Hi, My Pc is no longer crashing, the desktop is stable although the memory used at idle process is420mb, I only have1 gb so it appears high to me but at the same time cpu usage is only 2%, the combofix file is ennclosed, all other tasks were completed as asked.
ComboFix 08-07-23.5 - User 2008-08-03 20:18:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.614 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\Shortcuts\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\Cfscript.text
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\User\Application Data\uTorrent
C:\Documents and Settings\User\Application Data\uTorrent\Bananarama - The Very Best Of [2002][CD+4Vids+Covers].torrent
C:\Documents and Settings\User\Application Data\uTorrent\Basshunter-The Album (2008) [320 kb] [misterorange].torrent
C:\Documents and Settings\User\Application Data\uTorrent\Buddy Holly - The Ultimate Collection.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Clubland 13 - [2 CDs] - [With Covers].rar.torrent
C:\Documents and Settings\User\Application Data\uTorrent\CLUBLAND 13.torrent
C:\Documents and Settings\User\Application Data\uTorrent\dht.dat
C:\Documents and Settings\User\Application Data\uTorrent\Dr.Jekyll.and.Mr.Hyde[2008][TV]DvDrip-aXXo.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Felon.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Felon[2008]DvDrip-aXXo.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Kid Rock - All Summer Long (TorrentServer).zip.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Life[1999]DivX[WS]DVDrip[Eng]-Atlas47.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Malwarebytes Anti-Malware 1.12.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Massive Reggae.torrent
C:\Documents and Settings\User\Application Data\uTorrent\R&B Love Collection 2008.torrent
C:\Documents and Settings\User\Application Data\uTorrent\resume.dat
C:\Documents and Settings\User\Application Data\uTorrent\resume.dat.old
C:\Documents and Settings\User\Application Data\uTorrent\SDAsav.torrent
C:\Documents and Settings\User\Application Data\uTorrent\settings.dat
C:\Documents and Settings\User\Application Data\uTorrent\settings.dat.new
C:\Documents and Settings\User\Application Data\uTorrent\settings.dat.old
C:\Documents and Settings\User\Application Data\uTorrent\setup Spyware Doctor 6.0.0.362 + Antivirus (silent).torrent
C:\Documents and Settings\User\Application Data\uTorrent\SimCity Classic.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Vantage Point .[2008].DVDRIP.XVID.[Eng]-nat_2_good.avi.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Vantage Point [2008-DVDRip-H.264-x264]-WOLViSH.torrent
C:\Documents and Settings\User\Application Data\uTorrent\Vantage Point[2008]DvDrip[Eng].torrent
C:\Program Files\uTorrent
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\AS-Exp2.ocx
C:\WINDOWS\system32\IGUltraGrid20.ocx
C:\WINDOWS\system32\md5.dll
C:\WINDOWS\system32\systray.ocx
C:\WINDOWS\system32\windrv.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FREEZESCREENSAVER
-------\Service_FreezeScreenSaver
((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.
2008-08-03 20:17 . 2008-08-03 20:17 <DIR> d-------- C:\327882R2FWJFW
2008-08-03 15:00 . 2008-08-03 15:00 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-08-03 13:40 . 2008-08-03 20:08 <DIR> d-------- C:\Program Files\Tradewinds Caravans
2008-08-02 19:00 . 2008-08-03 19:06 <DIR> d-------- C:\Program Files\The Mystery Of The Crystal Portal
2008-08-01 10:02 . 2008-08-01 10:02 <DIR> d-------- C:\Program Files\Uniblue
2008-07-30 20:06 . 2008-07-30 20:06 244 --ah----- C:\sqmnoopt00.sqm
2008-07-30 20:06 . 2008-07-30 20:06 232 --ah----- C:\sqmdata00.sqm
2008-07-30 12:41 . 2008-07-31 09:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-29 20:19 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-07-29 20:19 . 2008-07-29 20:17 159,880 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-07-29 20:17 . 2008-07-29 20:19 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-07-29 20:06 . 2008-08-02 15:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-29 20:06 . 2008-07-29 20:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\PC Tools
2008-07-29 20:06 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-29 20:06 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-29 20:06 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-29 20:06 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-29 19:03 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 18:54 . 2008-07-29 18:54 <DIR> d-------- C:\Documents and Settings\Admin
2008-07-29 18:51 . 2008-07-29 18:51 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-29 18:49 . 2008-07-31 20:02 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 18:49 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 15:14 . 2008-07-29 15:14 <DIR> d-------- C:\temp_dvd
2008-07-29 15:13 . 2008-07-29 15:14 <DIR> d-------- C:\Program Files\Dvd-cloner
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\WINDOWS\World Mosaics
2008-07-29 12:49 . 2008-08-02 12:12 <DIR> d-------- C:\Program Files\World Mosaics
2008-07-29 12:49 . 2008-07-29 12:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-07-29 08:23 . 2008-07-29 08:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SpinTop Games
2008-07-28 19:22 . 2008-07-28 19:49 207 --a------ C:\WINDOWS\maketorrent.ini
2008-07-28 10:24 . 2008-07-28 10:24 <DIR> d-------- C:\Program Files\DVDFab 5
2008-07-28 09:03 . 2008-07-28 09:03 <DIR> d-------- C:\Program Files\Common Files\Oberon Media
2008-07-28 08:38 . 2008-07-28 08:38 <DIR> d-------- C:\Program Files\Sun
2008-07-28 08:38 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-28 08:36 . 2008-07-28 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-26 20:59 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\Mystery PI The Vegas Heist
2008-07-26 17:42 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-26 16:58 . 2008-07-26 16:58 <DIR> d-------- C:\Program Files\Google
2008-07-26 14:15 . 2008-08-02 19:01 <DIR> d-------- C:\GAMES
2008-07-26 14:07 . 2008-08-01 08:57 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects
2008-07-26 13:36 . 2008-07-26 16:35 <DIR> d-------- C:\Program Files\Tradewinds Legends
2008-07-26 13:27 . 2008-07-26 13:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameHouse
2008-07-26 13:02 . 2008-07-27 09:44 <DIR> d-------- C:\Program Files\Gold Rush Treasure Hunt
2008-07-25 18:50 . 2008-08-03 13:40 <DIR> d-------- C:\WINDOWS\Tradewinds Caravans
2008-07-24 19:52 . 2008-07-24 19:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\WINDOWS\Discovery A Seek And Find Adventure
2008-07-24 19:04 . 2008-07-24 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-07-24 18:51 . 2008-07-24 18:56 <DIR> d-------- C:\Program Files\PopCap Games
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\User\Application Data\Malwarebytes
2008-07-24 18:08 . 2008-07-24 18:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 16:31 . 2008-07-24 16:31 <DIR> d-------- C:\Documents and Settings\User\Saved Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\User\Application Data\Flood Light Games
2008-07-24 16:31 . 2008-07-26 14:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-07-24 16:30 . 2008-07-24 16:30 <DIR> d-------- C:\WINDOWS\Women's Murder Club - Death in Scarlet
2008-07-23 23:11 . 2008-07-24 08:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\TweakNow PowerPack
2008-07-23 19:58 . 2008-07-23 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hot Lava Games
2008-07-23 19:57 . 2008-07-23 19:57 <DIR> d-------- C:\WINDOWS\Little Farm
2008-07-23 19:57 . 2008-07-24 11:35 <DIR> d-------- C:\Program Files\Little Farm
2008-07-23 11:00 . 2008-07-26 09:03 <DIR> d-------- C:\Documents and Settings\User\Application Data\Registry Booster
2008-07-23 09:38 . 2008-07-23 09:38 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktop Mechanic
2008-07-22 16:24 . 2008-07-22 16:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Nero
2008-07-22 16:19 . 2008-07-22 16:21 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-22 15:10 . 2008-07-22 15:10 <DIR> d-------- C:\WINDOWS\Build in Time
2008-07-21 16:48 . 2008-07-21 16:48 <DIR> d-------- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
2008-07-21 16:31 . 2008-07-21 16:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\AudioMoves
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Program Files\BitDefender
2008-07-21 13:21 . 2008-07-21 13:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Bitdefender
2008-07-21 13:21 . 2008-07-21 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-21 13:19 . 2008-08-02 12:25 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-07-21 12:41 . 2008-08-01 18:26 <DIR> d-------- C:\Documents and Settings\User\Application Data\Vso
2008-07-21 12:41 . 2008-08-01 10:04 <DIR> d-------- C:\Documents and Settings\User\Application Data\Uniblue
2008-07-21 12:41 . 2008-07-24 18:35 <DIR> d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2008-07-21 12:41 . 2008-07-21 12:41 <DIR> d-------- C:\Documents and Settings\User\Application Data\DMCache
2008-07-21 12:39 . 2008-08-03 20:07 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 12:39 . 2008-07-21 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-21 08:47 . 2008-07-21 12:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\MagicDVDCreator
2008-07-19 13:59 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-19 13:59 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-19 13:59 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-19 13:59 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-19 13:59 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-07-19 13:59 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-19 12:31 . 2008-07-19 12:31 81,920 --a------ C:\Documents and Settings\User\Application Data\ezpinst.exe
2008-07-19 10:42 . 2008-07-26 09:13 <DIR> d-------- C:\Program Files\Unlocker
2008-07-19 10:42 . 2008-07-29 20:19 <DIR> d-------- C:\Documents and Settings\User\Application Data\Desktopicon
2008-07-18 09:52 . 2008-07-18 09:52 <DIR> d--h----- C:\WINDOWS\Icons
2008-07-17 19:59 . 2008-07-17 19:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\CyberLink
2008-07-17 19:41 . 2008-08-03 20:22 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-07-17 18:24 . 2008-07-17 18:24 <DIR> d-------- C:\Documents and Settings\User\Application Data\Thunderbird
2008-07-17 18:24 . 2008-07-17 18:24 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-17 17:26 . 2008-07-28 10:25 47,360 --a------ C:\Documents and Settings\User\Application Data\pcouffin.sys
2008-07-17 15:46 . 2008-08-03 20:21 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-17 14:59 . 2008-07-17 22:03 <DIR> d-------- C:\Program Files\Your Uninstaller 2008
2008-07-17 14:59 . 2008-07-17 14:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\URSoft
2008-07-17 13:44 . 2008-07-17 14:21 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-17 13:28 . 2008-07-17 13:28 42 --a------ C:\WINDOWS\system32\AK083E209605E394C.lie
2008-07-16 17:35 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 17:35 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 17:35 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-16 13:14 . 2008-07-21 12:12 <DIR> d-------- C:\Webshots Data
2008-07-15 23:03 . 2008-07-15 23:03 0 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-07-15 23:02 . 2008-07-16 13:12 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-07-15 15:07 . 2008-07-15 22:45 <DIR> d-------- C:\Documents and Settings\User\Application Data\TmpRecentIcons
2008-07-15 13:18 . 2008-07-28 10:42 67 --a------ C:\WINDOWS\Easy DVD Creator.INI
2008-07-14 12:23 . 2008-07-14 12:23 <DIR> d-------- C:\WINDOWS\Sun
2008-07-14 12:19 . 2008-07-14 12:19 <DIR> d-------- C:\Garmin
2008-07-12 13:09 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Virtual Villagers - The Secret City
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Program Files\bfgclient
2008-07-12 13:09 . 2008-07-12 13:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Program Files\PrintParade Studio
2008-07-12 12:06 . 2008-07-12 12:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\Printparade
2008-07-12 12:06 . 2003-06-25 11:17 374,272 --a------ C:\WINDOWS\system32\Dav3_32.dll
2008-07-12 12:06 . 2003-06-24 13:35 143,360 --a------ C:\WINDOWS\system32\leon3_32.dll
2008-07-11 11:20 . 2008-07-11 11:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-10 17:40 . 2008-07-15 11:48 <DIR> d-------- C:\Downloads
2008-07-10 13:13 . 2008-07-16 16:49 <DIR> d-------- C:\Program Files\Mario Worlds
2008-07-06 13:15 . 2008-07-06 13:15 <DIR> d-------- C:\Documents and Settings\User\Application Data\PlanetPlayMore
2008-07-06 13:14 . 2008-07-07 18:35 <DIR> d-------- C:\Program Files\Tropicabana
2008-07-04 12:11 . 2008-07-04 12:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-04 12:07 . 2008-07-22 16:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-07-04 08:48 . 2008-07-04 12:28 <DIR> d-------- C:\Program Files\Flash Slideshow Maker Professional
2008-07-03 09:47 . 2008-07-03 09:47 <DIR> d-------- C:\Documents and Settings\User\Application Data\TuxPaint
2008-07-03 09:45 . 2008-07-03 09:45 1,409 --a------ C:\WINDOWS\system32\tmp15C91.FOT
2008-07-03 09:21 . 2008-07-24 18:57 51,355 --a------ C:\WINDOWS\system32\muzika.xm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-03 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-03 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-08-02 11:37 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-31 12:53 0 ----a-w C:\Program Files\temp01
2008-07-28 07:38 --------- d-----w C:\Program Files\Java
2008-07-24 18:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 13:12 --------- d-----w C:\Program Files\Build in Time
2008-07-23 10:39 --------- d-----w C:\Program Files\Bejeweled 2 Deluxe
2008-07-23 10:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-22 15:19 --------- d-----w C:\Program Files\Nero
2008-07-22 15:10 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-18 09:34 --------- d-----w C:\Program Files\Microsoft Plus!
2008-07-18 09:31 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-16 15:49 --------- d-----w C:\Program Files\Ricochet Xtreme
2008-07-16 15:49 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-16 15:49 --------- d-----w C:\Program Files\Bejeweled
2008-07-16 15:49 --------- d-----w C:\Program Files\Alchemy
2008-07-09 12:41 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 12:41 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-09 12:41 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-07-04 11:28 --------- d-----w C:\Program Files\Tradewinds Full Game
2008-07-04 08:07 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2008-07-01 10:33 --------- d-----w C:\Documents and Settings\User\Application Data\TuneUp Software
2008-07-01 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-06-30 11:35 --------- d-----w C:\Program Files\Bonjour
2008-06-27 14:00 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\iolo
2008-06-27 12:50 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-06-27 12:48 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-06-27 09:25 --------- d-----w C:\Program Files\Apple Software Update
2008-06-27 09:18 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2008-06-27 09:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-27 09:16 --------- d-----w C:\Program Files\iTunes
2008-06-27 09:16 --------- d-----w C:\Program Files\iPod
2008-06-27 09:15 --------- d-----w C:\Program Files\QuickTime
2008-06-27 09:14 --------- d-----w C:\Program Files\Common Files\Apple
2008-06-27 09:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-06-26 17:54 --------- d-----w C:\Program Files\Kontiki
2008-06-26 15:23 --------- d-----w C:\Program Files\Windows Live
2008-06-26 15:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-26 15:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-25 13:42 --------- d-----w C:\Program Files\Webshots
2008-06-25 13:42 --------- d-----w C:\Documents and Settings\User\Application Data\Webshots
2008-06-25 13:19 --------- d-----w C:\Program Files\IObit
2008-06-25 13:19 --------- d-----w C:\Documents and Settings\User\Application Data\IObit
2008-06-25 13:04 --------- d-----w C:\Program Files\Common Files\xing shared
2008-06-25 13:03 --------- d-----w C:\Program Files\Common Files\Real
2008-06-25 12:51 --------- d-----w C:\Program Files\Real
2008-06-25 12:07 --------- d-----w C:\Program Files\Cake Mania
2008-06-25 12:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-25 11:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-06-25 11:56 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-06-25 11:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 11:02 --------- d-----w C:\Program Files\ToniArts
2008-06-25 11:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-25 11:01 --------- d-----w C:\Program Files\ReflexiveArcade
2008-06-25 09:59 --------- d-----w C:\Program Files\Thomson
2008-06-25 09:55 --------- d-----w C:\Program Files\Canon
2008-06-25 09:52 --------- d-----w C:\Program Files\hp deskjet 845c series
2008-06-25 09:51 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-24 15:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-24 13:54 --------- d-----w C:\Program Files\MSBuild
2008-06-24 13:54 --------- d-----w C:\Program Files\Microsoft Works
2008-06-24 13:52 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-24 13:50 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-06-24 12:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-24 12:26 --------- d-----w C:\Program Files\CyberLink
2008-06-24 11:40 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-24 11:23 507,904 ----a-w C:\WINDOWS\system32\winlogon.exe
2008-06-24 10:54 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 08:37 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2008-06-08 08:37 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2008-06-06 13:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2008-06-06 13:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2008-05-29 08:28 28,416 ----a-w C:\WINDOWS\system32\uxtuneup.dll
2008-05-16 10:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.
------- Sigcheck -------
2008-06-24 12:23 507904 c2d1429e210a032d36bb24493214e584 C:\WINDOWS\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"BitDefender Agent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-08-02 12:36 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
C:\Documents and Settings\User\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-06-25 14:42:29 63064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"mW[íµˆÖ¾`=µú¾˜v%S8’ÿÙêé>grl>Ý\†Ð=ŸàÛ±Þ"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:41]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-29 20:17]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:41]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 05:42]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-08-02 12:37]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-03 08:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-08-03 19:22:52 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-31 16:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-08-03 19:22:51 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-27 07:54:09 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-03 20:23:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\PROGRA~1\Webshots\Webshots.scr
.
**************************************************************************
.
Completion time: 2008-08-03 20:29:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 19:29:20
Pre-Run: 42,832,977,920 bytes free
Post-Run: 42,736,328,704 bytes free
357 --- E O F --- 2008-07-28 07:47:30
You do not have the required permissions to view the files attached to this post.