Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » explorer.exe crash on start up

[Fixed] Hijackthis! Logs - explorer.exe crash on start up posted in the Security & Safety forums; Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 7 of 8 « First < 3 4 5 6 7 8 >
  #43  
Old 05-10-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,650
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: explorer.exe crash on start up
Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O4 - HKUS\S-1-5-18\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [QdrPack15] "C:\Program Files\QdrPack\QdrPack15.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [qiqr] C:\Program Files\Common Files\qiqr\qiqrm.exe (User 'SYSTEM')

Reboot......................
==========================
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:
Killall::
File::
C:\WPA_Kill.exe
C:\WPA Kill.exe
Folder::
C:\found.000
C:\Program Files\\JavaCore
F:\QFTROP2\virtual dub
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by Pancake; 05-11-2008 at 12:02 AM.
  #44  
Old 05-11-2008
Bronze Member
  
Join Date: Sep 2006
Posts: 54
Obsidian - See this Members User comments on their Profile page
Default Re: explorer.exe crash on start up
ComboFix 08-05-01.3 - Administrator 2008-05-10 20:08:47.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1611 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Cleanup Utilities\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WPA Kill.exe
C:\WPA_Kill.exe
.
/wow section - STAGE 41
pv: No matching processes found
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\found.000
C:\found.000\file0000.chk
C:\WINDOWS\mrofinu1001186.exe
C:\WPA Kill.exe
C:\WPA_Kill.exe
F:\QFTROP2\virtual dub
F:\QFTROP2\virtual dub\auxsetup.exe
F:\QFTROP2\virtual dub\aviproxy\proxyoff.reg
F:\QFTROP2\virtual dub\aviproxy\proxyon.reg
F:\QFTROP2\virtual dub\aviproxy\readme.txt
F:\QFTROP2\virtual dub\copying
F:\QFTROP2\virtual dub\plugins\readme.txt
F:\QFTROP2\virtual dub\vdicmdrv.dll
F:\QFTROP2\virtual dub\vdremote.dll
F:\QFTROP2\virtual dub\vdsvrlnk.dll
F:\QFTROP2\virtual dub\vdub.exe
F:\QFTROP2\virtual dub\VirtualDub.chm
F:\QFTROP2\virtual dub\VirtualDub.exe
F:\QFTROP2\virtual dub\VirtualDub.vdi

.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 19:26 . 2008-05-10 19:26 0 --a------ C:\WINDOWS\Brownie.ini
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> d-------- C:\Program Files\Brother
2008-05-10 16:25 . 2008-05-10 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-05-10 15:41 . 2008-05-10 15:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 15:41 . 2008-05-10 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-05-09 21:10 . 2008-05-09 21:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-09 21:10 . 2008-05-09 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 20:23 . 2008-05-10 19:27 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-05-08 20:23 . 2008-05-10 19:27 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-05-08 20:19 . 2004-08-12 08:35 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-08 20:17 . 2004-08-12 08:20 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-08 20:16 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-05-08 20:15 . 2004-08-12 08:20 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-08 13:39 . 2006-08-21 21:24 363,008 --a------ C:\WINDOWS\system32\idecoi.dll
2008-05-08 13:39 . 2006-08-21 21:24 105,344 --a------ C:\WINDOWS\system32\drivers\nvatabus.sys
2008-05-08 13:39 . 2006-08-21 21:24 89,344 --a------ C:\WINDOWS\system32\drivers\nvraid.sys
2008-05-08 13:39 . 2006-08-21 21:24 19,456 --a------ C:\WINDOWS\system32\nvraidco.dll
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-06 20:25 . 2008-05-06 20:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-06 18:40 . 2004-08-03 22:41 1,309,184 --a------ C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-05-06 18:39 . 2004-08-03 22:29 701,440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-05-06 18:31 . 2008-05-06 20:28 96,022 --a------ C:\WINDOWS\setupapi.old
2008-05-06 18:15 . 2008-05-06 18:15 <DIR> d-------- C:\Program Files\Spcron
2008-05-03 20:39 . 2008-05-09 21:35 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Applicati on Data\MEGAUPLOADTOOLBAR
2008-05-03 20:03 . 2008-05-03 20:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-03 19:56 . 2008-05-03 20:14 <DIR> d-------- C:\SDFix
2008-05-03 16:08 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-03 00:55 . 2008-05-05 18:11 91,136 --a------ C:\WINDOWS\system32\VT100.EXE
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-25 17:53 . 2008-04-25 17:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-04-24 17:33 . 2008-04-24 17:33 <DIR> d-------- C:\Program Files\iPod
2008-04-16 20:38 . 2008-04-16 20:38 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-16 18:55 . 2008-04-16 19:47 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-16 18:55 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-16 18:55 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-13 19:11 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-04-13 19:09 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbdpash.dll
2008-04-13 19:09 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbdnepr.dll
2008-04-13 19:09 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbdiultn.dll
2008-04-13 19:09 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbdbhc.dll
2008-04-13 13:56 . 2004-08-03 23:04 30,080 --a------ C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 13:56 . 2004-08-03 23:04 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 13:46 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 13:45 . 2004-08-03 23:08 40,832 --a------ C:\WINDOWS\system32\drivers\irbus.sys
2008-04-13 13:45 . 2004-08-03 23:08 15,104 --a------ C:\WINDOWS\system32\drivers\hidir.sys
2008-04-13 13:43 . 2008-04-13 13:43 20,480 --a------ C:\WINDOWS\system32\comsdupd.exe
2008-04-13 13:43 . 2004-08-03 23:04 13,568 --a------ C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 13:43 . 2004-08-03 23:04 12,672 --a------ C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 13:40 . 2008-04-13 13:40 10,240 --a------ C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 13:36 . 2004-08-03 23:07 46,464 --a------ C:\WINDOWS\system32\drivers\gagp30kx.sys
2008-04-13 13:36 . 2004-08-03 23:07 44,928 --a------ C:\WINDOWS\system32\drivers\agpcpq.sys
2008-04-13 13:36 . 2004-08-03 23:07 44,672 --a------ C:\WINDOWS\system32\drivers\uagp35.sys
2008-04-13 13:36 . 2004-08-03 23:07 43,008 --a------ C:\WINDOWS\system32\drivers\amdagp.sys
2008-04-13 13:36 . 2004-08-03 23:07 42,752 --a------ C:\WINDOWS\system32\drivers\alim1541.sys
2008-04-13 13:36 . 2004-08-03 23:07 42,368 --a------ C:\WINDOWS\system32\drivers\agp440.sys
2008-04-13 13:36 . 2004-08-03 23:07 42,240 --a------ C:\WINDOWS\system32\drivers\viaagp.sys
2008-04-13 13:36 . 2004-08-03 23:07 41,088 --a------ C:\WINDOWS\system32\drivers\sisagp.sys
2008-04-13 13:14 . 2008-04-13 13:14 76,800 --a------ C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 12:27 . 2008-04-13 12:27 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-04-11 19:10 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:09 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:09 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:08 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-04-11 19:08 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:07 . 2008-05-08 20:14 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 19:07 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2008-04-11 19:06 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:05 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:05 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:04 . 2008-05-06 19:18 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-05-06 19:18 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:04 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:03 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-05-10 20:09 <DIR> d-------- C:\WINDOWS\system32
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ystem32
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:03 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:03 . 2008-04-11 18:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\S?mantec
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 19:02 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:02 . 2008-04-11 19:01 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:02 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:02 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:01 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:01 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:01 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\s?mbols
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:01 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\çasks
2008-04-11 19:00 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-11 01:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-11 01:17 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-11 01:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-05-11 00:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-11 00:31 --------- d-----w C:\Program Files\Steam
2008-05-10 22:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\MegauploadToolbar
2008-05-10 21:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-10 21:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-10 20:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-10 02:33 --------- d-----w C:\Program Files\Wireshark
2008-05-10 02:33 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-05-10 02:30 --------- d-----w C:\Program Files\QuickTime
2008-05-10 02:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-10 02:20 --------- d-----w C:\Program Files\BurnInTest
2008-05-10 02:10 --------- d-----w C:\Program Files\AC3Filter
2008-04-27 19:41 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-04-27 05:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 22:33 --------- d-----w C:\Program Files\iTunes
2008-04-14 00:11 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-13 16:36 144,384 ----a-w C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-04-13 05:32 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-04-09 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-09 01:46 --------- d-----w C:\Program Files\MegauploadToolbar
2008-04-04 21:04 --------- d-----w C:\Program Files\Valve Hammer Editor
2008-03-29 18:43 880,640 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 18:43 --------- d-----w C:\Program Files\FireTune
2008-03-24 19:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-24 17:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2008-03-17 16:17 --------- d-----w C:\Program Files\AudioShell
2008-03-17 16:12 --------- d-----w C:\Program Files\TagRename
2008-03-17 16:09 --------- d-----w C:\Program Files\Abdio
2008-03-17 16:06 --------- d-----w C:\Program Files\Hexprobe
2008-03-09 22:26 573,440 ----a-w C:\WINDOWS\AJScreensaver.scr
2008-02-18 16:39 524,288 ----a-w C:\WINDOWS\opuc.dll
2008-02-16 00:00 984,576 ----a-w C:\Documents and Settings\Administrator\Application Data\kernel33.dll
.

------- Sigcheck -------

2008-04-13 19:12 518656 a558ce9fd4fe025984785f8eea281b8c C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
2008-05-10 16:42 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe

2004-08-12 08:19 1075712 6778a617cb501d7148c0089899a28410 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1076736 a0ac0caf7f1f16ca295d5f9e5a18ff23 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f 0595a363bcec5e9229d8564\sp2gdr\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f 0595a363bcec5e9229d8564\sp2qfe\explorer.exe
2008-04-13 19:12 1044480 5225aa034af7002d93c4e8119c5c916e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\explorer.exe
2004-08-12 08:19 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot_2008-05-09_21.05.41.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-10 02:02:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-11 01:16:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2003-12-11 14:32:14 147,456 ------w C:\WINDOWS\brunin03.dll
- 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 40,960 ----a-w C:\WINDOWS\Nircmd.exe
- 2004-08-12 13:27:10 146,432 ----a-w C:\WINDOWS\regedit.exe
+ 2004-08-12 13:27:10 157,184 ----a-w C:\WINDOWS\regedit.exe
- 2004-08-12 13:17:28 11,264 ----a-w C:\WINDOWS\system32\attrib.exe
+ 2004-08-12 13:17:28 22,016 ----a-w C:\WINDOWS\system32\attrib.exe
+ 2004-04-06 06:00:00 126,976 ------w C:\WINDOWS\system32\BrfxD04a.dll
+ 2004-04-12 15:44:36 51,200 ------w C:\WINDOWS\system32\brinsstr.dll
+ 2003-05-06 00:30:22 77,824 ----a-w C:\WINDOWS\system32\Brmfrmps.exe
+ 2002-02-05 06:08:00 81,920 ------w C:\WINDOWS\system32\BrWebIns.dll
+ 2002-02-05 06:07:00 65,536 ------w C:\WINDOWS\system32\Brwebup.exe
- 2004-08-12 13:17:38 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 00:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2008-05-10 02:02:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-05-11 01:16:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-05-10 02:02:33 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-11 01:16:50 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-10 02:02:33 163,840 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-11 01:16:50 163,840 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-08-12 13:23:17 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2005-05-04 19:45:32 2,890,240 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-12 13:23:18 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 19:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-12 13:23:19 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 19:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-12 13:23:19 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 19:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-12 13:23:21 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 19:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-12 13:19:08 14,848 ----a-w C:\WINDOWS\system32\fc.exe
+ 2004-08-12 13:19:08 25,600 ----a-w C:\WINDOWS\system32\fc.exe
- 2004-08-12 13:19:53 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2004-08-12 13:19:53 45,056 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2004-08-12 13:23:17 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2005-05-04 19:45:32 2,890,240 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-12 13:23:18 88,064 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 19:45:36 122,368 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-12 13:23:19 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 19:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-12 13:23:19 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 19:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-12 13:23:21 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 19:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2002-02-13 06:16:00 176,128 ------w C:\WINDOWS\system32\Pdrvinst.dll
- 2008-04-30 00:20:11 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2008-05-10 20:16:26 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
- 2004-08-12 13:29:31 582,144 ----a-w C:\WINDOWS\system32\spider.exe
+ 2004-08-12 13:29:31 614,912 ----a-w C:\WINDOWS\system32\spider.exe
+ 2004-02-26 11:59:28 90,112 ------w C:\WINDOWS\system32\spool\drivers\w32x86\3\Brlfx04 a.dll
+ 2004-06-08 08:01:00 223,885 ------w C:\WINDOWS\system32\spool\drivers\w32x86\3\BROFX04 A.dll
+ 2004-06-08 08:01:00 1,040,554 ------w C:\WINDOWS\system32\spool\drivers\w32x86\3\BRUFX04 A.dll
+ 2004-02-03 21:03:34 40,960 ------w C:\WINDOWS\system32\spool\drivers\w32x86\3\brump04 a.dll
+ 2004-02-26 11:59:28 90,112 ------w C:\WINDOWS\system32\spool\drivers\w32x86\Brlfx04a. dll
+ 2004-06-08 08:01:00 223,885 ------w C:\WINDOWS\system32\spool\drivers\w32x86\BROFX04A. dll
+ 2004-06-08 08:01:00 1,040,554 ------w C:\WINDOWS\system32\spool\drivers\w32x86\BRUFX04A. dll
+ 2004-02-03 21:03:34 40,960 ------w C:\WINDOWS\system32\spool\drivers\w32x86\brump04a. dll
- 2004-08-12 13:30:52 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2004-08-12 13:30:52 86,016 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-12 13:31:06 347,136 ----a-w C:\WINDOWS\system32\tourstart.exe
+ 2004-08-12 13:31:06 357,888 ----a-w C:\WINDOWS\system32\tourstart.exe
- 2004-08-12 13:31:54 24,576 ----a-w C:\WINDOWS\system32\userinit.exe
+ 2004-08-12 13:31:54 68,096 ----a-w C:\WINDOWS\system32\userinit.exe
- 2008-04-14 00:12:38 39,424 ----a-w C:\WINDOWS\system32\verclsid.exe
+ 2008-04-14 00:12:38 72,192 ----a-w C:\WINDOWS\system32\verclsid.exe
- 2004-08-12 13:34:53 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 00:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-12 13:34:54 187,392 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 00:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-12 13:34:55 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 00:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-12 13:34:56 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 00:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-12 13:34:57 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 01:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2004-08-12 13:34:57 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 00:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-05-11 01:16:55 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_220.dat
+ 2008-05-11 01:19:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_270.dat
+ 2008-05-11 01:17:27 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a9c.dat
+ 2008-05-11 01:19:37 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_ae0.dat
+ 2004-01-20 22:10:18 77,824 ------w C:\WINDOWS\twain_32\BrMfSc03\Common\BrScnDev.dll
+ 2002-11-18 19:39:18 36,864 ------w C:\WINDOWS\twain_32\BrMfSc03\Common\BrStiIf.dll
+ 2004-01-27 18:15:08 126,976 ------w C:\WINDOWS\twain_32\BrMfSc03\Common\BrTwds.dll
+ 2004-01-20 22:15:40 176,128 ------w C:\WINDOWS\twain_32\BrMfSc03\Common\BrTwdScn.dll
+ 2004-01-27 18:14:20 131,072 ------w C:\WINDOWS\twain_32\BrMfSc03\Common\BrTwdsUi.dll
+ 2004-07-23 06:42:52 73,728 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdChn.dll
+ 2004-02-05 14:35:44 90,112 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdDan.dll
+ 2004-02-16 23:46:04 94,208 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdDut.dll
+ 2004-02-03 20:36:34 90,112 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdEng.dll
+ 2004-02-05 14:35:48 94,208 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdFre.dll
+ 2004-07-17 15:28:04 94,208 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdGer.dll
+ 2004-02-05 14:35:50 94,208 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdIta.dll
+ 2004-07-17 15:28:04 73,728 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdJpn.dll
+ 2004-02-17 16:37:46 90,112 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdNor.dll
+ 2004-02-05 14:35:52 94,208 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdPor.dll
+ 2004-02-05 14:35:54 94,208 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdSpa.dll
+ 2004-02-05 14:35:56 90,112 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdSwe.dll
+ 2004-01-31 01:16:24 90,112 ------w C:\WINDOWS\twain_32\BrMfSc03\Lang\BrTwdUsa.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ic onOverlayHandlerAccessible]
@={3DBF5F01-3287-46EB-82CF-45AA5C241162}

[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-02-02 18:04 380472 --a------ C:\WINDOWS\system32\pgpfsshl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-07 18:30 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 16:27 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-07 13:19 50528]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 05:26 1694656]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 19:12 1705984]
"Steam"="c:\program files\steam\steam.exe" [2008-04-06 11:21 1271032]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3640368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 10:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 10:26 55856]
"Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [2008-02-15 16:18 5224384]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-05 17:16 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 425984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1638400 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [2007-09-17 01:07 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 95744 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-23 23:20 29696 C:\WINDOWS\system32\Ctxfihlp.exe]
"SRFirstRun"="srclient.dll" [2004-08-12 08:29 67584 C:\WINDOWS\system32\srclient.dll]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-05-23 22:32 25600 C:\WINDOWS\MIDIDEF.EXE]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.e xe" [2004-08-12 08:31 44544]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-22 20:07:44 1007616]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-07 18:30:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-29 18:15:17 704512]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{3EAF9D5B-B0E8-4344-94E7-B27EB6C1B87B}\Icon6560581611.exe [2008-02-23 13:42:22 98816]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2008-05-10 16:26:39 815104]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 129536]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
C:\WINDOWS\system32\catsrvut.dll 2004-08-12 08:17 628224 C:\WINDOWS\system32\catsrvut.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 20:39 429568 C:\Program Files\ASUS\Ai Gear\GearHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-11-30 11:23 1464832 C:\Program Files\ASUS\Ai Nap\AiNap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--a------ 2005-12-12 09:36 221184 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--a------ 2006-01-08 21:43 65628 C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--a------ 1999-10-10 12:00 52736 C:\WINDOWS\CTRegRun.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-05-23 23:20 29696 C:\WINDOWS\system32\Ctxfihlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 11:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-12-08 15:24 3760640 C:\Program Files\ASUS\AI Booster\OverClk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LcdStudio]
C:\Program Files\LcdStudio\LcdStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1705984 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
--a------ 2006-07-10 22:10 213504 C:\WINDOWS\system32\nvraidservice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 425984 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 11:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharK]
C:\WINDOWS\system32\The sharK Project.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 299008 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\garrysmod\\hl 2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotc ore3.sys [2007-04-27 17:25]
R0 pgpfs;PGP File Sharing;C:\WINDOWS\system32\Drivers\PGPfsfd.sys [2008-02-02 18:04]
R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2008-02-02 18:05]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-02-17 17:22]
R2 DoublePasswordSvcoublePasswordSvc;C:\Program Files\Double Password\DblPswService.exe [2006-05-11 05:45]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdis k.sys [2008-02-02 18:04]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Driv ers\PGPsdk.sys [2008-02-02 18:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 SRTSERVERDAEMON;Titan FTP Server Daemon;"C:\WINDOWS\system32\srxTitan.exe" [2007-08-07 13:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-23 22:40]
R3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\Maplom L.sys [2008-02-15 12:34]
S2 Abel;Abel;C:\Program Files\Cain\Abel.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 15:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-01-28 13:13]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.s ys [2006-06-23 10:35]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B1B5B04F-A20B-A6E0-E050-F0F00BCD201C}]
C:\WINDOWS\system32\My_Server.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 12:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 22:27:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-18 23:27:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 20:18:53
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Double Password\dblpsw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
************************************************** ************************
.
Completion time: 2008-05-10 20:21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-11 01:21:42
ComboFix2.txt 2008-05-10 02:05:56
ComboFix3.txt 2008-05-07 00:48:57
ComboFix4.txt 2008-05-06 23:13:54
ComboFix5.txt 2008-05-06 01:55:00

Pre-Run: 19,767,668,736 bytes free
Post-Run: 19,487,780,864 bytes free

577 --- E O F --- 2008-05-10 08:00:43

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:08 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Double Password\DblPswService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\srxTitan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Cleanup Utilities\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5031/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DoublePasswordSvc - Unknown owner - C:\Program Files\Double Password\DblPswService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - South River Technologies, Inc. - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 19261 bytes
  #45  
Old 05-11-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,650
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: explorer.exe crash on start up
Ok.We are nearly done..

Will you rescan with Combofix and post a the log...then....


Go to Kaspersky Online Scanner
Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #46  
Old 05-11-2008
Bronze Member
  
Join Date: Sep 2006
Posts: 54
Obsidian - See this Members User comments on their Profile page
Default Re: explorer.exe crash on start up
Here's The ComboFix Log, The virus scan takes like 4 hours so I'll post that later.
I hope were not not too close to being finished because I'm still getting those rundll32.exe errors which I don't know if that's being caused because I don't have all the updates or if it's being caused by a virus.

ComboFix 08-05-01.3 - Administrator 2008-05-10 20:53:31.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1317 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\Cleanup Utilities\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 19:26 . 2008-05-10 19:26 0 --a------ C:\WINDOWS\Brownie.ini
2008-05-10 16:26 . 2008-05-10 16:26 <DIR> d-------- C:\Program Files\Brother
2008-05-10 16:25 . 2008-05-10 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-05-10 15:41 . 2008-05-10 15:41 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-05-10 15:41 . 2008-05-10 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-05-09 21:10 . 2008-05-09 21:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-09 21:10 . 2008-05-09 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 20:23 . 2008-05-10 19:27 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-05-08 20:23 . 2008-05-10 19:27 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-05-08 20:19 . 2004-08-12 08:35 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-05-08 20:17 . 2004-08-12 08:20 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-05-08 20:16 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-05-08 20:15 . 2004-08-12 08:20 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-08 20:15 . 2008-05-08 20:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-08 13:39 . 2006-08-21 21:24 363,008 --a------ C:\WINDOWS\system32\idecoi.dll
2008-05-08 13:39 . 2006-08-21 21:24 105,344 --a------ C:\WINDOWS\system32\drivers\nvatabus.sys
2008-05-08 13:39 . 2006-08-21 21:24 89,344 --a------ C:\WINDOWS\system32\drivers\nvraid.sys
2008-05-08 13:39 . 2006-08-21 21:24 19,456 --a------ C:\WINDOWS\system32\nvraidco.dll
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-06 20:26 . 2008-05-06 20:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-06 20:25 . 2008-05-06 20:25 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-06 18:40 . 2004-08-03 22:41 1,309,184 --a------