|
| ||
| Annoying adaware called cast blue.exe Hello, I've got an annoying adaware that after I neutralaized it it came back again My HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:56:11 AM, on 8/21/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE D:\Mom\AppServ\Apache2.2\bin\httpd.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Verdiem\Edison\edsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe D:\Mom\AppServ\Apache2.2\bin\httpd.exe D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\zimbra\zdesktop\zdesktop.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\HUMANIZEDENSO\ENSO.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\UPDATE\GOOGLEUPDATE.EXE C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\YOUTUBE\UPLOADER\YOUTUBEUPLOADER.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice Quickstarter.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Shortcut to lxbkbmgr.exe.lnk = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe O4 - Global Startup: Realtek HD Audio.lnk = C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Mom\AppServ\Apache2.2\bin\httpd.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: mysql - Unknown owner - D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Quorum Service (QuorumService) - Unknown owner - C:\Program Files\NCH Swift Sound\Quorum\quorum.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Yahoo! Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe -- End of file - 13560 bytes |
| ||
| Re: Annoying adaware called cast blue.exe Not seeing anything there. Try this; Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. Make sure that you restart the computer. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt Post new HJT log. |
| ||
| Re: Annoying adaware called cast blue.exe Malwarebytes Anti-Malware doesn't show anything bad in the scan |
| ||
| Re: Annoying adaware called cast blue.exe Please download ComboFix by sUBs from HERE or HERE
Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. |
| ||
| Re: Annoying adaware called cast blue.exe Should be done I hope ComboFix Log: ComboFix 08-08-19.06 - Rony 2008-08-22 0:38:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016 [GMT 3:00] Running from: C:\Documents and Settings\Rony\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall.lnk C:\Documents and Settings\Rony\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat F:\RECYCLER\banner.html F:\RECYCLER\gp.info . ((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 ))))))))))))))))))))))))))))))) . 2008-08-21 18:26 . 2008-08-21 18:26 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\iterasi 2008-08-21 18:22 . 2008-08-21 18:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-21 18:22 . 2008-08-21 18:22 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Malwarebytes 2008-08-21 18:22 . 2008-08-21 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-21 18:22 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-21 18:22 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-21 18:15 . 2008-08-21 18:15 <DIR> d-------- C:\Program Files\EA Games 2008-08-21 11:34 . 2008-08-21 11:34 <DIR> d-------- C:\Program Files\DVD Flick 2008-08-21 11:34 . 2007-08-31 18:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx 2008-08-21 09:31 . 2008-08-21 09:31 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-20 12:21 . 2008-08-20 12:21 <DIR> d-------- C:\Program Files\Verdiem 2008-08-20 08:04 . 2008-08-20 08:04 <DIR> d-------- C:\WINDOWS\system32\Lang 2008-08-19 23:04 . 2008-08-19 23:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-19 22:59 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002975_.tmp 2008-08-19 22:57 . 2008-08-19 22:57 <DIR> d-------- C:\WINDOWS\EHome 2008-08-19 15:09 . 2008-08-19 15:12 <DIR> d-------- C:\Program Files\Openfire 2008-08-19 15:00 . 2008-08-19 15:06 <DIR> d-------- C:\Program Files\ejabberd-2.0.1 2008-08-19 11:24 . 2008-08-19 11:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-19 11:24 . 2008-08-19 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-19 11:23 . 2008-08-19 11:23 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\AdminBoob 2008-08-18 20:02 . 2008-08-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comp two long internet 2008-08-18 20:01 . 2008-08-18 20:01 <DIR> d-------- C:\Program Files\AdminBoob 2008-08-18 19:48 . 2008-08-18 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire 2008-08-18 16:14 . 2008-08-18 16:14 <DIR> d-------- C:\Program Files\ooVoo 2008-08-16 15:42 . 2008-08-16 15:43 <DIR> d-------- C:\MinGW 2008-08-16 11:56 . 2008-08-16 15:38 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Dev-Cpp 2008-08-16 00:24 . 2008-08-16 15:44 <DIR> d-------- C:\Program Files\Notepad++ 2008-08-16 00:24 . 2008-08-16 15:44 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Notepad++ 2008-08-15 22:46 . 2008-08-15 22:46 <DIR> d-------- C:\Program Files\HashCalc 2008-08-15 22:46 . 2008-08-15 22:46 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\PCF-VLC 2008-08-15 17:01 . 2008-08-15 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame 2008-08-15 17:00 . 2008-08-18 19:17 <DIR> d---s---- C:\Program Files\Xfire 2008-08-15 17:00 . 2008-08-19 17:12 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Xfire 2008-08-15 14:53 . 2008-08-15 15:04 <DIR> d-------- C:\Program Files\Kuma Games 2008-08-15 01:02 . 2008-08-19 23:19 2,675 --a------ C:\WINDOWS\imsins.BAK 2008-08-15 00:32 . 2008-08-22 00:42 16,582,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-15 00:32 . 2008-08-21 00:19 164,324 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-15 00:30 . 2008-08-15 00:30 <DIR> d-------- C:\Program Files\ZoneAlarmSB 2008-08-15 00:29 . 2008-08-15 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-08-15 00:29 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-08-15 00:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-08-15 00:29 . 2008-08-15 00:30 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-15 00:28 . 2008-08-15 00:28 <DIR> d-------- C:\Program Files\Zone Labs 2008-08-15 00:27 . 2008-08-21 13:33 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-08-14 11:18 . 2008-04-11 22:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 01:08 . 2008-08-13 01:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll 2008-08-12 13:43 . 2008-08-12 13:43 268 --ah----- C:\sqmdata11.sqm 2008-08-12 13:43 . 2008-08-12 13:43 244 --ah----- C:\sqmnoopt11.sqm 2008-08-12 12:05 . 2008-08-21 14:21 <DIR> d-------- C:\Program Files\OpenDNS Updater 2008-08-11 10:24 . 2008-08-11 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks 2008-08-09 22:11 . 2008-08-09 22:11 <DIR> d-------- C:\Program Files\Evernote 2008-08-09 18:33 . 2008-08-09 18:33 <DIR> d-------- C:\Program Files\CCleaner 2008-08-09 18:29 . 2008-08-09 18:29 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\WinPatrol 2008-08-09 18:28 . 2008-08-09 18:28 <DIR> d-------- C:\Program Files\BillP Studios 2008-08-09 11:52 . 2008-08-10 15:01 <DIR> d-------- C:\Program Files\Winwap Technologies 2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Apple Software Update 2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-08-08 18:18 . 2008-08-08 18:19 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Teleca 2008-08-08 18:17 . 2008-08-08 18:17 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Sony Ericsson 2008-08-08 18:15 . 2008-08-08 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-08-08 18:14 . 2008-08-08 18:14 <DIR> d-------- C:\Program Files\Sony Ericsson 2008-08-08 18:14 . 2008-08-08 18:15 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared 2008-08-08 18:14 . 2008-08-08 18:15 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared 2008-08-08 18:14 . 2008-08-08 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2008-08-08 18:08 . 2008-08-08 18:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-08-08 18:08 . 2008-08-08 18:09 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-07 19:00 . 2008-08-07 19:00 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Datalayer 2008-08-07 18:59 . 2008-08-07 19:00 <DIR> d--hs---- C:\Documents and Settings\Rony\Phone Browser 2008-08-07 18:07 . 2008-08-07 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-08-07 18:07 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-08-07 18:07 . 2008-08-07 18:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-08-07 18:06 . 2008-08-07 18:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-08-07 17:46 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-08-07 17:46 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2008-08-07 17:46 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-08-07 17:46 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-08-07 17:46 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys 2008-08-07 17:46 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-08-07 17:45 . 2008-08-07 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-08-07 17:16 . 2008-08-07 17:16 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-08-07 17:16 . 2008-08-07 17:46 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-08-07 17:16 . 2008-08-07 17:42 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Nokia 2008-08-07 17:16 . 2008-08-07 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-08-07 17:15 . 2008-08-07 17:15 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-08-07 17:15 . 2008-08-07 17:46 <DIR> d-------- C:\Program Files\Nokia 2008-08-07 17:15 . 2008-08-07 17:15 <DIR> d-------- C:\Program Files\DIFX 2008-08-07 17:15 . 2008-08-07 17:42 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\PC Suite 2008-08-07 17:15 . 2008-08-07 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-08-07 17:15 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2008-08-06 14:58 . 2008-08-06 14:58 <DIR> d-------- C:\Program Files\The Game Creators 2008-08-05 08:19 . 2008-08-20 11:21 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\CoreFTP 2008-08-05 08:18 . 2008-08-05 12:15 <DIR> d-------- C:\Program Files\CoreFTP 2008-08-04 20:13 . 2008-08-04 20:13 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\SmartFTP 2008-08-04 19:50 . 2008-08-04 19:50 <DIR> d-------- C:\Program Files\xchat 2008-08-04 19:50 . 2008-08-10 12:42 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\X-Chat 2 2008-08-04 19:08 . 2008-08-04 19:10 <DIR> d-------- C:\Program Files\Free FTP Manager 2008-08-04 19:08 . 2008-08-04 19:08 <DIR> d-------- C:\Program Files\EuroGrand Casino 2008-08-03 16:28 . 2008-08-03 16:28 <DIR> d-------- C:\Documents and Settings\Rony\Woopra 2008-08-03 16:27 . 2008-08-03 16:27 <DIR> d-------- C:\Program Files\Woopra 2008-08-03 13:56 . 2008-08-03 13:56 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12 2008-08-02 19:50 . 2008-08-02 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm 2008-08-02 19:49 . 2008-08-02 19:49 <DIR> d-------- C:\Program Files\Last.fm 2008-08-01 18:10 . 2008-08-01 18:10 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\iLike 2008-07-31 21:01 . 2008-08-06 21:21 <DIR> d-------- C:\Program Files\Spaz 2008-07-31 21:01 . 2008-07-31 21:01 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1 2008-07-31 14:33 . 2008-07-31 14:33 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Joost 2008-07-31 14:32 . 2008-07-31 14:33 <DIR> d-------- C:\Program Files\Joost 2008-07-30 08:55 . 2008-07-30 08:55 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-07-29 18:21 . 2008-08-03 13:17 18 --a------ C:\Documents and Settings\Rony\gdocs.dat 2008-07-28 22:29 . 2008-07-28 22:29 268 --ah----- C:\sqmdata10.sqm 2008-07-28 22:29 . 2008-07-28 22:29 244 --ah----- C:\sqmnoopt10.sqm 2008-07-28 14:19 . 2008-07-28 14:19 <DIR> d-------- C:\Program Files\FeedReader30 2008-07-28 14:19 . 2008-08-04 09:56 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Feedreader 2008-07-28 13:38 . 2008-07-31 15:23 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\jah 2008-07-28 13:14 . 2008-07-28 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios 2008-07-28 12:38 . 2008-08-19 11:44 <DIR> d-------- C:\Program Files\Sun 2008-07-28 11:38 . 2008-07-28 11:38 1 --a------ C:\WINDOWS\system32\SI.bin 2008-07-28 11:36 . 2008-07-28 12:15 <DIR> d-------- C:\Documents and Settings\Rony\.SunDownloadManager 2008-07-28 11:34 . 2008-07-28 11:34 <DIR> d-------- C:\Documents and Settings\postgres 2008-07-28 09:41 . 2008-07-28 09:41 <DIR> d-------- C:\Program Files\Alcohol Soft 2008-07-28 09:08 . 2008-07-28 09:08 268 --ah----- C:\sqmdata09.sqm 2008-07-28 09:08 . 2008-07-28 09:08 244 --ah----- C:\sqmnoopt09.sqm 2008-07-28 09:00 . 2008-07-28 09:00 <DIR> d-------- C:\Program Files\DAEMON Tools Lite 2008-07-28 08:32 . 2008-07-28 08:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager 2008-07-28 08:32 . 2008-07-28 08:32 268 --ah----- C:\sqmdata08.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 21:39 --------- d-----w C:\Documents and Settings\Rony\Application Data\uTorrent 2008-08-21 21:36 --------- d-----w C:\Program Files\LogMeIn 2008-08-21 21:36 --------- d-----w C:\Program Files\FlashGet 2008-08-21 21:22 --------- d-----w C:\Documents and Settings\Rony\Application Data\Skype 2008-08-21 21:09 --------- d-----w C:\Documents and Settings\Rony\Application Data\skypePM 2008-08-21 16:11 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin 2008-08-21 15:20 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Documents and Settings\Rony\Application Data\DVD Flick 2008-08-21 08:07 --------- d-----w C:\Program Files\Picasa2 2008-08-21 04:08 --------- d-----w C:\Documents and Settings\Rony\Application Data\OpenOffice.org2 2008-08-20 14:52 --------- d-----w C:\Program Files\Opera 2008-08-20 13:05 --------- d-----w C:\Program Files\Lexmark X1100 Series 2008-08-20 12:59 --------- d-----w C:\Documents and Settings\Rony\Application Data\gtk-2.0 2008-08-19 08:57 --------- d-----w C:\Program Files\AdVantage 2008-08-15 15:43 --------- d-----w C:\Program Files\DivX 2008-08-15 14:46 --------- d--h--w C:\Documents and Settings\Rony\Application Data\ijjigame 2008-08-14 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-11 07:23 --------- d-----w C:\Program Files\Orb Networks 2008-08-10 05:29 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-08 08:15 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-08-04 17:09 --------- d-----w C:\Documents and Settings\Rony\Application Data\FileZilla 2008-08-03 06:34 --------- d-----w C:\Program Files\ILEN_Radiobar 2008-08-02 21:06 --------- d-----w C:\Documents and Settings\Rony\Application Data\ppstream 2008-08-02 21:02 --------- d-----w C:\Program Files\Java 2008-07-31 20:41 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-07-29 18:24 54,896 ----a-w C:\WINDOWS\system32\drivers\VBoxDrv.sys 2008-07-29 18:24 41,616 ----a-w C:\WINDOWS\system32\drivers\VBoxUSBMon.sys 2008-07-29 15:18 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-07-28 10:38 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll 2008-07-28 10:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-26 06:48 --------- d-----w C:\Program Files\PicLensIE 2008-07-24 06:26 --------- d-----w C:\Program Files\Project64 1.6 2008-07-23 06:46 --------- d-----w C:\Program Files\Winamp 2008-07-23 06:41 --------- d-----w C:\Documents and Settings\Rony\Application Data\Winamp 2008-07-22 19:41 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-22 11:09 --------- d-----w C:\Program Files\UltraVNC 2008-07-22 03:48 --------- d-----w C:\Program Files\d-lusion 2008-07-21 19:24 --------- d-----w C:\Program Files\Mixxx 2008-07-21 19:07 --------- d-----w C:\Program Files\NCH Swift Sound 2008-07-21 19:07 --------- d-----w C:\Documents and Settings\Rony\Application Data\NCH Swift Sound 2008-07-21 13:36 85,812 ----a-w C:\WINDOWS\system32\GlyphInfo.bin 2008-07-21 13:36 284,548 ----a-w C:\WINDOWS\system32\FontInfo.bin 2008-07-21 04:12 --------- d-----w C:\Program Files\Gabest 2008-07-19 14:47 37,008 ----a-w C:\WINDOWS\unins-riff-cdxa-filter-test6b.exe 2008-07-19 14:14 --------- d-----w C:\Program Files\Bots 2008-07-19 07:42 --------- d-----w C:\Program Files\EvilLyrics 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 15:55 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-07-17 13:04 --------- d-----w C:\Documents and Settings\Rony\Application Data\WebApps 2008-07-17 13:04 --------- d-----w C:\Documents and Settings\Rony\Application Data\Prism 2008-07-17 11:18 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared 2008-07-17 03:49 --------- d-----w C:\Program Files\Sony Setup 2008-07-16 12:38 --------- d-----w C:\Documents and Settings\Rony\Application Data\Ahead 2008-07-16 11:54 --------- d-----w C:\Documents and Settings\Rony\Application Data\Windows Desktop Search 2008-07-16 11:41 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-16 11:29 --------- d-----w C:\Program Files\Decaf 2008-07-16 11:29 --------- d-----w C:\Program Files\BabasChess 2008-07-15 18:30 --------- d-----w C:\Program Files\Microsoft Works 2008-07-15 18:29 --------- d-----w C:\Program Files\Microsoft.NET 2008-07-14 04:10 --------- d-----w C:\Program Files\Codemasters 2008-07-12 20:18 --------- d-----w C:\Documents and Settings\Rony\Application Data\Wireshark 2008-07-12 19:51 --------- d-----w C:\Program Files\Wireshark 2008-07-12 19:50 --------- d-----w C:\Program Files\WinPcap 2008-07-12 14:47 --------- d-----w C:\Program Files\NCH Software 2008-07-12 14:42 81,920 ----a-w C:\WINDOWS\DUMP4064.tmp 2008-07-12 14:42 81,920 ----a-w C:\WINDOWS\DUMP4016.tmp 2008-07-12 14:41 81,920 ----a-w C:\WINDOWS\DUMP4527.tmp 2008-07-12 14:14 --------- d-----w C:\Program Files\MixSense 2008-07-12 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software 2008-07-12 10:38 --------- d-----w C:\Program Files\Kramware 2008-07-12 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound 2008-07-12 10:16 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\NCH Swift Sound 2008-07-11 16:49 --------- d-----w C:\Program Files\CounterPath 2008-07-11 16:48 --------- d-----w C:\Documents and Settings\Rony\Application Data\Freshtel 2008-07-11 15:29 --------- d-----w C:\Program Files\Common Files\GTK 2008-07-11 15:27 31,232 ----a-w C:\WINDOWS\system32\drivers\Uplink.sys 2008-07-11 14:19 --------- d-----w C:\Documents and Settings\Rony\Application Data\DivX 2008-07-10 12:05 --------- d-----w C:\Program Files\MeadCo Neptune 2008-07-10 12:03 --------- d-----w C:\Documents and Settings\Rony\Application Data\vlc 2008-07-10 11:51 --------- d-----w C:\Program Files\VideoLAN 2008-07-09 16:30 --------- d-----w C:\Program Files\FLV Player 2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-08 14:33 --------- d-----w C:\Documents and Settings\Rony\Application Data\Apple Computer 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 13:37 --------- d-----w C:\Program Files\uTorrent 2008-07-07 12:57 --------- d-----w C:\Program Files\eMule 2008-07-05 15:47 --------- d-----w C:\Program Files\Monsters 2008-07-05 15:34 737,280 ----a-w C:\WINDOWS\iun6002.exe 2008-07-05 15:27 --------- d-----w C:\Documents and Settings\Rony\Application Data\Call Graph 2008-07-05 14:19 --------- d-----w C:\Program Files\Stardock 2008-07-05 05:51 --------- d-----w C:\Program Files\Conduit . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-01-04 14:15 1126400] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 04:23 443968] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] "NEW MODE"="C:\DOCUME~1\Rony\APPLIC~1\ADMINB~1\cast blue.exe" [2008-08-18 20:01 518656] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" [2008-06-17 16:22 439736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-11 18:25 413696] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 08:51 8523776] "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2006-06-18 14:56 712704] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 19:58 333120] "OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-08-21 14:21 209408] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] "Edison"="C:\Program Files\Verdiem\Edison\Edison.exe" [2008-07-31 15:19 1795328] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360] "PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304] C:\Documents and Settings\Rony\Start Menu\Programs\Startup\ IterasiFFScheduler.lnk - C:\Documents and Settings\Rony\Application Data\iterasi\xdfmz2k4.default\iterasiFFScheduler.exe [2008-08-21 18:26:12 81920] OpenOffice Quickstarter.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216] Shortcut to lxbkbmgr.exe.lnk - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2008-05-27 22:13:18 57344] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ AVG Free Tray Icon.lnk - C:\Program Files\AVG\AVG8\avgtray.exe [2008-07-04 09:48:59 1232152] Realtek HD Audio.lnk - C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe [2008-06-05 21:38:30 16862720] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.asv2"= asusasv2.dll "VIDC.CSCD"= camcodec.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-06-19 15:15 3664944 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\FlashGet\\flashget.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "D:\\Civ4\\Civilization4.exe"= "D:\\Civ4\\Warlords\\Civ4Warlords.exe"= "D:\\Civ4\\Beyond the Sword\\Civ4BeyondSword.exe"= "C:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "D:\\FS2004\\fs9.exe"= "C:\\Documents and Settings\\Rony\\My Documents\\SAMP\\samp-server.exe"= "C:\\Program Files\\ICQ6\\ICQ.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\Spikko\\SpikkoPhone.exe"= "C:\\Program Files\\ooVoo\\ooVoo.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "D:\\Mom\\AppServ\\Apache2.2\\bin\\httpd.exe"= "C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"= "D:\\Sauerbraten\\bin\\sauerbraten.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\UltraVNC\\winvnc.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "D:\\Stronghold 2\\Stronghold2.exe"= "C:\\Program Files\\Java\\jdk1.6.0_10\\bin\\java.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Woopra\\Woopra.exe"= "C:\\Program Files\\UltraVNC\\repeater.exe"= "C:\\Program Files\\xchat\\xchat.exe"= "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"= "C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57698:TCP"= 57698:TCP:Pando P2P TCP Listening Port "57698:UDP"= 57698:UDP:Pando P2P UDP Listening Port "82:TCP"= 82:TCP:WMP "443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675 "86:TCP"= 86:TCP:Quorum Web Server "8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP) "5070:UDP"= 5070:UDP:IVM Answering Attendant Sip Incoming Calls (UDP) "606:TCP"= 606:TCP:VoIP On-Hold Server "5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP) "81:TCP"= 81:TCP:Axon Virtual PBX Web Control Panel "5071:UDP"= 5071:UDP:Express Talk Sip Incoming Calls (UDP) "5065:UDP"= 5065:UDP:Axon Virtual PBX Sip Incoming Calls (UDP) "9420:TCP"= 9420:TCP:Red Swoosh "5000:UDP"= 5000:UDP:Red Swoosh "1222:TCP"= 1222:TCP:*:Disabled:ooVoo TCP port 1222 "1222:UDP"= 1222:UDP:*:Disabled:ooVoo UDP port 1222 "1223:UDP"= 1223:UDP:*:Disabled:ooVoo UDP port 1223 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:48] R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44] R2 Apache2.2;Apache2.2;D:\Mom\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 20:37] R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:48] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:48] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:48] R2 edsvc;Edison Power Management Service;C:\Program Files\Verdiem\Edison\edsvc.exe [2008-07-31 15:19] R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39] R2 Yahoo! Zimbra Desktop Service;Yahoo! Zimbra Desktop Service;C:\zimbra\zdesktop\zdesktop.exe [2008-07-24 21:55] R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 17:48] R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 14:06] R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:05] R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13] R3 SaiH0255;SaiH0255;C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 12:00] R3 Uplink;Uplink;C:\WINDOWS\system32\drivers\Uplink.sys [2008-07-11 18:27] R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-22 00:00] R3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-22 00:00] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48] S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 23:22] S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23] S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23] S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23] S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23] S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23] S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23] S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24] S3 VBoxTAP;VirtualBox TAP Adapter;C:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2008-05-31 01:42] S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1ba5396-5c60-11dd-a05f-001e8c80d05e}] \Shell\AutoRun\command - G:\Autorun.exe *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY *Newly Created Service* - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file) HKCU-Run-PowerBar - (no file) HKCU-Run-eyeBeam SIP Client - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Rony\Application Data\Mozilla\Firefox\Profiles\xdfmz2k4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daniweb.com/ FF -: plugin - C:\Documents and Settings\Rony\Application Data\Mozilla\Firefox\Profiles\xdfmz2k4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll FF -: plugin - C:\Documents and Settings\Rony\Local Settings\Application Data\Google\Update\1.2.121.17\npGoogleOneClick.dll FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 00:42:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0?????????????st??A~????????????????Iz@?????O???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mysql] "ImagePath"="D:\Mom\AppServ\MySQL\bin\mysqld-nt --defaults-file=D:\Mom\AppServ\MySQL\my.ini mysql" . Completion time: 2008-08-22 0:44:21 ComboFix-quarantined-files.txt 2008-08-21 21:44:14 Pre-Run: 65,939,480,576 bytes free Post-Run: 65,963,933,696 bytes free 457 --- E O F --- 2008-08-20 05:08:07 HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:50:40 AM, on 8/22/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE D:\Mom\AppServ\Apache2.2\bin\httpd.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Verdiem\Edison\edsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe D:\Mom\AppServ\Apache2.2\bin\httpd.exe D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\zimbra\zdesktop\zdesktop.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRAM FILES\WINAMP\WINAMPA.EXE C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\HUMANIZEDENSO\ENSO.EXE C:\Program Files\AVG\AVG8\avgtray.exe C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\UPDATE\GOOGLEUPDATE.EXE C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\YOUTUBE\UPLOADER\YOUTUBEUPLOADER.EXE C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Documents and Settings\Rony\Application Data\iterasi\xdfmz2k4.default\iterasiFFScheduler.exe C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: IterasiFFScheduler.lnk = C:\Documents and Settings\Rony\Application Data\iterasi\xdfmz2k4.default\iterasiFFScheduler.exe O4 - Startup: OpenOffice Quickstarter.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: Shortcut to lxbkbmgr.exe.lnk = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe O4 - Global Startup: Realtek HD Audio.lnk = C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - D:\Mom\AppServ\Apache2.2\bin\httpd.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: mysql - Unknown owner - D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Yahoo! Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe -- End of file - 13503 bytes Thanks for the help |
| ||
| Re: Annoying adaware called cast blue.exe As well as deleting a few items, Combofix has revealed that there is a LOP infection. == First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the Lop Remover from: http://66.220.17.157/help.html == Run Combofix again when done and post both it's log and another hijackthis log. |
| All times are GMT -4. The time now is 7:24 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC