Member Panel

Obsidian · 03:18 AM

Will you please copy and paste your logs....thankyou

Did everything you said, the system froze while shutting down, so i turned it off and when windows came back ComboFix continued working and saved the logfile like normal.

Error message now has the numbers [456].

ComboFix 08-05-01.3 - Administrator 2008-05-04 20:25:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1652 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\cbdabdeeac_r.dll
C:\WINDOWS\system32\fbbcaee6_d.dll
C:\WINDOWS\system32\taskmgr.sln
C:\WINDOWS\system32\taskmgr.suo
.
/wow section - STAGE 41
pv: No matching processes found
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw
C:\WINDOWS\system32\cbdabdeeac_r.dll
C:\WINDOWS\system32\fbbcaee6_d.dll
C:\WINDOWS\system32\taskmgr.sln
C:\WINDOWS\system32\taskmgr.suo
.
((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.
2008-05-03 20:39 . 2008-05-03 20:39 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Applicati on Data\MEGAUPLOADTOOLBAR
2008-05-03 20:39 . 2008-05-03 20:39 <DIR> d-------- C:\Program Files\Svconr
2008-05-03 20:03 . 2008-05-03 20:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-03 19:56 . 2008-05-03 20:14 <DIR> d-------- C:\SDFix
2008-05-03 16:08 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-03 00:55 . 2008-05-03 20:35 104,960 --a------ C:\WINDOWS\system32\VT100.EXE
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-25 17:53 . 2008-04-25 17:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-04-24 17:33 . 2008-04-24 17:33 <DIR> d-------- C:\Program Files\iPod
2008-04-16 20:38 . 2008-04-16 20:38 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-16 18:55 . 2008-04-16 19:47 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-16 18:55 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-16 18:55 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-11 19:10 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:09 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:09 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:08 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-04-11 19:08 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:07 . 2007-11-10 12:26 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 19:07 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2008-04-11 19:06 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:05 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:05 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:04 . 2008-04-24 17:29 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-04-24 17:29 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:04 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:03 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-05-04 20:26 <DIR> d-------- C:\WINDOWS\system32
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ystem32
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:03 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:03 . 2008-04-11 18:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\S?mantec
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 19:02 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:02 . 2008-04-11 19:01 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:02 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:02 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:01 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:01 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:01 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\s?mbols
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:01 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\çasks
2008-04-11 19:00 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\àppPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\W?nSxS
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\?ymantec
2008-04-11 19:00 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:00 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:00 . 2008-03-06 17:51 <DIR> d-------- C:\Program Files\Adobe
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\S?mantec
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?curity
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ymantec
2008-04-11 19:00 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:00 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\T?sks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-04-11 18:59 . 2008-04-12 14:24 <DIR> d-------- C:\WINDOWS\security
2008-04-11 18:59 . 2008-01-31 20:40 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-04-11 18:59 . 2008-03-24 15:06 <DIR> d-------- C:\WINDOWS\AppPatch
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\?racle
2008-04-11 18:59 . 2008-04-27 14:41 <DIR> dr--s---- C:\WINDOWS\assembly
2008-04-11 18:59 . 2008-01-31 20:33 <DIR> d-------- C:\WINDOWS\symbols
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\S?mantec
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?curity
2008-04-11 18:59 . 2007-11-10 12:26 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-04-11 18:59 . 2007-11-10 12:26 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 18:59 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-04-11 18:59 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 18:59 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2008-04-11 18:59 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\?ssembly
2008-04-11 18:59 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\àppPatch
2008-04-11 18:59 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\çasks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\W?nSxS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-05 01:41 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-05 01:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-05-05 01:41 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-05 00:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-02 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 00:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-30 00:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-04-27 19:42 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-27 19:41 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-04-27 05:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 22:33 --------- d-----w C:\Program Files\iTunes
2008-04-24 22:32 --------- d-----w C:\Program Files\QuickTime
2008-04-13 05:32 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-04-09 23:33 --------- d-----w C:\Program Files\Wireshark
2008-04-09 23:33 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-09 23:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-04-09 23:19 --------- d-----w C:\Program Files\BurnInTest
2008-04-09 23:10 --------- d-----w C:\Program Files\AC3Filter
2008-04-09 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-04 21:04 --------- d-----w C:\Program Files\Valve Hammer Editor
2008-03-29 18:43 880,640 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 18:43 --------- d-----w C:\Program Files\FireTune
2008-03-24 19:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-24 17:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-17 16:17 --------- d-----w C:\Program Files\AudioShell
2008-03-17 16:12 --------- d-----w C:\Program Files\TagRename
2008-03-17 16:09 --------- d-----w C:\Program Files\Abdio
2008-03-17 16:06 --------- d-----w C:\Program Files\Hexprobe
2008-03-09 22:26 573,440 ----a-w C:\WINDOWS\AJScreensaver.scr
2008-03-09 17:17 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\FVSTemp
2008-03-09 16:52 --------- d-----w C:\Program Files\Electronic Arts
2008-03-09 16:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-07 02:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-25 00:36 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-02-23 18:42 543,800 ----a-w C:\WINDOWS\system32\PGPdskUI.dll
2008-02-23 18:42 401,976 ----a-w C:\WINDOWS\system32\PGPdskEn.dll
2008-02-23 18:42 4,572,728 ----a-w C:\WINDOWS\system32\PGPcl.dll
2008-02-23 18:42 3,258,424 ----a-w C:\WINDOWS\system32\PGPsc.dll
2008-02-23 18:42 274,488 ----a-w C:\WINDOWS\system32\pgpgw.dll
2008-02-23 18:42 162,132 ----a-w C:\WINDOWS\system32\PGPlspRollback.reg
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-18 16:39 524,288 ----a-w C:\WINDOWS\opuc.dll
2008-02-16 00:00 984,576 ----a-w C:\Documents and Settings\Administrator\Application Data\kernel33.dll
2008-02-11 04:44 52,224 ----a-w C:\WINDOWS\system32\jpg.dll
2004-09-28 01:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
.
------- Sigcheck -------
2007-11-25 15:41 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
2007-06-13 05:23 1043968 f8655f96b0ef9116738ec1092dc4a381 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1076736 a0ac0caf7f1f16ca295d5f9e5a18ff23 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1043968 4b39cd60a0bf8cd65946cfef65914f82 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-12 08:18 26112 dd545714c04b6f169de685be1462d95d C:\WINDOWS\system32\ctfmon.exe
2004-08-12 08:18 26112 7486b56961ef60d6be46d97129a96b27 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((( snapshot@2008-05-03_20.37.23.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 01:35:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 01:40:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2000-08-31 13:00:00 40,960 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-05-04 01:35:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
+ 2008-05-05 01:40:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\i ndex.dat
- 2008-05-04 01:35:12 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-05 01:40:46 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-04 01:35:12 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 01:40:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 01:41:20 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_d9c.dat
- 2000-08-31 13:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 13:00:00 65,092 ----a-w C:\WINDOWS\VFind.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ic onOverlayHandlerAccessible]
@={3DBF5F01-3287-46EB-82CF-45AA5C241162}
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-02-02 18:04 380472 --a------ C:\WINDOWS\system32\pgpfsshl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-07 18:30 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 26112]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 16:27 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-07 13:19 50528]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 05:26 1694656]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1704960]
"Steam"="c:\program files\steam\steam.exe" [2008-04-06 11:21 1271032]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3640368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 17:52 8531968]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 10:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 10:26 55856]
"Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [2008-02-15 16:18 5224384]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-05 17:16 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 425984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-05-04 20:42 37376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"WinodwsUpdate"="service.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Svconr"="C:\Program Files\Svconr\Svconr.exe" [2008-05-03 20:39 71284]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-22 20:07:44 1007616]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-07 18:30:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-29 18:15:17 704512]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{3EAF9D5B-B0E8-4344-94E7-B27EB6C1B87B}\Icon6560581611.exe [2008-02-23 13:42:22 98816]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 129536]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 20:39 429568 C:\Program Files\ASUS\Ai Gear\GearHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-11-30 11:23 1464832 C:\Program Files\ASUS\Ai Nap\AiNap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2005-12-12 09:36 221184 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-01-08 21:43 65628 C:\Program Files\Creative\Shared Files\CTSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-10 12:00 52736 C:\WINDOWS\CTRegRun.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 10:46 31232 C:\WINDOWS\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 11:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-12-08 15:24 3760640 C:\Program Files\ASUS\AI Booster\OverClk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LcdStudio]
C:\Program Files\LcdStudio\LcdStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1704960 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
--a------ 2006-07-10 22:10 213504 C:\WINDOWS\system32\nvraidservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 425984 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 11:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharK]
C:\WINDOWS\system32\The sharK Project.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 299008 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinodwsUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\garrysmod\\hl 2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotc ore3.sys [2007-04-27 17:25]
R0 pgpfs;PGP File Sharing;C:\WINDOWS\system32\Drivers\PGPfsfd.sys [2008-02-02 18:04]
R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2008-02-02 18:05]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-02-17 17:22]
R2 DoublePasswordSvc

oublePasswordSvc;C:\Program Files\Double Password\DblPswService.exe [2006-05-11 05:45]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdis k.sys [2008-02-02 18:04]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Driv ers\PGPsdk.sys [2008-02-02 18:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 SRTSERVERDAEMON;Titan FTP Server Daemon;"C:\WINDOWS\system32\srxTitan.exe" [2007-08-07 13:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\Maplom L.sys [2008-02-15 12:34]
S2 Abel;Abel;C:\Program Files\Cain\Abel.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 15:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-01-28 13:13]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.s ys [2006-06-23 10:35]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B1B5B04F-A20B-A6E0-E050-F0F00BCD201C}]
C:\WINDOWS\system32\My_Server.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 12:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 22:27:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-18 23:27:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 20:41:09
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
C:\WINDOWS\system32\VT100.EXE [5488] 0x868A7DA0
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VT100 Emulator = C:\WINDOWS\system32\VT100.EXE
runner1 = C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run]
"VT100 Emulator"="C:\\WINDOWS\\system32\\VT100.EXE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Double Password\dblpsw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\TEMP\DILB.tmp
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\mrofinu1001186.exexe
.
************************************************** ************************
.
Completion time: 2008-05-04 20:43:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-05 01:43:46
ComboFix2.txt 2008-05-04 02:57:23
ComboFix3.txt 2008-05-04 01:37:39
Pre-Run: 5,765,816,320 bytes free
Post-Run: 8,659,427,328 bytes free
482 --- E O F --- 2008-04-09 03:19:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:31 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Double Password\DblPswService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\srxTitan.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [WinodwsUpdate] service.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5031/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DoublePasswordSvc - Unknown owner - C:\Program Files\Double Password\DblPswService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - South River Technologies, Inc. - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 17883 bytes

Pancake · 11:31 PM

Looks like we have a lot more to fix yet..I have had to alter the file names so that Combofix can remove them.Lets see how it goes.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Killall::

Folder::
C:\Program Files\icrosoft~1
C:\Program Files\Mcrosoft~1
C:\Program Files\Common Files\Tsks~1
C:\Documents and Settings\Administrator\Application Data\Mcrosoft.NET~1
C:\Documents and Settings\Administrator\Application Data\Tsks~1
C:\WINDOWS\system32\ymbols~1
C:\Program Files\Common Files\Tsks~1
C:\Program Files\ApPatch~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\ApPatch~1
C:\WINDOWS\system32\Tsks~1
C:\Program Files\Common Files\ppPatch~1
C:\Documents and Settings\Administrator\Application Data\icrosoft.NET~1
C:\Documents and Settings\Administrator\Application Data\ApPatch~1
C:\WINDOWS\system32\asembly~1
C:\WINDOWS\system32\ApPatch~1
C:\WINDOWS\system32\Mcrosoft.NET~1
C:\Program Files\Common Files\ystem32~1
C:\Program Files\Common Files\ppPatch~1
C:\Program Files\asembly~1
C:\Documents and Settings\Administrator\Application Data\sstem~1
C:\Documents and Settings\Administrator\Application Data\ystem32~1
C:\Documents and Settings\Administrator\Application Data\ppPatch~1
C:\Documents and Settings\Administrator\Application Data\sstem32~1
C:\Documents and Settings\Administrator\Application Data\smbols~1
C:\Documents and Settings\Administrator\Application Data\Smantec~1
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\ecurity~1
C:\WINDOWS\system32\sstem32~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\Mcrosoft~1
C:\Program Files\Common Files\sstem32~1
C:\Program Files\Common Files\Mcrosoft.NET~1
C:\Program Files\sstem~1
C:\Documents and Settings\Administrator\Application Data\Tsks~1
C:\Documents and Settings\Administrator\Application Data\smbols~1
C:\Documents and Settings\Administrator\Application Data\icrosoft.NET~1
C:\Documents and Settings\Administrator\Application Data\scurity~1
C:\Program Files\Common Files\Mcrosoft~1
C:\Program Files\racle~1
C:\Program Files\ApPatch~1
C:\Program Files\smbols~1
C:\Documents and Settings\Administrator\Application Data\Mcrosoft.NET~1
C:\Documents and Settings\Administrator\Application Data\asks~1
C:\WINDOWS\system32\sstem~1
C:\Program Files\WnSxS~1
C:\Program Files\Mcrosoft~1
C:\Program Files\Common Files\ApPatch~1
C:\Program Files\Common Files\ssembly~1
C:\Program Files\Common Files\icrosoft.NET~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\asembly~1
C:\Program Files\ymantec~1
C:\Program Files\racle~1
C:\Program Files\ppPatch~1
C:\Program Files\icrosoft~1
C:\Program Files\asks~1
C:\Program Files\Smantec~1
C:\Program Files\scurity~1
C:\Documents and Settings\Administrator\Application Data\sstem32~1
C:\Documents and Settings\Administrator\Application Data\scurity~1
C:\Documents and Settings\Administrator\Application Data\ApPatch~1
C:\Documents and Settings\Administrator\Application Data\ymantec~1
C:\WINDOWS\system32\Tsks~1
C:\WINDOWS\system32\sstem32~1
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\Mcrosoft.NET~1
C:\WINDOWS\system32\ymantec~1
C:\WINDOWS\racle~1
C:\Program Files\sstem32~1
C:\Program Files\sstem~1
C:\Program Files\Smantec~1
C:\Program Files\scurity~1
C:\Program Files\Common Files\scurity~1
C:\Program Files\Common Files\asembly~1
C:\Program Files\Common Files\icrosoft.NET~1
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\Mcrosoft~1
C:\Program Files\ssembly~1
C:\Program Files\ppPatch~1
C:\Program Files\asks~1
C:\Program Files\sstem32~1
C:\Program Files\Tsks~1

File:
C:\WINDOWS\mrofinu1001186.exexe

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Obsidian

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:29 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Double Password\DblPswService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\srxTitan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [WinodwsUpdate] service.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud