Win32/Rootkit Agent ODG - Need Help..

Hey, I have a problem with my computer, My ESET AV cannot clean this Win32 Rootkit Agent ODG.. So I tried to run from safe mode and use gmer.exe to find rootkit infection,and i have deleted the infection. And still from safe mode, I scan my computer (C:/) using NOD32 (DOS prompt - ecls.exe) and remove all the infections. Now my ESET NOD 32 doesn't show virus/rootkit notification anymore. But I'm not sure if the virus still infected my computer or not, because my system is still running kinda slow.

_________________^sorry for my bad english^__________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:03:26 PM, on 6/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\PixelView\ADTVScheduleAgent.exe
C:\apache2triad\bin\apache.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\apache2triad\mysql\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe
C:\apache2triad\mail\bin\XMail.exe
C:\apache2triad\bin\apache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
E:\FAZT_4GB (K)\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {00009c0c-3cb8-4683-bc83-517a944408a5} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {5662d4d8-74c8-49e9-9ead-40391af7a6c1} - c:\windows\system32\zbhtxgv.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PixelView Schedule Agent.lnk = C:\Program Files\PixelView\ADTVScheduleAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F750C98A-5567-4969-8C68-47254708B242}: NameServer = 202.155.0.20,202.155.0.15
O20 - Winlogon Notify: sqeulkqk - C:\WINDOWS\SYSTEM32\zbhtxgv.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2Triad Apache2 Service (Apache2) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Apache2Triad Apache2 Service with SSL (Apache2SSL) - Apache Software Foundation - C:\apache2triad\bin\apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Apache2Triad MySql Service (MySql) - Unknown owner - C:\apache2triad\mysql\bin\mysqld.exe
O23 - Service: Apache2Triad PostgreSQL Service (PgSql) - PostgreSQL Global Development Group - C:\apache2triad\pgsql\bin\pg_ctl.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\system32\snmptrap.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: Apache2Triad Xmail Service (XMail) - Unknown owner - C:\apache2triad\mail\bin\XMail.exe

--
End of file - 7288 bytes

Please help,,

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  O2 - BHO: (no name) - {00009c0c-3cb8-4683-bc83-517a944408a5} - (no file)
  O2 - BHO: (no name) - {5662d4d8-74c8-49e9-9ead-40391af7a6c1} - c:\windows\system32\zbhtxgv.dll
  O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
  O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O20 - Winlogon Notify: sqeulkqk - C:\WINDOWS\SYSTEM32\zbhtxgv.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Next,

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (ESET Nod32)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-06-01.03 - Fauzan 06/03/2009 22:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2861 [GMT 7:00]
Running from: c:\documents and settings\Fauzan\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fauzan\Application Data\inst.exe
c:\documents and settings\Fauzan\Application Data\vmievysq
c:\documents and settings\Fauzan\Application Data\vmievysq\profiles.ini
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\cert8.db
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\compatibility.ini
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\compreg.dat
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\cookies.sqlite
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\formhistory.sqlite
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\key3.db
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\localstore.rdf
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\permissions.sqlite
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\places.sqlite-journal
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\places.sqlite
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\pluginreg.dat
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\prefs.js
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\secmod.db
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\webappsstore.sqlite
c:\documents and settings\Fauzan\Application Data\vmievysq\Profiles\zhdmec8j.default\xpti.dat
c:\documents and settings\Fauzan\Local Settings\Application Data\vmievysq
c:\documents and settings\Fauzan\Local Settings\Application Data\vmievysq\Profiles\zhdmec8j.default\urlclassifier3.sqlite
c:\documents and settings\Fauzan\Local Settings\Application Data\vmievysq\Profiles\zhdmec8j.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\vmievysq
c:\documents and settings\NetworkService\Application Data\vmievysq\profiles.ini
c:\documents and settings\NetworkService\Application Data\vmievysq\Profiles\nkwoac9x.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\vmievysq\Profiles\nkwoac9x.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\vmievysq\Profiles\nkwoac9x.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\vmievysq\Profiles\nkwoac9x.default\prefs.js
c:\documents and settings\NetworkService\Application Data\vmievysq\Profiles\nkwoac9x.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\vmievysq
c:\documents and settings\NetworkService\Local Settings\Application Data\vmievysq\Profiles\nkwoac9x.default\XPC.mfl
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\dldayzzb.sys
c:\windows\system32\drivers\vxutxebt.sys
c:\windows\system32\izirllbs.dll
c:\windows\system32\js.dll
c:\windows\system32\kungsfijejtnlo.dat
c:\windows\system32\wzbejxm.dll
c:\windows\system32\zbhtxgv.dll
c:\windows\Tasks\At1.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_dldayzzb
-------\Legacy_iprip
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_dldayzzb
-------\Service_iprip
-------\Service_ntalme


((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Malwarebytes
2009-06-03 12:52 . 2009-05-26 06:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 12:52 . 2009-05-26 06:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 12:08 . 2009-06-03 12:08 6 ----a-w- C:\tw0001.dat
2009-06-03 11:27 . 2009-06-03 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-02 17:08 . 2009-06-02 17:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\program files\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-02 11:13 . 2009-06-02 11:19 -------- d-----w- c:\program files\Super Internet TV
2009-06-02 10:56 . 2009-06-02 10:56 -------- d-----w- c:\program files\Gogglebox TV
2009-06-01 17:14 . 2009-06-01 17:14 -------- d-----w- C:\downloads
2009-06-01 15:44 . 2009-06-01 15:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\program files\Governor of Poker
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\windows\Governor of Poker
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
2009-06-01 13:05 . 2009-06-01 13:06 -------- d-----w- c:\program files\Ranch Rush
2009-06-01 12:36 . 2009-06-01 12:37 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Go-Go Gourmet Chef of the Year
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\program files\Go-Go Gourmet 2 - Chef of the Year
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\windows\Go-Go Gourmet 2 - Chef of the Year
2009-05-31 14:17 . 2009-05-31 14:17 14848 ----a-w- c:\windows\system32\winsysrv.exe
2009-05-31 10:11 . 2009-05-31 10:11 -------- d-----w- C:\VundoFix Backups
2009-05-31 09:59 . 2003-02-02 12:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-31 09:59 . 2002-03-05 17:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-31 09:59 . 2005-05-05 08:11 3440 ----a-w- c:\windows\undo.reg
2009-05-31 09:59 . 2009-05-31 10:06 -------- d-----w- c:\program files\Trojan Remover
2009-05-29 15:00 . 2009-05-29 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-29 14:29 . 2009-05-29 14:38 -------- d-----w- c:\documents and settings\Fauzan\Application Data\BSplayer PRO
2009-05-29 14:29 . 2009-05-29 14:38 -------- d-----w- c:\program files\Webteh
2009-05-26 01:07 . 2009-05-26 01:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\CyberLink
2009-05-26 01:07 . 2009-05-26 01:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerCinema
2009-05-23 09:14 . 2009-05-23 09:14 -------- d-----w- c:\program files\PlayFLV
2009-05-23 09:11 . 2009-05-23 09:11 -------- d-sh--w- c:\windows\ftpcache
2009-05-22 11:28 . 2009-05-22 11:28 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Uniblue
2009-05-21 13:35 . 2009-05-21 13:35 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Stardock
2009-05-21 13:27 . 2009-05-21 13:27 -------- d-----w- c:\program files\Stardock
2009-05-20 13:13 . 2009-05-20 13:14 -------- d-----w- c:\program files\Easy Mosaic 2005 Trial V12
2009-05-19 17:50 . 2009-05-19 17:50 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerDVDCox
2009-05-19 17:50 . 2009-05-19 17:50 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerDVDCinema
2009-05-19 17:48 . 2009-05-19 17:48 -------- d-----w- c:\program files\Common Files\CyberLink
2009-05-19 17:47 . 2009-05-19 17:47 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-18 09:03 . 2009-02-07 00:43 24576 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-05-16 22:44 . 2008-11-03 04:29 731 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\test.bat
2009-05-16 22:44 . 2008-11-03 04:29 49152 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
2009-05-16 22:44 . 2008-11-03 04:29 200 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\config.bat
2009-05-14 08:49 . 2009-05-14 08:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 08:47 . 2009-05-14 08:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 08:41 . 2009-05-14 08:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-09 07:28 . 2009-05-09 07:28 -------- d-----w- c:\program files\SubRip
2009-05-07 23:11 . 2009-05-07 23:11 -------- d-----w- c:\program files\DSL Speed
2009-05-07 11:29 . 2009-05-07 11:29 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo
2009-05-07 11:27 . 2009-03-18 10:55 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-07 09:02 . 2009-05-07 12:05 -------- d-----w- c:\windows\system32\dns
2009-05-07 00:08 . 2009-05-07 00:08 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo! Inc
2009-05-07 00:08 . 2009-05-07 00:08 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\IsolatedStorage
2009-05-07 00:07 . 2009-05-07 00:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo!_Inc
2009-05-06 15:32 . 2009-05-06 15:32 -------- d-----w- c:\program files\uTorrent
2009-05-06 15:32 . 2009-06-03 13:15 -------- d-----w- c:\documents and settings\Fauzan\Application Data\uTorrent
2009-05-05 17:12 . 2009-05-06 14:04 -------- d-----w- c:\documents and settings\Fauzan\Application Data\GrabPro
2009-05-05 17:12 . 2009-06-03 15:12 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Orbit
2009-05-05 17:12 . 2009-06-03 11:44 -------- d-----w- c:\program files\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 14:56 . 2009-03-17 12:30 -------- d-----w- c:\documents and settings\Fauzan\Application Data\DMCache
2009-06-03 11:47 . 2009-04-14 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 10:41 . 2009-05-04 12:23 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Vso
2009-05-31 14:19 . 2009-02-23 10:50 2476256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-30 07:58 . 2009-05-03 15:15 -------- d-----w- c:\documents and settings\Fauzan\Application Data\mIRC
2009-05-29 18:28 . 2009-05-03 15:15 -------- d-----w- c:\program files\mIRC
2009-05-27 03:23 . 2009-01-25 01:25 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-19 17:50 . 2009-05-01 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-19 17:50 . 2009-05-01 23:14 -------- d-----w- c:\documents and settings\Fauzan\Application Data\CyberLink
2009-05-19 17:48 . 2003-01-24 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 17:47 . 2009-05-01 23:11 -------- d-----w- c:\program files\CyberLink
2009-05-19 17:47 . 2009-05-01 23:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-19 17:47 . 2009-01-25 01:08 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-15 16:27 . 2009-03-18 11:38 -------- d-----w- c:\program files\Internet Cell Boost
2009-05-07 11:27 . 2009-03-18 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-07 00:06 . 2009-03-18 04:42 -------- d-----w- c:\program files\Yahoo!
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\documents and settings\Fauzan\Application Data\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\documents and settings\Fauzan\Application Data\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 -------- d-----w- c:\program files\VSO
2009-05-03 15:29 . 2009-05-03 15:29 210376 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-03 09:33 . 2003-01-24 15:35 358384 ----a-w- c:\documents and settings\Fauzan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 05:19 . 2009-05-03 05:17 -------- d-----w- c:\program files\Intellipool Network Monitor
2009-05-03 05:15 . 2009-05-03 05:14 490865 ----a-w- c:\windows\system32\amnau32.dll
2009-05-03 05:15 . 2009-05-03 05:14 -------- d-----w- c:\program files\AutoMate 6
2009-05-03 05:15 . 2009-05-03 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Automation
2009-05-03 05:11 . 2009-02-04 09:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-03 05:05 . 2009-05-03 05:05 -------- d-----w- c:\program files\Numara Software
2009-05-02 16:33 . 2009-05-02 16:33 -------- d-----w- c:\program files\Runtime Software
2009-04-30 12:23 . 2009-01-25 01:06 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Winamp
2009-04-30 10:02 . 2009-01-24 19:23 -------- d-----w- c:\program files\AutoGK
2009-04-17 05:46 . 2009-04-17 05:46 -------- d-----w- c:\program files\Kamus2
2009-04-14 13:08 . 2009-04-14 13:08 -------- d-----w- c:\program files\Swift 3D 3.00
2009-04-14 13:00 . 2009-04-14 13:00 -------- d--h--w- c:\documents and settings\Fauzan\Application Data\FVSTemp
2009-04-14 12:59 . 2009-04-14 12:59 -------- d-----w- c:\program files\Flash Particle Studio 1.0
2009-04-14 12:55 . 2009-04-14 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alex and Alex Soft
2009-04-14 12:50 . 2009-04-14 12:47 -------- d-----w- c:\program files\1 Flash Slideshow
2009-04-14 10:54 . 2009-04-14 10:52 -------- d-----w- c:\program files\coolpro2
2009-04-14 10:53 . 2009-04-14 10:53 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Syntrillium
2009-04-11 12:10 . 2009-01-24 17:38 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-05 15:04 . 2009-01-25 01:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-24 11:41 . 2009-02-14 11:31 432 ----a-w- c:\windows\global.tmp
2009-03-18 04:36 . 2009-03-18 04:36 410976 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-6 1719496]
PixelView Schedule Agent.lnk - c:\program files\PixelView\ADTVScheduleAgent.exe [2003-1-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoAdminPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoPwdPage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoPwdPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"HideDesktop"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"ClearDocsOnExit"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"= 0 (0x0)
"AutoUpdate"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoAutoUpdate"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoToolbarsCustomize"= 0 (0x0)
"NoPrinters"= 0 (0x0)
"HideDesktop"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"ClearDocsOnExit"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"iexplore.exe"= iexplore.exe Remove
"setup.exe"= setup.exe Remove
"winword.exe"= winword.exe Remove
"notepad.exe"= notepad.exe Remove

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"navapsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files Games\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files Games\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files Games\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11779:TCP"= 11779:TCP:*:Disabled:torewn

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [2/4/2009 6:07 PM 339968]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [1/24/2003 10:56 PM 907520]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [1/22/2007 7:59 AM 594944]
S1 ab8cc1c5;ab8cc1c5;c:\windows\system32\drivers\ab8cc1c5.sys --> c:\windows\system32\drivers\ab8cc1c5.sys [?]
S1 f5229dd8;f5229dd8;c:\windows\system32\drivers\f5229dd8.sys --> c:\windows\system32\drivers\f5229dd8.sys [?]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\apache.exe [2/4/2009 6:06 PM 20541]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2/4/2009 6:07 PM 66347]
S4 Intellipool Network Monitor;Intellipool Network Monitor;c:\program files\Intellipool Network Monitor\inmservice.exe [5/3/2009 12:17 PM 5903872]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DLDAYZZB
*Deregistered* - dldayzzb

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
xqjeffqe
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 10.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {F750C98A-5567-4969-8C68-47254708B242} = 202.155.0.20,202.155.0.15
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://localhost/IndahJaya/index.php
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10164&gct=&gc=1&q=
FF - component: c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll

---- FIREFOX POLICIES ----
//Settings Added By Reohix Internet Cell Boost
FF - user.js: network.http.max-connections - 50
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-connections-per-proxy - 20
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sndsrvc]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):95,f4,8f,f4,cf,1a,8d,32,7c,8e,e2,6c,e7,f1,57,a6,67,52,23,67,db,
c7,62,08,e2,51,da,2e,84,b2,f6,ac,06,4b,cc,f6,68,11,9d,32,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{eee3a5c5-f6ed-445f-8f2d-21d41358e513}]
@Denied: (Full) (Everyone)
"Model"=dword:0000008d
"Therad"=dword:0000000a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,7d,ca,85,4d,6f,38,81,99,c8,4f,e8,ef,07,ec,\

[HKEY_LOCAL_MACHINE\software\eset\eset security\currentversion\info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.437.0"
"UniqueId"="000810934A255506"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(196)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 2009-06-03 22:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 15:14

Pre-Run: 49,041,014,784 bytes free
Post-Run: 49,003,593,728 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
394

Now open a new notepad file.
Input this into the notepad file:

Hello.

Driver::
f5229dd8
ab8cc1c5
DLDAYZZB

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

NetSvc::
xqjeffqe

Firefox::
FF - ProfilePath - c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10164&gct=&gc=1&q=

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{eee3a5c5-f6ed-445f-8f2d-21d41358e513}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-01.03 - Fauzan 06/03/2009 23:02.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2777 [GMT 7:00]
Running from: c:\documents and settings\Fauzan\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Fauzan\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DLDAYZZB
-------\Service_ab8cc1c5
-------\Service_f5229dd8


((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Malwarebytes
2009-06-03 12:52 . 2009-05-26 06:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 12:52 . 2009-05-26 06:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 12:08 . 2009-06-03 12:08 6 ----a-w- C:\tw0001.dat
2009-06-03 11:27 . 2009-06-03 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-02 17:08 . 2009-06-02 17:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\program files\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-02 11:13 . 2009-06-02 11:19 -------- d-----w- c:\program files\Super Internet TV
2009-06-02 10:56 . 2009-06-02 10:56 -------- d-----w- c:\program files\Gogglebox TV
2009-06-01 17:14 . 2009-06-01 17:14 -------- d-----w- C:\downloads
2009-06-01 15:44 . 2009-06-01 15:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\program files\Governor of Poker
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\windows\Governor of Poker
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
2009-06-01 13:05 . 2009-06-01 13:06 -------- d-----w- c:\program files\Ranch Rush
2009-06-01 12:36 . 2009-06-01 12:37 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Go-Go Gourmet Chef of the Year
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\program files\Go-Go Gourmet 2 - Chef of the Year
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\windows\Go-Go Gourmet 2 - Chef of the Year
2009-05-31 14:17 . 2009-05-31 14:17 14848 ----a-w- c:\windows\system32\winsysrv.exe
2009-05-31 10:11 . 2009-05-31 10:11 -------- d-----w- C:\VundoFix Backups
2009-05-31 09:59 . 2003-02-02 12:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-31 09:59 . 2002-03-05 17:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-31 09:59 . 2005-05-05 08:11 3440 ----a-w- c:\windows\undo.reg
2009-05-31 09:59 . 2009-05-31 10:06 -------- d-----w- c:\program files\Trojan Remover
2009-05-29 15:00 . 2009-05-29 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-29 14:29 . 2009-05-29 14:38 -------- d-----w- c:\documents and settings\Fauzan\Application Data\BSplayer PRO
2009-05-29 14:29 . 2009-05-29 14:38 -------- d-----w- c:\program files\Webteh
2009-05-26 01:07 . 2009-05-26 01:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\CyberLink
2009-05-26 01:07 . 2009-05-26 01:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerCinema
2009-05-23 09:14 . 2009-05-23 09:14 -------- d-----w- c:\program files\PlayFLV
2009-05-23 09:11 . 2009-05-23 09:11 -------- d-sh--w- c:\windows\ftpcache
2009-05-22 11:28 . 2009-05-22 11:28 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Uniblue
2009-05-21 13:35 . 2009-05-21 13:35 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Stardock
2009-05-21 13:27 . 2009-05-21 13:27 -------- d-----w- c:\program files\Stardock
2009-05-20 13:13 . 2009-05-20 13:14 -------- d-----w- c:\program files\Easy Mosaic 2005 Trial V12
2009-05-19 17:50 . 2009-05-19 17:50 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerDVDCox
2009-05-19 17:50 . 2009-05-19 17:50 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerDVDCinema
2009-05-19 17:48 . 2009-05-19 17:48 -------- d-----w- c:\program files\Common Files\CyberLink
2009-05-19 17:47 . 2009-05-19 17:47 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-18 09:03 . 2009-02-07 00:43 24576 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-05-16 22:44 . 2008-11-03 04:29 731 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\test.bat
2009-05-16 22:44 . 2008-11-03 04:29 49152 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
2009-05-16 22:44 . 2008-11-03 04:29 200 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\config.bat
2009-05-14 08:49 . 2009-05-14 08:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 08:47 . 2009-05-14 08:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 08:41 . 2009-05-14 08:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-09 07:28 . 2009-05-09 07:28 -------- d-----w- c:\program files\SubRip
2009-05-07 23:11 . 2009-05-07 23:11 -------- d-----w- c:\program files\DSL Speed
2009-05-07 11:29 . 2009-05-07 11:29 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo
2009-05-07 11:27 . 2009-03-18 10:55 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-07 09:02 . 2009-05-07 12:05 -------- d-----w- c:\windows\system32\dns
2009-05-07 00:08 . 2009-05-07 00:08 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo! Inc
2009-05-07 00:08 . 2009-05-07 00:08 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\IsolatedStorage
2009-05-07 00:07 . 2009-05-07 00:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo!_Inc
2009-05-06 15:32 . 2009-05-06 15:32 -------- d-----w- c:\program files\uTorrent
2009-05-06 15:32 . 2009-06-03 13:15 -------- d-----w- c:\documents and settings\Fauzan\Application Data\uTorrent
2009-05-05 17:12 . 2009-05-06 14:04 -------- d-----w- c:\documents and settings\Fauzan\Application Data\GrabPro
2009-05-05 17:12 . 2009-06-03 16:05 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Orbit
2009-05-05 17:12 . 2009-06-03 11:44 -------- d-----w- c:\program files\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 14:56 . 2009-03-17 12:30 -------- d-----w- c:\documents and settings\Fauzan\Application Data\DMCache
2009-06-03 11:47 . 2009-04-14 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 10:41 . 2009-05-04 12:23 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Vso
2009-05-31 14:19 . 2009-02-23 10:50 2476256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-30 07:58 . 2009-05-03 15:15 -------- d-----w- c:\documents and settings\Fauzan\Application Data\mIRC
2009-05-29 18:28 . 2009-05-03 15:15 -------- d-----w- c:\program files\mIRC
2009-05-27 03:23 . 2009-01-25 01:25 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-19 17:50 . 2009-05-01 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-19 17:50 . 2009-05-01 23:14 -------- d-----w- c:\documents and settings\Fauzan\Application Data\CyberLink
2009-05-19 17:48 . 2003-01-24 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 17:47 . 2009-05-01 23:11 -------- d-----w- c:\program files\CyberLink
2009-05-19 17:47 . 2009-05-01 23:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-19 17:47 . 2009-01-25 01:08 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-15 16:27 . 2009-03-18 11:38 -------- d-----w- c:\program files\Internet Cell Boost
2009-05-07 11:27 . 2009-03-18 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-07 00:06 . 2009-03-18 04:42 -------- d-----w- c:\program files\Yahoo!
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\documents and settings\Fauzan\Application Data\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\documents and settings\Fauzan\Application Data\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 -------- d-----w- c:\program files\VSO
2009-05-03 15:29 . 2009-05-03 15:29 210376 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-03 09:33 . 2003-01-24 15:35 358384 ----a-w- c:\documents and settings\Fauzan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 05:19 . 2009-05-03 05:17 -------- d-----w- c:\program files\Intellipool Network Monitor
2009-05-03 05:15 . 2009-05-03 05:14 490865 ----a-w- c:\windows\system32\amnau32.dll
2009-05-03 05:15 . 2009-05-03 05:14 -------- d-----w- c:\program files\AutoMate 6
2009-05-03 05:15 . 2009-05-03 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Automation
2009-05-03 05:11 . 2009-02-04 09:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-03 05:05 . 2009-05-03 05:05 -------- d-----w- c:\program files\Numara Software
2009-05-02 16:33 . 2009-05-02 16:33 -------- d-----w- c:\program files\Runtime Software
2009-04-30 12:23 . 2009-01-25 01:06 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Winamp
2009-04-30 10:02 . 2009-01-24 19:23 -------- d-----w- c:\program files\AutoGK
2009-04-17 05:46 . 2009-04-17 05:46 -------- d-----w- c:\program files\Kamus2
2009-04-14 13:08 . 2009-04-14 13:08 -------- d-----w- c:\program files\Swift 3D 3.00
2009-04-14 13:00 . 2009-04-14 13:00 -------- d--h--w- c:\documents and settings\Fauzan\Application Data\FVSTemp
2009-04-14 12:59 . 2009-04-14 12:59 -------- d-----w- c:\program files\Flash Particle Studio 1.0
2009-04-14 12:55 . 2009-04-14 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alex and Alex Soft
2009-04-14 12:50 . 2009-04-14 12:47 -------- d-----w- c:\program files\1 Flash Slideshow
2009-04-14 10:54 . 2009-04-14 10:52 -------- d-----w- c:\program files\coolpro2
2009-04-14 10:53 . 2009-04-14 10:53 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Syntrillium
2009-04-11 12:10 . 2009-01-24 17:38 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-05 15:04 . 2009-01-25 01:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-24 11:41 . 2009-02-14 11:31 432 ----a-w- c:\windows\global.tmp
2009-03-18 04:36 . 2009-03-18 04:36 410976 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_15.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 16:05 . 2009-06-03 16:05 16384 c:\windows\Temp\Perflib_Perfdata_538.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-6 1719496]
PixelView Schedule Agent.lnk - c:\program files\PixelView\ADTVScheduleAgent.exe [2003-1-24 45056]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoPwdPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"navapsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files Games\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files Games\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files Games\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11779:TCP"= 11779:TCP:*:Disabled:torewn

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [2/4/2009 6:07 PM 339968]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [1/24/2003 10:56 PM 907520]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [1/22/2007 7:59 AM 594944]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\apache.exe [2/4/2009 6:06 PM 20541]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2/4/2009 6:07 PM 66347]
S4 Intellipool Network Monitor;Intellipool Network Monitor;c:\program files\Intellipool Network Monitor\inmservice.exe [5/3/2009 12:17 PM 5903872]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 10.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {F750C98A-5567-4969-8C68-47254708B242} = 202.155.0.20,202.155.0.15
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://localhost/IndahJaya/index.php
FF - component: c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll

---- FIREFOX POLICIES ----
//Settings Added By Reohix Internet Cell Boost
FF - user.js: network.http.max-connections - 50
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-connections-per-proxy - 20
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 23:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sndsrvc]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\eset\eset security\currentversion\info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.437.0"
"UniqueId"="000810934A255506"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3696)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\program files\Orbitdownloader\orbitnet.exe
.
**************************************************************************
.
Completion time: 2009-06-03 23:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 16:08
ComboFix2.txt 2009-06-03 15:14

Pre-Run: 49,015,369,728 bytes free
Post-Run: 48,997,748,736 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
296

Hello.
I made a few mistakes in my last script so we need to run Combofix one more time.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• uTorrent
  

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Folder::
c:\program files\uTorrent
c:\documents and settings\Fauzan\Application Data\uTorrent

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-06-01.03 - Fauzan 06/03/2009 23:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2823 [GMT 7:00]
Running from: c:\documents and settings\Fauzan\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Fauzan\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Malwarebytes
2009-06-03 12:52 . 2009-05-26 06:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 12:52 . 2009-05-26 06:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-03 12:52 . 2009-06-03 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-03 12:08 . 2009-06-03 12:08 6 ----a-w- C:\tw0001.dat
2009-06-03 11:27 . 2009-06-03 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-02 17:08 . 2009-06-02 17:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\program files\ESET
2009-06-02 16:36 . 2009-06-02 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-06-02 11:13 . 2009-06-03 16:20 -------- d-----w- c:\program files\Super Internet TV
2009-06-02 10:56 . 2009-06-02 10:56 -------- d-----w- c:\program files\Gogglebox TV
2009-06-01 17:14 . 2009-06-01 17:14 -------- d-----w- C:\downloads
2009-06-01 15:44 . 2009-06-01 15:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\program files\Governor of Poker
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\windows\Governor of Poker
2009-06-01 13:06 . 2009-06-01 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FreshGames
2009-06-01 13:05 . 2009-06-01 13:06 -------- d-----w- c:\program files\Ranch Rush
2009-06-01 12:36 . 2009-06-01 12:37 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Go-Go Gourmet Chef of the Year
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\program files\Go-Go Gourmet 2 - Chef of the Year
2009-06-01 12:36 . 2009-06-01 12:36 -------- d-----w- c:\windows\Go-Go Gourmet 2 - Chef of the Year
2009-05-31 14:17 . 2009-05-31 14:17 14848 ----a-w- c:\windows\system32\winsysrv.exe
2009-05-31 10:11 . 2009-05-31 10:11 -------- d-----w- C:\VundoFix Backups
2009-05-31 09:59 . 2003-02-02 12:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-05-31 09:59 . 2002-03-05 17:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-05-31 09:59 . 2005-05-05 08:11 3440 ----a-w- c:\windows\undo.reg
2009-05-31 09:59 . 2009-05-31 10:06 -------- d-----w- c:\program files\Trojan Remover
2009-05-29 15:00 . 2009-05-29 15:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-29 14:29 . 2009-05-29 14:38 -------- d-----w- c:\documents and settings\Fauzan\Application Data\BSplayer PRO
2009-05-29 14:29 . 2009-05-29 14:38 -------- d-----w- c:\program files\Webteh
2009-05-26 01:07 . 2009-05-26 01:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\CyberLink
2009-05-26 01:07 . 2009-05-26 01:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerCinema
2009-05-23 09:14 . 2009-05-23 09:14 -------- d-----w- c:\program files\PlayFLV
2009-05-23 09:11 . 2009-05-23 09:11 -------- d-sh--w- c:\windows\ftpcache
2009-05-22 11:28 . 2009-05-22 11:28 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Uniblue
2009-05-21 13:35 . 2009-05-21 13:35 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Stardock
2009-05-21 13:27 . 2009-05-21 13:27 -------- d-----w- c:\program files\Stardock
2009-05-20 13:13 . 2009-05-20 13:14 -------- d-----w- c:\program files\Easy Mosaic 2005 Trial V12
2009-05-19 17:50 . 2009-05-19 17:50 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerDVDCox
2009-05-19 17:50 . 2009-05-19 17:50 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\PowerDVDCinema
2009-05-19 17:48 . 2009-05-19 17:48 -------- d-----w- c:\program files\Common Files\CyberLink
2009-05-19 17:47 . 2009-05-19 17:47 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-18 09:03 . 2009-02-07 00:43 24576 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
2009-05-16 22:44 . 2008-11-03 04:29 731 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\test.bat
2009-05-16 22:44 . 2008-11-03 04:29 49152 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll
2009-05-16 22:44 . 2008-11-03 04:29 200 ----a-w- c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\config.bat
2009-05-14 08:49 . 2009-05-14 08:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 08:47 . 2009-05-14 08:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 08:41 . 2009-05-14 08:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-09 07:28 . 2009-05-09 07:28 -------- d-----w- c:\program files\SubRip
2009-05-07 23:11 . 2009-05-07 23:11 -------- d-----w- c:\program files\DSL Speed
2009-05-07 11:29 . 2009-05-07 11:29 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo
2009-05-07 11:27 . 2009-03-18 10:55 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-05-07 09:02 . 2009-05-07 12:05 -------- d-----w- c:\windows\system32\dns
2009-05-07 00:08 . 2009-05-07 00:08 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo! Inc
2009-05-07 00:08 . 2009-05-07 00:08 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\IsolatedStorage
2009-05-07 00:07 . 2009-05-07 00:07 -------- d-----w- c:\documents and settings\Fauzan\Local Settings\Application Data\Yahoo!_Inc
2009-05-05 17:12 . 2009-05-06 14:04 -------- d-----w- c:\documents and settings\Fauzan\Application Data\GrabPro
2009-05-05 17:12 . 2009-06-03 16:27 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Orbit
2009-05-05 17:12 . 2009-06-03 11:44 -------- d-----w- c:\program files\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 16:20 . 2009-04-14 12:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-03 14:56 . 2009-03-17 12:30 -------- d-----w- c:\documents and settings\Fauzan\Application Data\DMCache
2009-06-02 10:41 . 2009-05-04 12:23 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Vso
2009-05-31 14:19 . 2009-02-23 10:50 2476256 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-30 07:58 . 2009-05-03 15:15 -------- d-----w- c:\documents and settings\Fauzan\Application Data\mIRC
2009-05-29 18:28 . 2009-05-03 15:15 -------- d-----w- c:\program files\mIRC
2009-05-27 03:23 . 2009-01-25 01:25 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-19 17:50 . 2009-05-01 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-05-19 17:50 . 2009-05-01 23:14 -------- d-----w- c:\documents and settings\Fauzan\Application Data\CyberLink
2009-05-19 17:48 . 2003-01-24 15:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-19 17:47 . 2009-05-01 23:11 -------- d-----w- c:\program files\CyberLink
2009-05-19 17:47 . 2009-05-01 23:12 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-19 17:47 . 2009-01-25 01:08 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-05-15 16:27 . 2009-03-18 11:38 -------- d-----w- c:\program files\Internet Cell Boost
2009-05-07 11:27 . 2009-03-18 04:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-05-07 00:06 . 2009-03-18 04:42 -------- d-----w- c:\program files\Yahoo!
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\documents and settings\Fauzan\Application Data\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 47360 ----a-w- c:\documents and settings\Fauzan\Application Data\pcouffin.sys
2009-05-04 12:23 . 2009-05-04 12:23 -------- d-----w- c:\program files\VSO
2009-05-03 15:29 . 2009-05-03 15:29 210376 ---ha-w- c:\windows\system32\mlfcache.dat
2009-05-03 09:33 . 2003-01-24 15:35 358384 ----a-w- c:\documents and settings\Fauzan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 05:19 . 2009-05-03 05:17 -------- d-----w- c:\program files\Intellipool Network Monitor
2009-05-03 05:15 . 2009-05-03 05:14 490865 ----a-w- c:\windows\system32\amnau32.dll
2009-05-03 05:15 . 2009-05-03 05:14 -------- d-----w- c:\program files\AutoMate 6
2009-05-03 05:15 . 2009-05-03 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Automation
2009-05-03 05:11 . 2009-02-04 09:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-03 05:05 . 2009-05-03 05:05 -------- d-----w- c:\program files\Numara Software
2009-05-02 16:33 . 2009-05-02 16:33 -------- d-----w- c:\program files\Runtime Software
2009-04-30 12:23 . 2009-01-25 01:06 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Winamp
2009-04-30 10:02 . 2009-01-24 19:23 -------- d-----w- c:\program files\AutoGK
2009-04-17 05:46 . 2009-04-17 05:46 -------- d-----w- c:\program files\Kamus2
2009-04-14 13:08 . 2009-04-14 13:08 -------- d-----w- c:\program files\Swift 3D 3.00
2009-04-14 13:00 . 2009-04-14 13:00 -------- d--h--w- c:\documents and settings\Fauzan\Application Data\FVSTemp
2009-04-14 12:59 . 2009-04-14 12:59 -------- d-----w- c:\program files\Flash Particle Studio 1.0
2009-04-14 12:55 . 2009-04-14 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Alex and Alex Soft
2009-04-14 12:50 . 2009-04-14 12:47 -------- d-----w- c:\program files\1 Flash Slideshow
2009-04-14 10:54 . 2009-04-14 10:52 -------- d-----w- c:\program files\coolpro2
2009-04-14 10:53 . 2009-04-14 10:53 -------- d-----w- c:\documents and settings\Fauzan\Application Data\Syntrillium
2009-04-11 12:10 . 2009-01-24 17:38 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-04-05 15:04 . 2009-01-25 01:09 -------- d-----w- c:\program files\Common Files\Adobe
2009-03-24 11:41 . 2009-02-14 11:31 432 ----a-w- c:\windows\global.tmp
2009-03-18 04:36 . 2009-03-18 04:36 410976 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_15.12.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 16:27 . 2009-06-03 16:27 16384 c:\windows\temp\Perflib_Perfdata_534.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-5-6 1719496]
PixelView Schedule Agent.lnk - c:\program files\PixelView\ADTVScheduleAgent.exe [2003-1-24 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"navapsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files Games\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files Games\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"d:\\Program Files Games\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Program Files Games\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\GCP2009.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 USB Modem.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files Games\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files Games\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"d:\\Program Files Games\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11779:TCP"= 11779:TCP:*:Disabled:torewn

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 XMail;Apache2Triad Xmail Service;c:\apache2triad\mail\bin\xmail.exe [2/4/2009 6:07 PM 339968]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [1/24/2003 10:56 PM 907520]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [1/22/2007 7:59 AM 594944]
S3 Apache2SSL;Apache2Triad Apache2 Service with SSL;c:\apache2triad\bin\apache.exe [2/4/2009 6:06 PM 20541]
S3 PgSql;Apache2Triad PostgreSQL Service;c:\apache2triad\pgsql\bin\pg_ctl.exe [2/4/2009 6:07 PM 66347]
S4 Intellipool Network Monitor;Intellipool Network Monitor;c:\program files\Intellipool Network Monitor\inmservice.exe [5/3/2009 12:17 PM 5903872]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-05-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 08:17]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 10.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {F750C98A-5567-4969-8C68-47254708B242} = 202.155.0.20,202.155.0.15
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://localhost/IndahJaya/index.php
FF - component: c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Fauzan\Application Data\Mozilla\Firefox\Profiles\z937reuo.default\extensions\speedtest@gotomyhelp.com\components\NetDiag.dll

---- FIREFOX POLICIES ----
//Settings Added By Reohix Internet Cell Boost
FF - user.js: network.http.max-connections - 50
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-connections-per-proxy - 20
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 32
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 23:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sndsrvc]
"ImagePath"="-"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\eset\eset security\currentversion\info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\Documents and Settings\\All Users\\Application Data\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.437.0"
"UniqueId"="000810934A255506"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4052)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Common Files\CyberLink\PowerDVD9\deskband32.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\apache2triad\mysql\bin\mysqld.exe
c:\program files\Orbitdownloader\orbitnet.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-03 23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 16:29
ComboFix2.txt 2009-06-03 16:08
ComboFix3.txt 2009-06-03 15:14

Pre-Run: 49,013,002,240 bytes free
Post-Run: 48,994,758,656 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
277

So I can't use my utorrent anymore? because it's not a safe program or my old utorrent was already infected?

All torrent/p2p programs dangerous, the programs themself maybe clean, but files on torrents may not be clean, and this is how 95% of infections get in.

ooh,,i see..
So, what should I do next?

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

Is that it??
Yes,,my system running very smooth now (before,,refreshing my desktop takes a long delay)..

Thanks a lot!! I don't know how you do that,,but I really appreciate your help..
You guys are amazing,,helping a stranger like me...

THANKS!!!

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

But how about my ms.office07,,i heard that it won't work either..?

,,anyway,,thanks for everything...

Oh, yes, that too. Forgot about Office.

arrgh..
I use my ms.office very frequent.. Well,I guess I need to find another way to solve my security problems, especially about my windows critical update..

I will take your advice very seriously,and do them immediately..
Thanks..

Open Office is another free alternative.