Are my HjT and ComboFix logs clean?

[CJ-real]

ComboFix log:

ComboFix 08-09-01.01 - CJ1 2008-09-02  0:15:42.1 - NTFSx86
Running from: C:\Documents and Settings\CJ1\My Documents\Scores\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\bin.clearspring.com
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\interclick.com
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\interclick.com\ud.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com\v1.0.0255\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com\v1.0.0259\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\#SharedObjects\YYMERMMX\static.youku.com\v1.0.0307\v\swf\qplayer.swf\qplayer.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
C:\Documents and Settings\CJ1\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
C:\Program Files\Common Files\{34E14~1\Uninst.exe
C:\WINDOWS\qmdispatch.dll
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\components
C:\WINDOWS\system32\mlkkj.bak2
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\skinboxer43.dll

.
(((((((((((((((((((((((((   Files Created from 2008-08-01 to 2008-09-01  )))))))))))))))))))))))))))))))
.

2008-08-31 10:49 . 2008-08-31 10:49	<DIR>	d--------	C:\Program Files\Notepad++
2008-08-31 10:49 . 2008-08-31 11:07	<DIR>	d--------	C:\Documents and Settings\CJ1\Application Data\Notepad++
2008-08-17 23:01 . 2008-08-17 23:01	0	--a------	C:\Documents and Settings\CJ1\jagex_runescape_preferences.dat
2008-08-15 10:33 . 2008-05-01 15:30	331,776	---------	C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-09 12:12 . 2008-08-09 12:12	<DIR>	d--------	C:\Documents and Settings\CJ1\Application Data\Atari
2008-08-09 12:12 . 2008-08-16 16:33	43,520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-09 12:11 . 2008-08-09 12:11	<DIR>	d--------	C:\Program Files\Common Files\PocketSoft
2008-08-09 12:11 . 2002-02-27 17:50	197,120	--a------	C:\WINDOWS\patchw32.dll
2008-08-09 12:07 . 2008-08-09 12:07	<DIR>	d--------	C:\Program Files\Atari
2008-08-01 20:54 . 2008-08-01 21:01	<DIR>	d--------	C:\xampp
2008-08-01 17:48 . 2008-08-01 17:48	<DIR>	d--------	C:\Program Files\MySQL

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

Continued in the next post

 

[CJ-real]

2008-09-01 23:23	---------	d-----w	C:\Program Files\Common Files\{34E147BB-0745-1033-0928-05050622002c}
2008-09-01 22:56	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\Azureus
2008-08-31 10:46	61,440	----a-w	C:\WINDOWS\Internet Logs\xDBE1.tmp
2008-08-31 09:10	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\CoreFTP
2008-08-30 21:04	9,293,824	----a-w	C:\WINDOWS\Internet Logs\xDBE0.tmp
2008-08-30 21:04	79,360	----a-w	C:\WINDOWS\Internet Logs\xDBDF.tmp
2008-08-29 11:23	97,928	----a-w	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-28 22:00	9,281,536	----a-w	C:\WINDOWS\Internet Logs\xDBDE.tmp
2008-08-28 22:00	42,496	----a-w	C:\WINDOWS\Internet Logs\xDBDD.tmp
2008-08-28 12:38	9,283,584	----a-w	C:\WINDOWS\Internet Logs\xDBDC.tmp
2008-08-28 12:38	41,984	----a-w	C:\WINDOWS\Internet Logs\xDBDB.tmp
2008-08-28 09:11	---------	d-----w	C:\Program Files\Dl_cats
2008-08-27 21:05	9,284,096	----a-w	C:\WINDOWS\Internet Logs\xDBDA.tmp
2008-08-27 21:05	59,392	----a-w	C:\WINDOWS\Internet Logs\xDBD9.tmp
2008-08-26 22:04	9,282,560	----a-w	C:\WINDOWS\Internet Logs\xDBD8.tmp
2008-08-26 22:04	40,448	----a-w	C:\WINDOWS\Internet Logs\xDBD7.tmp
2008-08-25 23:15	9,282,560	----a-w	C:\WINDOWS\Internet Logs\xDBD6.tmp
2008-08-25 23:15	64,000	----a-w	C:\WINDOWS\Internet Logs\xDBD4.tmp
2008-08-25 12:03	---------	d-----w	C:\Documents and Settings\All Users\Application Data\pdf995
2008-08-24 20:10	9,285,632	----a-w	C:\WINDOWS\Internet Logs\xDBD5.tmp
2008-08-24 20:10	70,144	----a-w	C:\WINDOWS\Internet Logs\xDBD3.tmp
2008-08-23 18:16	39,424	----a-w	C:\WINDOWS\Internet Logs\xDBD2.tmp
2008-08-22 22:01	9,279,488	----a-w	C:\WINDOWS\Internet Logs\xDBD1.tmp
2008-08-22 22:01	40,960	----a-w	C:\WINDOWS\Internet Logs\xDBD0.tmp
2008-08-22 09:22	9,280,512	----a-w	C:\WINDOWS\Internet Logs\xDBCF.tmp
2008-08-22 09:22	46,080	----a-w	C:\WINDOWS\Internet Logs\xDBCE.tmp
2008-08-22 00:59	9,300,992	----a-w	C:\WINDOWS\Internet Logs\xDBCD.tmp
2008-08-22 00:59	72,704	----a-w	C:\WINDOWS\Internet Logs\xDBCC.tmp
2008-08-21 20:44	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 22:47	41,472	----a-w	C:\WINDOWS\Internet Logs\xDBCB.tmp
2008-08-20 20:14	9,278,464	----a-w	C:\WINDOWS\Internet Logs\xDBCA.tmp
2008-08-20 20:14	40,448	----a-w	C:\WINDOWS\Internet Logs\xDBC9.tmp
2008-08-20 09:25	9,279,488	----a-w	C:\WINDOWS\Internet Logs\xDBC8.tmp
2008-08-20 09:25	46,592	----a-w	C:\WINDOWS\Internet Logs\xDBC7.tmp
2008-08-19 21:50	9,277,952	----a-w	C:\WINDOWS\Internet Logs\xDBC6.tmp
2008-08-19 21:50	44,544	----a-w	C:\WINDOWS\Internet Logs\xDBC5.tmp
2008-08-19 07:35	9,278,976	----a-w	C:\WINDOWS\Internet Logs\xDBC4.tmp
2008-08-19 07:35	42,496	----a-w	C:\WINDOWS\Internet Logs\xDBC3.tmp
2008-08-18 21:27	9,277,440	----a-w	C:\WINDOWS\Internet Logs\xDBC2.tmp
2008-08-18 21:27	52,736	----a-w	C:\WINDOWS\Internet Logs\xDBC1.tmp
2008-08-18 12:02	9,277,440	----a-w	C:\WINDOWS\Internet Logs\xDBC0.tmp
2008-08-18 12:02	49,152	----a-w	C:\WINDOWS\Internet Logs\xDBBF.tmp
2008-08-17 23:07	9,283,584	----a-w	C:\WINDOWS\Internet Logs\xDBBE.tmp
2008-08-17 23:07	786,944	----a-w	C:\WINDOWS\Internet Logs\xDBBD.tmp
2008-08-16 23:02	9,276,928	----a-w	C:\WINDOWS\Internet Logs\xDBBC.tmp
2008-08-16 23:02	53,248	----a-w	C:\WINDOWS\Internet Logs\xDBBB.tmp
2008-08-16 16:25	43,008	----a-w	C:\WINDOWS\Internet Logs\xDBBA.tmp
2008-08-16 07:28	45,568	----a-w	C:\WINDOWS\Internet Logs\xDBB9.tmp
2008-08-16 07:08	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-15 23:22	9,256,960	----a-w	C:\WINDOWS\Internet Logs\xDBB8.tmp
2008-08-15 23:22	65,536	----a-w	C:\WINDOWS\Internet Logs\xDBB7.tmp
2008-08-14 22:58	9,249,792	----a-w	C:\WINDOWS\Internet Logs\xDBB6.tmp
2008-08-14 22:58	183,296	----a-w	C:\WINDOWS\Internet Logs\xDBB5.tmp
2008-08-14 10:52	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\uTorrent
2008-08-14 10:48	---------	d-----w	C:\Documents and Settings\CJ1\Application Data\JDiskReport
2008-08-13 20:50	9,245,696	----a-w	C:\WINDOWS\Internet Logs\xDBB4.tmp
2008-08-13 20:50	55,808	----a-w	C:\WINDOWS\Internet Logs\xDBB3.tmp
2008-08-12 20:40	2,906,624	----a-w	C:\WINDOWS\Internet Logs\xDBB2.tmp
2008-08-12 07:13	24,940,654	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-11 21:00	9,243,136	----a-w	C:\WINDOWS\Internet Logs\xDBB1.tmp
2008-08-11 21:00	127,488	----a-w	C:\WINDOWS\Internet Logs\xDBB0.tmp
2008-08-11 15:04	58,368	----a-w	C:\WINDOWS\Internet Logs\xDBAF.tmp
2008-08-10 21:53	72,704	----a-w	C:\WINDOWS\Internet Logs\xDBAE.tmp
2008-08-09 22:05	9,241,600	----a-w	C:\WINDOWS\Internet Logs\xDBAD.tmp
2008-08-09 11:07	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-08-08 20:58	9,231,872	----a-w	C:\WINDOWS\Internet Logs\xDBAC.tmp
2008-08-08 20:58	38,400	----a-w	C:\WINDOWS\Internet Logs\xDBAB.tmp
2008-08-08 19:31	48,640	----a-w	C:\WINDOWS\Internet Logs\xDBAA.tmp
2008-08-08 12:12	9,227,776	----a-w	C:\WINDOWS\Internet Logs\xDBA9.tmp
2008-08-08 12:12	46,080	----a-w	C:\WINDOWS\Internet Logs\xDBA8.tmp
2008-08-07 22:57	9,227,776	----a-w	C:\WINDOWS\Internet Logs\xDBA7.tmp
2008-08-07 21:02	9,227,776	----a-w	C:\WINDOWS\Internet Logs\xDBA6.tmp
2008-08-07 21:02	87,040	----a-w	C:\WINDOWS\Internet Logs\xDB5.tmp
2008-08-06 20:19	9,229,312	----a-w	C:\WINDOWS\Internet Logs\xDBA5.tmp
2008-08-06 20:19	2,153,472	----a-w	C:\WINDOWS\Internet Logs\xDB98.tmp
2008-08-05 20:26	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB65.tmp
2008-08-05 20:26	44,032	----a-w	C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-08-05 14:25	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB14.tmp
2008-08-05 14:25	49,152	----a-w	C:\WINDOWS\Internet Logs\xDB13.tmp
2008-08-04 20:11	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB12.tmp
2008-08-04 20:11	40,960	----a-w	C:\WINDOWS\Internet Logs\xDB11.tmp
2008-08-04 15:45	9,226,752	----a-w	C:\WINDOWS\Internet Logs\xDB10.tmp
2008-08-04 15:45	50,176	----a-w	C:\WINDOWS\Internet Logs\xDBF.tmp
2008-08-03 21:34	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDBE.tmp
2008-08-03 21:34	40,960	----a-w	C:\WINDOWS\Internet Logs\xDBD.tmp
2008-08-03 11:02	29,696	----a-w	C:\WINDOWS\Internet Logs\xDBC.tmp
2008-08-03 08:56	9,226,240	----a-w	C:\WINDOWS\Internet Logs\xDBB.tmp
2008-08-03 08:56	42,496	----a-w	C:\WINDOWS\Internet Logs\xDBA.tmp
2008-08-02 20:47	9,225,728	----a-w	C:\WINDOWS\Internet Logs\xDB9.tmp
2008-08-02 20:47	61,952	----a-w	C:\WINDOWS\Internet Logs\xDB8.tmp
2008-08-02 15:38	9,223,680	----a-w	C:\WINDOWS\Internet Logs\xDB7.tmp
2008-08-02 15:38	39,424	----a-w	C:\WINDOWS\Internet Logs\xDB6.tmp
2008-08-02 07:48	36,352	----a-w	C:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-01 21:01	142,848	----a-w	C:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-01 16:21	---------	d-----w	C:\Program Files\QuickTime
2008-07-31 20:58	46,080	----a-w	C:\WINDOWS\Internet Logs\xDBA3.tmp
2008-07-31 20:57	9,116,672	----a-w	C:\WINDOWS\Internet Logs\xDBA4.tmp
2008-07-31 09:58	9,118,720	----a-w	C:\WINDOWS\Internet Logs\xDBA2.tmp
2008-07-31 09:58	115,200	----a-w	C:\WINDOWS\Internet Logs\xDBA1.tmp
2008-07-29 22:08	9,080,320	----a-w	C:\WINDOWS\Internet Logs\xDBA0.tmp
2006-07-25 16:38	168	--sh--r	C:\WINDOWS\system32\2FD5F30194.sys
2006-05-06 07:55	80	--sh--r	C:\WINDOWS\system32\9401F3D52F.dll
2006-07-25 16:39	3,766	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys

Continued in the next post

 

[CJ-real]

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 15:59 385024]
"DLCDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll" [2005-06-07 07:39 69632]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"dlcdmon.exe"="C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe" [2005-07-22 08:45 430080]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 17:33 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 944\memcard.exe" [2005-06-27 06:05 282624]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 12:23 1235736]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-01 17:19 155648]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CSvidcap.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Workspace Macro Pro Hotkeys.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Workspace Macro Pro Hotkeys.lnk
backup=C:\WINDOWS\pss\Workspace Macro Pro Hotkeys.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^CJ1^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\CJ1\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^CJ1^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=C:\Documents and Settings\CJ1\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=C:\WINDOWS\pss\WinMySQLadmin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
/WinStart [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 08:51 306688 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 02:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 17:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 17:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 16:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-12-18 01:20 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
--a------ 2005-06-27 06:05 282624 C:\Program Files\Dell Photo AIO Printer 944\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 20:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-02-10 13:22 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-08-01 17:19 155648 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-12-01 22:06 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-06-12 17:18 1271032 C:\Program Files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-05-15 16:11 3644464 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-04-03 18:12 777424 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2005-03-10 14:01 28160 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"StyleXPService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"iPodService"=3 (0x3)
"gusvc"=2 (0x2)
"FirebirdServerDefaultInstance"=3 (0x3)
"FirebirdGuardianDefaultInstance"=2 (0x2)
"dlcd_device"=3 (0x3)
"Apache2.2"=2 (0x2)
"Apache2"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"aawservice"=2 (0x2)
"UleadBurningHelper"=3 (0x3)
"SQLAgent$SONY_MEDIAMGR"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$SONY_MEDIAMGR"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

Continued in the next post

 

[CJ-real]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-29 12:23]
R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-05-07 17:13]
R2 Apache2.2;Apache2.2;C:\xampp\apache\bin\apache.exe [2008-06-14 18:02]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 12:23]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 12:23]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-03 21:02]
R3 dlcd_device;dlcd_device;C:\WINDOWS\system32\dlcdcoms.exe [2005-06-21 09:19]
S3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 21:08]
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys []
S3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 15:15]
S4 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe [2004-12-13 02:05]
S4 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe [2004-12-13 02:05]
S4 NMSAccessU;NMSAccessU;C:\Documents and Settings\CJ1\Local Settings\Temp\{2DDA757A-8C6E-405B-A313-2EE78C2D30FB}\NMSAccessU.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb3ab9c-fa9a-11dc-abd2-0013ced813d3}]
\Shell\AutoRun\command - E:\AutoRun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BootSkin Startup Jobs - C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe
MSConfigStartUp-H2O - C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
MSConfigStartUp-IWM Agent - C:\Program Files\IWM\IWM.exe
MSConfigStartUp-LogonStudio - C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
MSConfigStartUp-Ninja Surfing - C:\Program Files\NinjaSurfing\nsurfing.exe
MSConfigStartUp-NotebookHardwareControl - C:\Program Files\Notebook Hardware Control\nhc.exe
MSConfigStartUp-NSLauncher - C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
MSConfigStartUp-PcSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-ProxyWay - C:\Documents and Settings\CJ1\My Documents\Proxyway\proxyway.exe
MSConfigStartUp-Skype - C:\Documents and Settings\CJ1\Phone\Skype.exe
MSConfigStartUp-STYLEXP - C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
MSConfigStartUp-ussshreg - C:\PROGRA~1\ULEADS~1.0\Ussshreg.exe
MSConfigStartUp-UVS10 Preload - C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\CJ1\Application Data\Mozilla\Firefox\Profiles\kqs5a871.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.co.uk
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 00:24:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-02  0:28:36
ComboFix-quarantined-files.txt  2008-09-01 23:28:26

Pre-Run: 19,103,440,896 bytes free
Post-Run: 19,120,095,232 bytes free

337	--- E O F ---	2008-09-01 07:56:39

HjT log in the next post

 

[CJ-real]

HjT log:

Logfile of HijackThis v1.99.1
Scan saved at 00:37:32, on 02/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\xampp\mysql\bin\mysqld-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\xampp\apache\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 944\memcard.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A680A84-DEDA-4EE2-AACC-82F2F4754949}: NameServer = 192.168.1.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\xampp\apache\bin\apache.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Thanks