Disabled Ashampoo firewall
Run combofix log below.
Your comments regarding BitComet will be taken on board. Using it may have got my system in trouble in the first place. However, I do need some form of similar program as I have an account with audible.co.uk and moviescormedia, large downloads, paid for and legal, and I like the resume download function that bitcomet offers.
ComboFix 08-08-19.02 - Graham 2008-08-20 18:53:22.2 - NTFSx86
Running from: C:\Documents and Settings\Graham\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-20 to 2008-08-20 )))))))))))))))))))))))))))))))
.
2008-08-20 17:12 . 2008-08-20 17:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-20 14:34 . 2008-08-20 14:34 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-08-20 14:34 . 2008-08-20 14:34 <DIR> d-------- C:\Program Files\MSECACHE
2008-08-19 19:35 . 2008-08-19 19:35 <DIR> d-------- C:\Program Files\Vidalia Bundle
2008-08-19 19:35 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Vidalia
2008-08-19 19:35 . 2008-08-20 19:06 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\tor
2008-08-18 20:20 . 2008-08-18 20:20 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\FLEXnet
2008-08-17 23:14 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-17 23:13 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-08-17 23:12 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-08-17 23:11 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-08-17 23:10 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-17 23:09 . 2008-04-14 01:12 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-08-17 23:08 . 2008-04-13 19:31 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-08-17 23:07 . 2008-04-14 01:12 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-08-17 23:07 . 2008-04-13 19:46 51,200 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-08-17 23:07 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-08-17 23:07 . 2008-04-13 19:54 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-08-17 23:07 . 2001-08-17 13:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-08-17 23:07 . 2001-08-17 13:57 16,128 --a--c--- C:\WINDOWS\system32\dllcache\modemcsa.sys
2008-08-17 23:07 . 2008-04-13 19:46 15,232 --a--c--- C:\WINDOWS\system32\dllcache\mpe.sys
2008-08-17 23:07 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-08-17 23:07 . 2001-08-17 13:52 6,528 --a--c--- C:\WINDOWS\system32\dllcache\miniqic.sys
2008-08-17 23:07 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-08-17 23:07 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-08-17 23:05 . 2008-04-13 19:39 14,592 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-17 23:05 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-17 23:05 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-08-17 23:05 . 2008-04-14 01:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-17 23:04 . 2008-04-14 01:11 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-08-17 23:04 . 2008-04-14 01:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-17 23:04 . 2008-04-13 19:54 88,192 --a--c--- C:\WINDOWS\system32\dllcache\irda.sys
2008-08-17 23:04 . 2008-04-14 01:11 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-17 23:04 . 2008-04-14 01:12 16,384 --a--c--- C:\WINDOWS\system32\dllcache\ipsink.ax
2008-08-17 23:03 . 2008-04-13 19:40 28,288 --a--c--- C:\WINDOWS\system32\dllcache\grserial.sys
2008-08-17 23:03 . 2008-04-14 01:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-17 23:03 . 2008-04-13 19:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-08-17 23:03 . 2008-04-13 19:41 18,560 --a--c--- C:\WINDOWS\system32\dllcache\i2omp.sys
2008-08-17 23:03 . 2008-04-13 19:41 8,576 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-17 23:02 . 2008-04-13 19:45 59,136 --a--c--- C:\WINDOWS\system32\dllcache\gckernel.sys
2008-08-17 23:01 . 2008-04-13 19:39 206,976 --a--c--- C:\WINDOWS\system32\dllcache\dot4.sys
2008-08-17 23:01 . 2008-04-14 01:12 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2008-08-17 23:01 . 2008-04-13 19:40 8,320 --a--c--- C:\WINDOWS\system32\dllcache\dlttape.sys
2008-08-17 23:00 . 2008-04-14 01:11 249,856 --a--c--- C:\WINDOWS\system32\dllcache\ctmasetp.dll
2008-08-17 22:59 . 2008-04-14 01:11 121,856 --a--c--- C:\WINDOWS\system32\dllcache\camext30.dll
2008-08-17 22:59 . 2008-04-13 19:46 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-08-17 22:59 . 2008-04-13 19:36 13,952 --a--c--- C:\WINDOWS\system32\dllcache\cmbatt.sys
2008-08-17 22:59 . 2008-04-13 19:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys
2008-08-17 22:59 . 2008-04-13 19:40 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-08-17 22:58 . 2008-04-13 19:46 38,912 --a--c--- C:\WINDOWS\system32\dllcache\avc.sys
2008-08-17 22:58 . 2008-04-14 01:12 18,432 --a--c--- C:\WINDOWS\system32\dllcache\bdaplgin.ax
2008-08-17 22:58 . 2008-04-13 19:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys
2008-08-17 22:58 . 2008-04-13 19:46 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2008-08-17 22:58 . 2008-04-13 19:46 11,776 --a--c--- C:\WINDOWS\system32\dllcache\bdasup.sys
2008-08-17 22:56 . 2008-04-13 19:46 48,128 --a--c--- C:\WINDOWS\system32\dllcache\61883.sys
2008-08-17 22:56 . 2008-04-13 19:40 12,288 --a--c--- C:\WINDOWS\system32\dllcache\4mmdat.sys
2008-08-17 22:55 . 2008-04-13 20:24 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-17 21:46 . 2008-08-17 21:56 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\ImgBurn
2008-08-17 21:43 . 2008-08-17 22:53 <DIR> dr------- C:\I386
2008-08-17 21:39 . 2008-08-17 21:39 <DIR> d-------- C:\Program Files\ImgBurn
2008-08-17 21:11 . 2008-08-17 21:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ALM
2008-08-17 19:40 . 2008-08-17 19:40 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-1AFEECE286\Application Data\dBpoweramp
2008-08-17 18:09 . 2008-08-17 18:09 <DIR> d-------- C:\Documents and Settings\Administrator.HOME-1AFEECE286
2008-08-17 09:25 . 2000-07-21 10:40 2,048 --a------ C:\w2ksect.bin
2008-08-17 09:21 . 2008-08-17 12:30 331,805,736 --a------ C:\XPSP3.exe
2008-08-16 19:55 . 2008-08-16 19:55 <DIR> d-------- C:\Program Files\Warp Engine Software
2008-08-16 18:31 . 2008-08-16 18:31 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.bmp
2008-08-16 18:30 . 2008-08-16 18:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.bmp
2008-08-16 18:30 . 2008-08-16 18:30 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.bmp
2008-08-16 18:30 . 2008-08-16 18:30 2,873 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
2008-08-16 18:30 . 2008-08-16 18:30 2,865 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
2008-08-16 18:26 . 2008-08-16 18:26 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-08-16 18:26 . 2008-08-16 18:26 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-08-16 16:18 . 2008-08-16 16:18 <DIR> d-------- C:\Program Files\Cracklock
2008-08-14 20:51 . 2008-08-14 20:51 361,600 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-08-11 21:25 . 2008-08-11 21:29 106 --a------ C:\WINDOWS\MusicEditor.INI
2008-08-10 21:56 . 2008-08-11 18:15 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-10 21:48 . 2008-08-11 16:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-08-07 22:11 . 2008-08-17 18:22 <DIR> d-------- C:\Program Files\Save Flash
2008-08-06 19:31 . 2008-08-06 19:31 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-08-06 19:23 . 2008-08-06 19:25 <DIR> d-------- C:\Program Files\CyberLink
2008-08-05 18:37 . 2008-08-05 18:38 <DIR> d-------- C:\Program Files\Notepad++
2008-08-05 18:37 . 2008-08-05 19:49 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\Notepad++
2008-08-05 18:06 . 2008-08-06 19:27 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\CyberLink
2008-08-05 17:34 . 2008-08-06 19:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2008-08-04 12:20 . 2008-08-04 12:20 <DIR> d-------- C:\Program Files\Bluetack
2008-08-03 18:30 . 2008-08-20 17:35 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\ChapterMaster
2008-08-03 17:17 . 2008-08-03 17:17 <DIR> d-------- C:\Documents and Settings\Graham\Application Data\MP3toiPodAudioBookConverter
2008-07-30 23:18 . 2008-06-23 17:57 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-30 23:18 . 2007-04-17 10:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-30 23:18 . 2007-03-08 06:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-30 23:18 . 2008-06-23 17:57 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-30 23:18 . 2008-06-23 17:57 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-30 23:18 . 2008-06-23 17:57 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-30 23:18 . 2008-06-23 17:57 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-30 23:18 . 2008-06-23 17:57 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-30 23:18 . 2008-06-23 10:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-30 22:04 . 2003-03-31 13:00 457,607 -----c--- C:\WINDOWS\system32\dllcache\mdlib.wmv
2008-07-30 22:03 . 2008-04-14 01:11 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
2008-07-27 22:34 . 2008-08-20 18:52 4,958,588 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-20021102}.CDF
2008-07-27 18:43 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-07-27 18:43 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-07-27 18:43 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-07-27 18:42 . 2001-08-17 13:49 26,624 --a--c--- C:\WINDOWS\system32\dllcache\irstusb.sys
2008-07-27 18:42 . 2001-08-17 13:49 23,552 --a--c--- C:\WINDOWS\system32\dllcache\irmk7.sys
2008-07-27 18:42 . 2001-08-17 13:51 18,688 --a--c--- C:\WINDOWS\system32\dllcache\irsir.sys
2008-07-27 18:41 . 2001-08-17 12:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2008-07-27 18:40 . 2001-08-17 22:36 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll
2008-07-27 18:40 . 2001-08-17 13:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys
2008-07-27 18:40 . 2001-08-17 13:52 16,000 --a--c--- C:\WINDOWS\system32\dllcache\ini910u.sys
2008-07-27 18:40 . 2001-08-17 13:47 13,056 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys
2008-07-27 18:36 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll
2008-07-27 18:35 . 2001-08-17 14:06 154,496 --a--c--- C:\WINDOWS\system32\dllcache\icam4usb.sys
2008-07-27 18:35 . 2001-08-17 14:05 141,056 --a--c--- C:\WINDOWS\system32\dllcache\icam3.sys
2008-07-27 18:35 . 2001-08-17 14:06 100,992 --a--c--- C:\WINDOWS\system32\dllcache\icam5usb.sys
2008-07-27 18:35 . 2001-08-17 22:36 91,136 --a--c--- C:\WINDOWS\system32\dllcache\icam4com.dll
2008-07-27 18:35 . 2001-08-17 22:36 61,952 --a--c--- C:\WINDOWS\system32\dllcache\icam4ext.dll
2008-07-27 18:35 . 2001-08-17 22:36 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icam5com.dll
2008-07-27 18:35 . 2001-08-17 14:06 38,528 --a--c--- C:\WINDOWS\system32\dllcache\ibmvcap.sys
2008-07-27 18:35 . 2001-08-17 22:36 26,624 --a--c--- C:\WINDOWS\system32\dllcache\icam3ext.dll
2008-07-27 18:35 . 2001-08-17 22:36 20,480 --a--c--- C:\WINDOWS\system32\dllcache\icam5ext.dll
2008-07-27 18:34 . 2004-08-03 22:29 161,020 --a--c--- C:\WINDOWS\system32\dllcache\i81xnt5.sys
2008-07-27 18:34 . 2001-08-17 12:12 109,085 --a--c--- C:\WINDOWS\system32\dllcache\ibmtrp.sys
2008-07-27 18:34 . 2001-08-17 12:12 100,936 --a--c--- C:\WINDOWS\system32\dllcache\ibmtok.sys
2008-07-27 18:34 . 2001-08-17 12:49 58,592 --a--c--- C:\WINDOWS\system32\dllcache\i740nt5.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-20 18:00 289,280 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-20 18:00 20,982,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-20 16:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\TeraCopy
2008-08-20 16:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 15:33 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-08-20 13:26 --------- d-----w C:\Documents and Settings\Graham\Application Data\uTorrent
2008-08-19 17:55 --------- d-----w C:\Program Files\Perfect Uninstaller
2008-08-17 20:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-17 16:16 --------- d-----w C:\Program Files\MagicISO
2008-08-16 22:40 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-08-16 21:47 --------- d-----w C:\Program Files\SpywareBlaster
2008-08-16 17:51 --------- d-----w C:\Program Files\Spyware Doctor
2008-08-16 15:25 --------- d-----w C:\Program Files\Google
2008-08-16 15:23 --------- d-----w C:\Program Files\PeerGuardian2
2008-08-16 07:22 --------- d-----w C:\Documents and Settings\Vassie\Application Data\uTorrent
2008-08-13 20:42 243,064 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-08-10 18:55 --------- d-----w C:\Program Files\Microsoft Works
2008-08-10 18:54 --------- d-----w C:\Program Files\MSBuild
2008-08-09 17:42 --------- d-----w C:\Program Files\BitComet
2008-08-09 08:39 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 08:26 --------- d-----w C:\Program Files\iTunes
2008-08-09 08:25 --------- d-----w C:\Program Files\iPod
2008-08-07 21:22 505,128 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-08-07 21:22 353,576 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-08-06 18:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-04 19:10 --------- d-----w C:\Documents and Settings\Vassie\Application Data\Desktopicon
2008-08-04 19:10 --------- d-----w C:\Documents and Settings\Graham\Application Data\Desktopicon
2008-07-30 18:06 --------- d-----w C:\Program Files\ImTOO
2008-07-27 18:57 --------- d-----w C:\Program Files\PowerISO
2008-07-27 13:35 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-07-27 11:50 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-07-27 08:13 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-26 18:28 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-07-26 17:15 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-07-26 17:15 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-26 17:06 --------- d-----w C:\Program Files\TeraCopy
2008-07-26 08:40 --------- d-----w C:\Documents and Settings\Graham\Application Data\Ahead
2008-07-26 08:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-07-25 22:38 --------- d-----w C:\Documents and Settings\Graham\Application Data\Creative
2008-07-25 18:59 --------- d-----w C:\Program Files\Creative
2008-07-25 18:26 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-07-21 22:11 --------- d-----w C:\Documents and Settings\Graham\Application Data\dBpoweramp
2008-07-19 09:25 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\TrojanHunter
2008-07-18 19:00 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-18 19:00 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-17 21:23 --------- d-----w C:\Documents and Settings\Graham\Application Data\Alien Skin
2008-07-17 21:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2008-07-17 20:42 54,784 ----a-w C:\WINDOWS\system32\MSVCI70.dll
2008-07-16 22:52 --------- d-----w C:\Program Files\Mp3tag
2008-07-16 22:52 --------- d-----w C:\Documents and Settings\Graham\Application Data\Mp3tag
2008-07-16 20:32 --------- d-----w C:\Program Files\Ahead
2008-07-16 20:32 --------- d-----w C:\Program Files\ABBYY FineReader 5.0 Pro
2008-07-16 20:31 --------- d-----w C:\Program Files\USB Disk Security
2008-07-16 20:31 --------- d-----w C:\Program Files\SurfOffline
2008-07-16 20:31 --------- d-----w C:\Program Files\QuickTime
2008-07-16 20:31 --------- d-----w C:\Program Files\Panda Security
2008-07-16 20:31 --------- d-----w C:\Program Files\Kyodai Mahjongg 2006
2008-07-16 20:31 --------- d-----w C:\Program Files\JetAudio
2008-07-16 20:31 --------- d-----w C:\Program Files\FA128
2008-07-16 20:31 --------- d-----w C:\Program Files\DivX
2008-07-16 20:31 --------- d-----w C:\Program Files\DeliPlayer2
2008-07-16 20:31 --------- d-----w C:\Program Files\DAMN NFO Viewer
2008-07-16 20:31 --------- d-----w C:\Program Files\Common Files\Real
2008-07-15 20:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Ahead
2008-07-15 20:08 --------- d-----w C:\Program Files\Java
2008-07-15 04:52 --------- d-----w C:\Program Files\Microsoft USB Flash Drive Manager
2008-07-15 04:52 --------- d-----w C:\Program Files\Hitman Pro
2008-07-13 21:31 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\Apple Computer
2008-07-13 20:29 --------- d-----w C:\Documents and Settings\Graham\Application Data\Thinstall
2008-07-13 20:19 --------- d-----w C:\Documents and Settings\Graham\Application Data\COWON
2008-07-13 09:49 --------- d-----w C:\Documents and Settings\Linda.HOME-1AFEECE286\Application Data\TuneUp Software
2008-07-12 23:15 --------- d-----w C:\Documents and Settings\Graham\Application Data\Lavasoft
2008-07-12 08:19 1,107,227 ----a-w C:\WRAR.EXE
2008-07-12 03:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\PC Tools
2008-07-12 03:04 164 ----a-w C:\install.dat
2008-07-11 23:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Prevx
2008-07-11 17:35 --------- d-----w C:\Program Files\Ashampoo
2008-07-10 08:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-09 20:45 --------- d-----w C:\Program Files\GoldWave
2008-07-09 19:48 --------- d-----w C:\Documents and Settings\Graham\Application Data\Systweak
2008-07-09 19:34 --------- d--h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ
2008-07-09 19:32 --------- d-----w C:\Program Files\Canon
2008-07-08 21:56 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
2008-07-08 21:21 --------- d-----w C:\Documents and Settings\Graham\Application Data\Apple Computer
2008-07-08 21:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-07-08 21:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-07-08 20:15 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-07-08 20:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\AD ON Multimedia
2008-07-08 20:08 --------- d-----w C:\Documents and Settings\Graham\Application Data\AccurateRip
2008-07-07 21:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
2008-07-07 21:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\sentinel
2008-07-07 21:33 --------- d-----w C:\Documents and Settings\Graham\Application Data\TrojanHunter
2008-07-07 21:04 --------- d-----w C:\Documents and Settings\Graham\Application Data\TuneUp Software
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 20:40 --------- d-----w C:\Program Files\Yahoo!
2008-07-06 13:29 --------- d-----w C:\Documents and Settings\Linda\Application Data\TrojanHunter
2008-07-06 12:03 --------- d-----w C:\Program Files\Servant Salamander 2.5 RC1
2008-07-06 08:51 --------- d-----w C:\Documents and Settings\Vassie\Application Data\TeraCopy
2008-07-04 17:51 --------- d-----w C:\Program Files\CCleaner
2008-07-04 17:41 --------- d-----w C:\Program Files\IrfanView
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 13:27 2048000]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-28 12:10 2120640]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06 700416]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 22:49 12889088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 14:21 94208]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 05:15 15872]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 20:23 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 11:36 50472]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 17:06 1398272]
"CTDVDDET"="C:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-06-27 16:50 91432]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2008-05-05 13:33 19456 C:\WINDOWS\system32\CtHelper.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 19:48 434528]
C:\Documents and Settings\Graham\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2000-08-24 15:16:34 110592]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 15:30:54 250368]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Audible Download Manager.lnk]
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Watch.lnk]
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Graham^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnHackMe Monitor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ashampoo FireWall PRO]
--a------ 2006-12-21 02:10 3543552 C:\Program Files\Ashampoo\Ashampoo FireWall PRO\FireWall.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"CTHelper"=CTHELPER.EXE
"CTxfiHlp"=CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11328:TCP"= 11328:TCP:BitComet 11328 TCP
"11328:UDP"= 11328:UDP:BitComet 11328 UDP
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\
000.fcl [2008-06-27 16:50]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-05-05 13:22]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-05-05 13:23]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-05-06 02:55]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 01:12]
S3 COMMONFX;COMMONFX;C:\WINDOWS\system32\drivers\COMMONFX.SYS [2008-05-05 13:22]
S3 CTAUDFX;CTAUDFX;C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2008-05-05 13:23]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-05-05 13:21]
S3 CTERFXFX;CTERFXFX;C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2008-05-05 13:21]
S3 CTSBLFX;CTSBLFX;C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2008-05-06 02:55]
S3 DrvFltIp;DrvFltIp;C:\Documents and Settings\Graham\Local Settings\TEMP\DrvFltIp []
S4 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-18 20:00]
.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]
2008-08-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2008-08-17 C:\WINDOWS\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
2008-07-07 C:\WINDOWS\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 09:20]
.
- - - - ORPHANS REMOVED - - - -
Notify-geBqRjHy - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Graham\Application Data\Mozilla\Firefox\Profiles\mvjrthme.default\
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-20 19:04:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\Documents and Settings\Graham\Local Settings\TEMP\ASFWHide"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DrvFltIp]
"ImagePath"="\??\C:\Documents and Settings\Graham\Local Settings\TEMP\DrvFltIp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\
000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
.
**************************************************************************
.
Completion time: 2008-08-20 19:16:34 - machine was rebooted [Graham]
ComboFix-quarantined-files.txt 2008-08-20 18:16:03
Pre-Run: 35,904,901,120 bytes free
Post-Run: 35,980,451,840 bytes free
374 --- E O F --- 2008-08-18 16:33:36