-4B62-9260-E63285D8377C}"= Disabled:TCP:C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skype.exe:Skype "TCP Query User{14EF523C-168C-411C-A238-44F80B12E165}C:\\program files\\dyngate\\dyngate.exe"= UDP:C:\program files\dyngate\dyngate.exe:DynGate Router "UDP Query User{9FD93783-FEC8-45D0-9591-A438C7A9FBCB}C:\\program files\\dyngate\\dyngate.exe"= TCP:C:\program files\dyngate\dyngate.exe:DynGate Router "{4E03D282-E1CC-4B9D-85E2-0BD24E73C01A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{4DE1F36B-6BD4-467B-B259-64452B9C7553}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{94FB13B6-A301-46DF-9CA2-4DFEF9AD8168}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{6BBA8B9C-BAC3-4E2E-A1D3-631B22A4DB3E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{4FD04AF8-3E11-454A-BB86-FA006F562C51}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{CFCC0C2C-FF47-426F-894C-7F3C535A2568}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{297386E3-5BB7-4808-8F99-0D39BB727631}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "TCP Query User{7149A49B-3A45-4F13-879A-841C7F82AB2A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes "UDP Query User{8F30844F-5847-4CC3-BD8C-2DF312664A23}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes "TCP Query User{26B80B98-363E-45D1-A412-EDB932800F50}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{1CFCB6BF-966B-42E3-960C-67E7C0BEC421}C:\\program files\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader "TCP Query User{7760CF21-DB09-4082-84CB-181CE9727F53}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader "UDP Query User{7481A695-DADD-4A52-8025-C4A7F98BD590}C:\\program files\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:C:\program files\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader "TCP Query User{CB4D9B72-536B-4790-A267-BA65330FB5C9}D:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:D:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader "UDP Query User{A53051E4-CD22-490B-AD35-2B761AEB66EA}D:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:D:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader "TCP Query User{10D84836-364A-4F9E-ACBE-89625F301920}D:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:D:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader "UDP Query User{1F9370D0-BBDF-4029-B4BC-E3F69B2797C1}D:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:D:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader "TCP Query User{5112EF56-5ACE-41B2-B377-3DD884B218C9}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology "UDP Query User{D30639A8-95CD-40A6-8AEF-46037EF90975}C:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:C:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology "TCP Query User{1C78D98B-71E9-45C7-9142-3ABEC707482E}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= UDP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion "UDP Query User{6BE95DD4-DB0B-41F2-B7EF-7EE5C8E386DD}C:\\program files\\microsoft games\\age of mythology\\aomx.exe"= TCP:C:\program files\microsoft games\age of mythology\aomx.exe:Age of Mythology - The Titans Expansion "TCP Query User{88A922DB-6B98-4BDC-AC07-71C11B8FB7D3}C:\\program files\\tmnationsforever\\tmforever.exe"= UDP:C:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{92C78CA0-751F-4AA0-B5E9-F7936631D0CD}C:\\program files\\tmnationsforever\\tmforever.exe"= TCP:C:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{117CDEEB-2463-40B7-833C-DE0309B21BD2}C:\\windows\\ehome\\ehexthost.exe"= UDP:C:\windows\ehome\ehexthost.exe:Media Center Extensibility Host "UDP Query User{B181EB31-5E62-4F69-81D3-E3F1F33FC0C4}C:\\windows\\ehome\\ehexthost.exe"= TCP:C:\windows\ehome\ehexthost.exe:Media Center Extensibility Host "{F8B5C3F9-AA3B-4DFB-ABBB-20A1A6DF833A}"= Disabled:UDP:C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phone\Skype.exe:Skype "{EFB09F72-27C9-4C65-87FB-61FA82696ACF}"= Disabled:TCP:C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2007-04-25 16:34] R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2007-04-25 16:34] R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2007-04-25 16:34] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0[/u]00.fcl [2006-11-02 17:51] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32] R2 eDataSecurity Service;eDSService.exe;"C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [2007-04-25 16:34] R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-06-13 16:54] R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-06-28 18:50] R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57] R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-06-13 11:23] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-06-26 09:33] R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [2007-04-19 09:09] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 09:03] S3 btwaudio;Bluetooth-lydenhet;C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 21:46] S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 08:20] S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 08:20] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fc1f6fc-b53f-11dc-8c1c-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{32fa3c2e-c681-11dc-adf3-001b248987c0}] \shell\AutoRun\command - G:\Setup.exe \shell\setup\command - G:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54a9f2c5-e1fa-11dc-b846-dc387e1efc50}] \shell\AutoRun\command - H:\LaunchU3.exe -a *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-04 10:46:33 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-06-04 10:47:43 ComboFix-quarantined-files.txt 2008-06-04 08:47:28 Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. Finner ikke meldingstekst for melding nummer 0x2379 i meldingsfilen for Application. 269 --- E O F --- 2008-05-30 18:01:44