0

Hello,
I've got an annoying adaware that after I neutralaized it it came back again

My HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:11 AM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Mom\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Mom\AppServ\Apache2.2\bin\httpd.exe
D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\zimbra\zdesktop\zdesktop.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE
C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\HUMANIZEDENSO\ENSO.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\YOUTUBE\UPLOADER\YOUTUBEUPLOADER.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice Quickstarter.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Shortcut to lxbkbmgr.exe.lnk = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe
O4 - Global Startup: Realtek HD Audio.lnk = C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Mom\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mysql - Unknown owner - D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Quorum Service (QuorumService) - Unknown owner - C:\Program Files\NCH Swift Sound\Quorum\quorum.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe

--
End of file - 13560 bytes

2
Contributors
5
Replies
6
Views
9 Years
Discussion Span
Last Post by crunchie
0

Not seeing anything there. Try this;

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

0

Malwarebytes Anti-Malware doesn't show anything bad in the scan

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Should be done I hope

ComboFix Log:
ComboFix 08-08-19.06 - Rony 2008-08-22 0:38:07.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1016 [GMT 3:00]
Running from: C:\Documents and Settings\Rony\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Uninstall.lnk
C:\Documents and Settings\Rony\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
F:\RECYCLER\banner.html
F:\RECYCLER\gp.info

.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.

2008-08-21 18:26 . 2008-08-21 18:26 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\iterasi
2008-08-21 18:22 . 2008-08-21 18:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 18:22 . 2008-08-21 18:22 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Malwarebytes
2008-08-21 18:22 . 2008-08-21 18:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-21 18:22 . 2008-08-17 15:05 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-21 18:22 . 2008-08-17 15:05 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-21 18:15 . 2008-08-21 18:15 <DIR> d-------- C:\Program Files\EA Games
2008-08-21 11:34 . 2008-08-21 11:34 <DIR> d-------- C:\Program Files\DVD Flick
2008-08-21 11:34 . 2007-08-31 18:36 36,864 --a------ C:\WINDOWS\system32\trayicon_handler.ocx
2008-08-21 09:31 . 2008-08-21 09:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-20 12:21 . 2008-08-20 12:21 <DIR> d-------- C:\Program Files\Verdiem
2008-08-20 08:04 . 2008-08-20 08:04 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-08-19 23:04 . 2008-08-19 23:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-19 22:59 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\002975_.tmp
2008-08-19 22:57 . 2008-08-19 22:57 <DIR> d-------- C:\WINDOWS\EHome
2008-08-19 15:09 . 2008-08-19 15:12 <DIR> d-------- C:\Program Files\Openfire
2008-08-19 15:00 . 2008-08-19 15:06 <DIR> d-------- C:\Program Files\ejabberd-2.0.1
2008-08-19 11:24 . 2008-08-19 11:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-19 11:24 . 2008-08-19 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-19 11:23 . 2008-08-19 11:23 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\AdminBoob
2008-08-18 20:02 . 2008-08-18 20:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comp two long internet
2008-08-18 20:01 . 2008-08-18 20:01 <DIR> d-------- C:\Program Files\AdminBoob
2008-08-18 19:48 . 2008-08-18 19:48 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-08-18 16:14 . 2008-08-18 16:14 <DIR> d-------- C:\Program Files\ooVoo
2008-08-16 15:42 . 2008-08-16 15:43 <DIR> d-------- C:\MinGW
2008-08-16 11:56 . 2008-08-16 15:38 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Dev-Cpp
2008-08-16 00:24 . 2008-08-16 15:44 <DIR> d-------- C:\Program Files\Notepad++
2008-08-16 00:24 . 2008-08-16 15:44 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Notepad++
2008-08-15 22:46 . 2008-08-15 22:46 <DIR> d-------- C:\Program Files\HashCalc
2008-08-15 22:46 . 2008-08-15 22:46 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\PCF-VLC
2008-08-15 17:01 . 2008-08-15 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-08-15 17:00 . 2008-08-18 19:17 <DIR> d---s---- C:\Program Files\Xfire
2008-08-15 17:00 . 2008-08-19 17:12 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Xfire
2008-08-15 14:53 . 2008-08-15 15:04 <DIR> d-------- C:\Program Files\Kuma Games
2008-08-15 01:02 . 2008-08-19 23:19 2,675 --a------ C:\WINDOWS\imsins.BAK
2008-08-15 00:32 . 2008-08-22 00:42 16,582,688 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-15 00:32 . 2008-08-21 00:19 164,324 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-15 00:30 . 2008-08-15 00:30 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-08-15 00:29 . 2008-08-15 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-15 00:29 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-08-15 00:29 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-08-15 00:29 . 2008-08-15 00:30 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-15 00:28 . 2008-08-15 00:28 <DIR> d-------- C:\Program Files\Zone Labs
2008-08-15 00:27 . 2008-08-21 13:33 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-08-14 11:18 . 2008-04-11 22:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 01:08 . 2008-08-13 01:08 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-08-12 13:43 . 2008-08-12 13:43 268 --ah----- C:\sqmdata11.sqm
2008-08-12 13:43 . 2008-08-12 13:43 244 --ah----- C:\sqmnoopt11.sqm
2008-08-12 12:05 . 2008-08-21 14:21 <DIR> d-------- C:\Program Files\OpenDNS Updater
2008-08-11 10:24 . 2008-08-11 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-08-09 22:11 . 2008-08-09 22:11 <DIR> d-------- C:\Program Files\Evernote
2008-08-09 18:33 . 2008-08-09 18:33 <DIR> d-------- C:\Program Files\CCleaner
2008-08-09 18:29 . 2008-08-09 18:29 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\WinPatrol
2008-08-09 18:28 . 2008-08-09 18:28 <DIR> d-------- C:\Program Files\BillP Studios
2008-08-09 11:52 . 2008-08-10 15:01 <DIR> d-------- C:\Program Files\Winwap Technologies
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-08 18:28 . 2008-08-08 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-08 18:18 . 2008-08-08 18:19 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Teleca
2008-08-08 18:17 . 2008-08-08 18:17 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Sony Ericsson
2008-08-08 18:15 . 2008-08-08 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-08-08 18:14 . 2008-08-08 18:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-08-08 18:14 . 2008-08-08 18:15 <DIR> d-------- C:\Program Files\Common Files\Teleca Shared
2008-08-08 18:14 . 2008-08-08 18:15 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-08-08 18:14 . 2008-08-08 18:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-08-08 18:08 . 2008-08-08 18:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-08 18:08 . 2008-08-08 18:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-07 19:00 . 2008-08-07 19:00 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Datalayer
2008-08-07 18:59 . 2008-08-07 19:00 <DIR> d--hs---- C:\Documents and Settings\Rony\Phone Browser
2008-08-07 18:07 . 2008-08-07 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-08-07 18:07 . 2008-04-14 00:15 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-08-07 18:07 . 2008-08-07 18:07 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-07 18:06 . 2008-08-07 18:06 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-07 17:46 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-08-07 17:46 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-08-07 17:46 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-08-07 17:46 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-08-07 17:46 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-08-07 17:46 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-08-07 17:45 . 2008-08-07 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-08-07 17:16 . 2008-08-07 17:16 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-08-07 17:16 . 2008-08-07 17:46 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-08-07 17:16 . 2008-08-07 17:42 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Nokia
2008-08-07 17:16 . 2008-08-07 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-07 17:15 . 2008-08-07 17:15 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-08-07 17:15 . 2008-08-07 17:46 <DIR> d-------- C:\Program Files\Nokia
2008-08-07 17:15 . 2008-08-07 17:15 <DIR> d-------- C:\Program Files\DIFX
2008-08-07 17:15 . 2008-08-07 17:42 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\PC Suite
2008-08-07 17:15 . 2008-08-07 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-08-07 17:15 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-08-06 14:58 . 2008-08-06 14:58 <DIR> d-------- C:\Program Files\The Game Creators
2008-08-05 08:19 . 2008-08-20 11:21 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\CoreFTP
2008-08-05 08:18 . 2008-08-05 12:15 <DIR> d-------- C:\Program Files\CoreFTP
2008-08-04 20:13 . 2008-08-04 20:13 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\SmartFTP
2008-08-04 19:50 . 2008-08-04 19:50 <DIR> d-------- C:\Program Files\xchat
2008-08-04 19:50 . 2008-08-10 12:42 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\X-Chat 2
2008-08-04 19:08 . 2008-08-04 19:10 <DIR> d-------- C:\Program Files\Free FTP Manager
2008-08-04 19:08 . 2008-08-04 19:08 <DIR> d-------- C:\Program Files\EuroGrand Casino
2008-08-03 16:28 . 2008-08-03 16:28 <DIR> d-------- C:\Documents and Settings\Rony\Woopra
2008-08-03 16:27 . 2008-08-03 16:27 <DIR> d-------- C:\Program Files\Woopra
2008-08-03 13:56 . 2008-08-03 13:56 <DIR> d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-08-02 19:50 . 2008-08-02 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-08-02 19:49 . 2008-08-02 19:49 <DIR> d-------- C:\Program Files\Last.fm
2008-08-01 18:10 . 2008-08-01 18:10 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\iLike
2008-07-31 21:01 . 2008-08-06 21:21 <DIR> d-------- C:\Program Files\Spaz
2008-07-31 21:01 . 2008-07-31 21:01 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1
2008-07-31 14:33 . 2008-07-31 14:33 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Joost
2008-07-31 14:32 . 2008-07-31 14:33 <DIR> d-------- C:\Program Files\Joost
2008-07-30 08:55 . 2008-07-30 08:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-29 18:21 . 2008-08-03 13:17 18 --a------ C:\Documents and Settings\Rony\gdocs.dat
2008-07-28 22:29 . 2008-07-28 22:29 268 --ah----- C:\sqmdata10.sqm
2008-07-28 22:29 . 2008-07-28 22:29 244 --ah----- C:\sqmnoopt10.sqm
2008-07-28 14:19 . 2008-07-28 14:19 <DIR> d-------- C:\Program Files\FeedReader30
2008-07-28 14:19 . 2008-08-04 09:56 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\Feedreader
2008-07-28 13:38 . 2008-07-31 15:23 <DIR> d-------- C:\Documents and Settings\Rony\Application Data\jah
2008-07-28 13:14 . 2008-07-28 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Firefly Studios
2008-07-28 12:38 . 2008-08-19 11:44 <DIR> d-------- C:\Program Files\Sun
2008-07-28 11:38 . 2008-07-28 11:38 1 --a------ C:\WINDOWS\system32\SI.bin
2008-07-28 11:36 . 2008-07-28 12:15 <DIR> d-------- C:\Documents and Settings\Rony\.SunDownloadManager
2008-07-28 11:34 . 2008-07-28 11:34 <DIR> d-------- C:\Documents and Settings\postgres
2008-07-28 09:41 . 2008-07-28 09:41 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-28 09:08 . 2008-07-28 09:08 268 --ah----- C:\sqmdata09.sqm
2008-07-28 09:08 . 2008-07-28 09:08 244 --ah----- C:\sqmnoopt09.sqm
2008-07-28 09:00 . 2008-07-28 09:00 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-28 08:32 . 2008-07-28 08:32 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-28 08:32 . 2008-07-28 08:32 268 --ah----- C:\sqmdata08.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 21:39 --------- d-----w C:\Documents and Settings\Rony\Application Data\uTorrent
2008-08-21 21:36 --------- d-----w C:\Program Files\LogMeIn
2008-08-21 21:36 --------- d-----w C:\Program Files\FlashGet
2008-08-21 21:22 --------- d-----w C:\Documents and Settings\Rony\Application Data\Skype
2008-08-21 21:09 --------- d-----w C:\Documents and Settings\Rony\Application Data\skypePM
2008-08-21 16:11 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-08-21 15:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 08:49 --------- d-----w C:\Documents and Settings\Rony\Application Data\DVD Flick
2008-08-21 08:07 --------- d-----w C:\Program Files\Picasa2
2008-08-21 04:08 --------- d-----w C:\Documents and Settings\Rony\Application Data\OpenOffice.org2
2008-08-20 14:52 --------- d-----w C:\Program Files\Opera
2008-08-20 13:05 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-08-20 12:59 --------- d-----w C:\Documents and Settings\Rony\Application Data\gtk-2.0
2008-08-19 08:57 --------- d-----w C:\Program Files\AdVantage
2008-08-15 15:43 --------- d-----w C:\Program Files\DivX
2008-08-15 14:46 --------- d--h--w C:\Documents and Settings\Rony\Application Data\ijjigame
2008-08-14 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-11 07:23 --------- d-----w C:\Program Files\Orb Networks
2008-08-10 05:29 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-08 08:15 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-04 17:09 --------- d-----w C:\Documents and Settings\Rony\Application Data\FileZilla
2008-08-03 06:34 --------- d-----w C:\Program Files\ILEN_Radiobar
2008-08-02 21:06 --------- d-----w C:\Documents and Settings\Rony\Application Data\ppstream
2008-08-02 21:02 --------- d-----w C:\Program Files\Java
2008-07-31 20:41 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-07-29 18:24 54,896 ----a-w C:\WINDOWS\system32\drivers\VBoxDrv.sys
2008-07-29 18:24 41,616 ----a-w C:\WINDOWS\system32\drivers\VBoxUSBMon.sys
2008-07-29 15:18 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-28 10:38 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-07-28 10:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-26 06:48 --------- d-----w C:\Program Files\PicLensIE
2008-07-24 06:26 --------- d-----w C:\Program Files\Project64 1.6
2008-07-23 06:46 --------- d-----w C:\Program Files\Winamp
2008-07-23 06:41 --------- d-----w C:\Documents and Settings\Rony\Application Data\Winamp
2008-07-22 19:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-22 11:09 --------- d-----w C:\Program Files\UltraVNC
2008-07-22 03:48 --------- d-----w C:\Program Files\d-lusion
2008-07-21 19:24 --------- d-----w C:\Program Files\Mixxx
2008-07-21 19:07 --------- d-----w C:\Program Files\NCH Swift Sound
2008-07-21 19:07 --------- d-----w C:\Documents and Settings\Rony\Application Data\NCH Swift Sound
2008-07-21 13:36 85,812 ----a-w C:\WINDOWS\system32\GlyphInfo.bin
2008-07-21 13:36 284,548 ----a-w C:\WINDOWS\system32\FontInfo.bin
2008-07-21 04:12 --------- d-----w C:\Program Files\Gabest
2008-07-19 14:47 37,008 ----a-w C:\WINDOWS\unins-riff-cdxa-filter-test6b.exe
2008-07-19 14:14 --------- d-----w C:\Program Files\Bots
2008-07-19 07:42 --------- d-----w C:\Program Files\EvilLyrics
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 19:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 19:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-18 15:55 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-17 13:04 --------- d-----w C:\Documents and Settings\Rony\Application Data\WebApps
2008-07-17 13:04 --------- d-----w C:\Documents and Settings\Rony\Application Data\Prism
2008-07-17 11:18 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-07-17 03:49 --------- d-----w C:\Program Files\Sony Setup
2008-07-16 12:38 --------- d-----w C:\Documents and Settings\Rony\Application Data\Ahead
2008-07-16 11:54 --------- d-----w C:\Documents and Settings\Rony\Application Data\Windows Desktop Search
2008-07-16 11:41 --------- d-----w C:\Program Files\Windows Desktop Search
2008-07-16 11:29 --------- d-----w C:\Program Files\Decaf
2008-07-16 11:29 --------- d-----w C:\Program Files\BabasChess
2008-07-15 18:30 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 18:29 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-14 04:10 --------- d-----w C:\Program Files\Codemasters
2008-07-12 20:18 --------- d-----w C:\Documents and Settings\Rony\Application Data\Wireshark
2008-07-12 19:51 --------- d-----w C:\Program Files\Wireshark
2008-07-12 19:50 --------- d-----w C:\Program Files\WinPcap
2008-07-12 14:47 --------- d-----w C:\Program Files\NCH Software
2008-07-12 14:42 81,920 ----a-w C:\WINDOWS\DUMP4064.tmp
2008-07-12 14:42 81,920 ----a-w C:\WINDOWS\DUMP4016.tmp
2008-07-12 14:41 81,920 ----a-w C:\WINDOWS\DUMP4527.tmp
2008-07-12 14:14 --------- d-----w C:\Program Files\MixSense
2008-07-12 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Software
2008-07-12 10:38 --------- d-----w C:\Program Files\Kramware
2008-07-12 10:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-07-12 10:16 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\NCH Swift Sound
2008-07-11 16:49 --------- d-----w C:\Program Files\CounterPath
2008-07-11 16:48 --------- d-----w C:\Documents and Settings\Rony\Application Data\Freshtel
2008-07-11 15:29 --------- d-----w C:\Program Files\Common Files\GTK
2008-07-11 15:27 31,232 ----a-w C:\WINDOWS\system32\drivers\Uplink.sys
2008-07-11 14:19 --------- d-----w C:\Documents and Settings\Rony\Application Data\DivX
2008-07-10 12:05 --------- d-----w C:\Program Files\MeadCo Neptune
2008-07-10 12:03 --------- d-----w C:\Documents and Settings\Rony\Application Data\vlc
2008-07-10 11:51 --------- d-----w C:\Program Files\VideoLAN
2008-07-09 16:30 --------- d-----w C:\Program Files\FLV Player
2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-07-08 14:33 --------- d-----w C:\Documents and Settings\Rony\Application Data\Apple Computer
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 13:37 --------- d-----w C:\Program Files\uTorrent
2008-07-07 12:57 --------- d-----w C:\Program Files\eMule
2008-07-05 15:47 --------- d-----w C:\Program Files\Monsters
2008-07-05 15:34 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-05 15:27 --------- d-----w C:\Documents and Settings\Rony\Application Data\Call Graph
2008-07-05 14:19 --------- d-----w C:\Program Files\Stardock
2008-07-05 05:51 --------- d-----w C:\Program Files\Conduit
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 17:45 22058792]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2008-01-04 14:15 1126400]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 04:23 443968]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 18:25 1961984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"NEW MODE"="C:\DOCUME~1\Rony\APPLIC~1\ADMINB~1\cast blue.exe" [2008-08-18 20:01 518656]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" [2008-06-17 16:22 439736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-06-11 18:25 413696]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-07 08:51 8523776]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2006-06-18 14:56 712704]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-07-04 19:58 333120]
"OpenDNS Update"="C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe" [2008-08-21 14:21 209408]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"Edison"="C:\Program Files\Verdiem\Edison\Edison.exe" [2008-07-31 15:19 1795328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 05:42 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 17:15 1634304]

C:\Documents and Settings\Rony\Start Menu\Programs\Startup\
IterasiFFScheduler.lnk - C:\Documents and Settings\Rony\Application Data\iterasi\xdfmz2k4.default\iterasiFFScheduler.exe [2008-08-21 18:26:12 81920]
OpenOffice Quickstarter.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]
Shortcut to lxbkbmgr.exe.lnk - C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2008-05-27 22:13:18 57344]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AVG Free Tray Icon.lnk - C:\Program Files\AVG\AVG8\avgtray.exe [2008-07-04 09:48:59 1232152]
Realtek HD Audio.lnk - C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe [2008-06-05 21:38:30 16862720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"VIDC.CSCD"= camcodec.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-06-19 15:15 3664944 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"D:\\Civ4\\Civilization4.exe"=
"D:\\Civ4\\Warlords\\Civ4Warlords.exe"=
"D:\\Civ4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"C:\\Program Files\\ASUS\\GamerOSD\\GamerOSD.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"D:\\FS2004\\fs9.exe"=
"C:\\Documents and Settings\\Rony\\My Documents\\SAMP\\samp-server.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\Spikko\\SpikkoPhone.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"D:\\Mom\\AppServ\\Apache2.2\\bin\\httpd.exe"=
"C:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"D:\\Sauerbraten\\bin\\sauerbraten.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\UltraVNC\\winvnc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Stronghold 2\\Stronghold2.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_10\\bin\\java.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Woopra\\Woopra.exe"=
"C:\\Program Files\\UltraVNC\\repeater.exe"=
"C:\\Program Files\\xchat\\xchat.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57698:TCP"= 57698:TCP:Pando P2P TCP Listening Port
"57698:UDP"= 57698:UDP:Pando P2P UDP Listening Port
"82:TCP"= 82:TCP:WMP
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"86:TCP"= 86:TCP:Quorum Web Server
"8000:UDP"= 8000:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8003:UDP"= 8003:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8004:UDP"= 8004:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8005:UDP"= 8005:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8006:UDP"= 8006:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8007:UDP"= 8007:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8008:UDP"= 8008:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"8009:UDP"= 8009:UDP:Axon Virtual PBX RTP Incoming Audio (UDP)
"5070:UDP"= 5070:UDP:IVM Answering Attendant Sip Incoming Calls (UDP)
"606:TCP"= 606:TCP:VoIP On-Hold Server
"5060:UDP"= 5060:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Virtual PBX Web Control Panel
"5071:UDP"= 5071:UDP:Express Talk Sip Incoming Calls (UDP)
"5065:UDP"= 5065:UDP:Axon Virtual PBX Sip Incoming Calls (UDP)
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"1222:TCP"= 1222:TCP:*:Disabled:ooVoo TCP port 1222
"1222:UDP"= 1222:UDP:*:Disabled:ooVoo UDP port 1222
"1223:UDP"= 1223:UDP:*:Disabled:ooVoo UDP port 1223

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 09:48]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R2 Apache2.2;Apache2.2;D:\Mom\AppServ\Apache2.2\bin\httpd.exe [2008-01-17 20:37]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 09:48]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 09:48]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 09:48]
R2 edsvc;Edison Power Management Service;C:\Program Files\Verdiem\Edison\edsvc.exe [2008-07-31 15:19]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 Yahoo! Zimbra Desktop Service;Yahoo! Zimbra Desktop Service;C:\zimbra\zdesktop\zdesktop.exe [2008-07-24 21:55]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-10-23 17:48]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 14:06]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:05]
R3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 11:13]
R3 SaiH0255;SaiH0255;C:\WINDOWS\system32\DRIVERS\SaiH0255.sys [2004-10-22 12:00]
R3 Uplink;Uplink;C:\WINDOWS\system32\drivers\Uplink.sys [2008-07-11 18:27]
R3 uscbs109;uscbs109;C:\WINDOWS\system32\DRIVERS\uscbs109.sys [2005-03-22 00:00]
R3 uscsc109;uscsc109;C:\WINDOWS\system32\DRIVERS\uscsc109.sys [2005-03-22 00:00]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 23:22]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-11-10 18:23]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-11-10 18:23]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-11-10 18:23]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-11-10 18:23]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-11-10 18:23]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-11-10 18:23]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-11-10 18:24]
S3 VBoxTAP;VirtualBox TAP Adapter;C:\WINDOWS\system32\DRIVERS\VBoxTAP.sys [2008-05-31 01:42]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1ba5396-5c60-11dd-a05f-001e8c80d05e}]
\Shell\AutoRun\command - G:\Autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - MBAMSWISSARMY
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-PowerBar - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Rony\Application Data\Mozilla\Firefox\Profiles\xdfmz2k4.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daniweb.com/
FF -: plugin - C:\Documents and Settings\Rony\Application Data\Mozilla\Firefox\Profiles\xdfmz2k4.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF -: plugin - C:\Documents and Settings\Rony\Local Settings\Application Data\Google\Update\1.2.121.17\npGoogleOneClick.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npJoostPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 00:42:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D?????A~??????????????A~l?@?l?@????? ???????????W?D~??A~??????A~K?A~x???????[?A~???????? ??????????????|x???0?????????????st??A~????????????????Iz@?????O???????l?@?l?@?????Q?B~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\mysql]
"ImagePath"="D:\Mom\AppServ\MySQL\bin\mysqld-nt --defaults-file=D:\Mom\AppServ\MySQL\my.ini mysql"
.
Completion time: 2008-08-22 0:44:21
ComboFix-quarantined-files.txt 2008-08-21 21:44:14

Pre-Run: 65,939,480,576 bytes free
Post-Run: 65,963,933,696 bytes free

457 --- E O F --- 2008-08-20 05:08:07

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:40 AM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Mom\AppServ\Apache2.2\bin\httpd.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Verdiem\Edison\edsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Mom\AppServ\Apache2.2\bin\httpd.exe
D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\zimbra\zdesktop\zdesktop.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE
C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\HUMANIZEDENSO\ENSO.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
C:\DOCUMENTS AND SETTINGS\RONY\LOCAL SETTINGS\APPLICATION DATA\YOUTUBE\UPLOADER\YOUTUBEUPLOADER.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\Rony\Application Data\iterasi\xdfmz2k4.default\iterasiFFScheduler.exe
C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\PROGRA~1\agat\AGForm\AGFORM~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files\WinAVI FLV Converter\FLVTune.dll
O2 - BHO: PicLens plug-in for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\PicLens.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Edison] "C:\Program Files\Verdiem\Edison\Edison.exe" /autolaunched
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100458 -Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IterasiFFScheduler.lnk = C:\Documents and Settings\Rony\Application Data\iterasi\xdfmz2k4.default\iterasiFFScheduler.exe
O4 - Startup: OpenOffice Quickstarter.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: Shortcut to lxbkbmgr.exe.lnk = C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe
O4 - Global Startup: Realtek HD Audio.lnk = C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://dev.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\Mom\AppServ\Apache2.2\bin\httpd.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Edison Power Management Service (edsvc) - Verdiem - C:\Program Files\Verdiem\Edison\edsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: mysql - Unknown owner - D:\Mom\AppServ\MySQL\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Zimbra Desktop Service - Unknown owner - C:\zimbra\zdesktop\zdesktop.exe

--
End of file - 13503 bytes

Thanks for the help

0

As well as deleting a few items, Combofix has revealed that there is a LOP infection.

==

First of all could you click Start>Settings>Control Panel>Add or Remove Programs and uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run the Lop Remover from:
http://66.220.17.157/help.html

==

Run Combofix again when done and post both it's log and another hijackthis log.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.