Background Info Before This Occurred:
Last night, I had several applications open: mozilla firefox, AIM, and Google Earth with a newly installed plugin called KML_viewer. (all it does is allow you to look at geocaches while in google earth)

I left all those things open and then went to bed.
When i woke up my screen was blank, (explorer.exe was obviously off) so i restarted and I have JIT Debugger installed, so when I start up my computer, i get a popup stating: An unhandled win32 exception occurred in explorer.exe [688].

so i click no if i want to debug and so then my screen goes blank, i then restart and i get the same popup. i have no clue how to actually use the debugger so i click no again. i then try to pull up taskmanager but i then get this error: An unhandled win32 exception occurred in taskmgr.exe [3220].

if i click no then that closes.

everything works fine in safe mode, so i ran avg and it came up with nothing.

i have windows professional xp with service pack 2

the hijack log file is attached. (sorry but I couldn't run it the proper way you guys wanted me too, I can't put it in it's own folder since I can't access any folders so the .exe is just running from the desktop. I also can't access my options in the view tab of explorer so some things are hidden I think, I also can't change system restore since start is disabled/ not working)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:18:12 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Double Password\DblPswService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\srxTitan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AutoInclude] C:\WINDOWS\TEMP\DIL15.tmp
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [WinodwsUpdate] service.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\Run: [qiqr] C:\PROGRA~1\COMMON~1\qiqr\qiqrm.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/fios_se...zTCPConfig.CAB
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V020...5031/CTPID.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: PGPmapih.dll
O23 - Service: Abel - Unknown owner - C:\Program Files\Cain\Abel.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DoublePasswordSvc - Unknown owner - C:\Program Files\Double Password\DblPswService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - South River Technologies, Inc. - C:\WINDOWS\system32\srxTitan.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 18258 bytes

Attached Files

hijackthis.log (17.8 KB, 1 views)

Please copy and past your logs.....



Please download SDFix from here and save it to your desktop
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.
=================================

Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.
Please visit this webpage for download links, and instructions for running ComboFix

When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems
NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

__________________

• An Australian Member of
• 
• and
• 

Alright, here are the things you wanted.

As a side note, JIT Debugger now fives a slightly different warning, the same as the first time except the number is now [324].




SDFix: Version 1.179
Run by Administrator on Sat 05/03/2008 at 08:05 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Name :
cmdService
Network Monitor
Path :
C:\WINDOWS\Q2hhc2UgUmlnZ2lucw\command.exe
C:\Program Files\Network Monitor\netmon.exe service
cmdService - Deleted
Network Monitor - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Program Files\CPV\CPV8.dll - Deleted
C:\Program Files\JavaCore\UnInstall.exe - Deleted
C:\Program Files\nvcoi\mst.stt - Deleted
C:\Program Files\Common Files\Yazzle1560OinAdmin.exe - Deleted
C:\WINDOWS\b138.exe - Deleted
C:\WINDOWS\mrofinu1001186.exe - Deleted
C:\Program Files\.autoreg - Deleted
C:\WINDOWS\system32\service.exe - Deleted

Folder C:\Program Files\CPV - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Program Files\nvcoi - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed

Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 20:11:23
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwEnumerateValueKey, ZwOpenFile, ZwQueryDirectoryFile, ZwQuerySystemInformation
scanning hidden processes ...
C:\WINDOWS\system32\VT100.EXE [2444] 0x86C0CAB8
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:e8,28,65,90,59,dc,4b,a3,a7,b2,a6,cc,b5 ,b4,f8,c5,4a,16,95,10,56,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\s ptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:e8,28,65,90,59,dc,4b,a3,a7,b2,a6,cc,b5 ,b4,f8,c5,4a,16,95,10,56,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VT100 Emulator"="C:\WINDOWS\system32\VT100.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="C6744587220C47EA FC236202761881A8D349D2541850D45BE86E63FED647EACE73 22586C5AE583DC0D929BDCFEBC9E127BECC74CFEBC9E127BEC C74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC7 4CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794 8EDD5E5BE2F6E667BA7FD869164D6794BD962AEBEFFC6C7D05 FB750D1350CF7B484EA9F98B88ADA780D936E3511807E0DE14 1F8ABF26DB5930F00525DA1FDE83133D0058F269708EF81AC8 3A8A9873F77EF92DEB98BA6CA690B45AC01332F01CD9AB7772 469FEA3491770C650CE0A5EB06B03805BE152F4D893D3F2608 B98ECF9F355D7F82D5B8DF88D6F22E9EB66CEA8F06F8CD6533 CCFB335E509E7F0E51EC985A53BA175C8A24CF01C2618001AF 616A2B7A43B8B67D215A537E7730A96A042E7C506368A626D1 10A017CBE14EE6871B349C675565107480BA8E81C22D9B6CFE E49CBA4E4D6180A148DF44E7CFA052571D923C4EA9E66E5996 1815D8D83D41DB3D5708140BA80C93E9DE20AA58FC7E0DC2E5 CBA911784C4E4D89888516B9DD4A1770957AC07E14A9602BBB B863318D5BE4EF23604E4E8DFAA9A2BC4DEC11E704E2AFB2B5 71F5F9D8E5AEF6120B084394A962D262B5887AAF59F890AD0F D64276FAAD326DC636664C9C2A362D93DDA6409A3FEE8EC2D6 99F06FF4EB954E301A4319D8E93D8A7CC3E2882E5F715F2305 9A25E0903E128139F8E2D3B665A1DA5BBF5D7235B62E9941AE 91A25F3C785EED939B70D43AE6E1E9328CA45FF6A2A438F4CA 11715C447052F50441255F0B28B5CDB1705B3F25E580BD2CCD 571412F12822C81E02A6867B2E33901B251F68ADF32182B148 81D8129871E20815FC52B8E4B6A256CE024F44CF16CB905734 8531061989DCC5A52F798C54B85F11E26A066CD9084C41CD9F 6D76002E59B54C7A070B752A6F8046F9C8FD2396B4C9ED84F6 01648C66475E1A2A2509930140098598E82929372871AD3D53 4FCBBD4038F0C0296327DDD47B86C22378BC65FBFD86E3C4DC 2ED9F12866A8347C0B02FA52A0A9AC9933C0E0E1D2947B504F B9EFB582790DEAC84D9562E1F21003695F833EAB8D1D7B716F E4C00D8DFCC1D004272B237F71E26A5E51878115156F620666 F2CC5ACAB303A25FBDEAB3BBB2AF9F32D1352D6588E6ABE4F7 4A9D3A04547AB65C6394CC9D71E0D4EE421F8E3EBC3BA30EA8 D1A254F82B1505E6AEB8338096885871D47BCC260A49E08FFB 10342A5A94B693CD24703D22A9F4257F0EA68E85F53A1FC377 06724E4A93730B1F1493D2209BAD172A3EB5ADF08077D878BA 88C99E4A35A0204308B5E4FB321FE017F24FE4FCD4B6384F47 3EBAD6731B817FDCB6A1C125411EB10097AA81B1A1B9A728CF 088E0A49986B3C965B1A5236EE39DD76A550808A5AB2D42334 7FFE0FD7E1F9A530FA7081548EC0CD2C"
"OOCC06.00.00.01WSSV"="52EA89E51D70B09DF9BEC8A1818 2467363CCAEF92A7DC42727722C0A05EC99CB18AED3D25621F 6EF96AAD5D37B7671C3354745B17132F7452CC1AFEBB5ED8CF EA1E58AA17111D9D5B7CF666D745913E5F63F7A4404F722F70 17A7BF4F5BC2976133EC7249D4DD482DE44596D09F17811A85 313830B6F87964161DA661C7148C849C67AAC018772EF45816 25ACAA905BA7F06294427597EB94024E78874C8D6525375E51 4B2935558D5E4093CC18EADA3E2BDA7E06B9EF2BF83CF18A43 FA0D332F0A0A035416BB2BD302FAB1FE5537D4A714450B55DC 7E2CCC25A2F8A31FD55C91B0794EFAEAA5363A8FEBC9E127BE CC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC 74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC793 3BA7FD869164D6794A6A0AC4980AC7933FEBC9E127BECC74C0 8854141FC63C28C4D64317C1955FA91AB1BC1A96EC8BC23F7A 325E2A9B02F41DA042E65674DED96C77CDD7AE9F11B53FCFAF 53666AF7BCB14E521835DC1A4ED28B22A00884BBD8986503F2 7506CCB60715F4BD1DDA0130C723B5D82ABEE7FB5BBCE9AFD3 A6BAC139D42CABBC006E9C287706A21022FE16E183051909BC 241BB44EA6B3E7C4C7A1685897E645315163C9FA980BF23870 83071A4FB55585D285CD56C0B15F2232B281C3159C3C581334 0015ABD3AB9E6EBBECA4E5EEBAF723DA4E80E6B4AE63705161 F18DDEDF74969F353A6D5925EA0B6C1D8B6FEE3964949D4565 C829BC366135C34F094EC6F7C2735A40804BFCE195410B0396 7BFA1BC5AE2DE394DB6199F24ADE341093BD4C2989265C683A A6DCBF5374C86A4F50D3B4378A6DA49429AE7CCF19B654BCC7 65336D06C069333C0C713778A25C77338C91A73B34B78D3215 763C2A98BED06C27D3565F2B77B29712E61442E6C6795247E3 865F2E76278A79A82ED44B689BD512092FC952482544DB5E0C 65D091E30F9053D92B16390AFCDF18AF702BD3A4358318E765 766F46DC629D15C227C8709029C8976A542936ED8AF1D95614 A1ED7B63BADE61B6FA42374653894EA1BC6DC2E97C4BCE45EF C1C2FBFA1B1C15D592EEB5B3714AB03E4180F5D5E358B0D815 98F5ED748E9E5E2945D1B456B674714F19EC0377BB6370FE07 51852B4B8D060235C6DF12D96DAE02914537515FA307A3E96B 280C9CDF97F88A82FE2410DB5114FF1D185B6AC92151C260C6 4B48712BAA5C08AA265E489978D4F50A73B086146E94DAE476 154B6A1268BFE8B057FBD0A2C2EB37AE4577A3CE0B3BF77368 A4C357291BDB2DF1846AE74E0F625F4B7531F4A93B12112603 454684151717B5C43175A06C70516E7916625E555AF2766CAB 5EEC99877EEA3F14D7E0DF07588A7E6AA0A952EC01E96BEF54 DFD8DEDF1296F0D78CD91A1AD25C59972CB9C290B79ABAFDCC E62AB455D4891F33129E9"
scanning hidden files ...

scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 0

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
"H:\\Poison Ivy\\Poison Ivy 2.3.0.exe"="H:\\Poison Ivy\\Poison Ivy 2.3.0.exe:*:Enabled:Poison Ivy 2.3.0"
"C:\\Documents and Settings\\Administrator\\Desktop\\Shark 2.4\\sharK.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Shark 2.4\\sharK.exe:*:Enabled:sharK 2.4.0 Fwb+"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjou r"
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe:*:Enabled:Adob e Version Cue CS3 Server"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS \\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS \\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Prog ram Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled: Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"="C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe:*:Enabled:World in Conflict"
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"="C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe:*:Enabled:World in Conflict - Online Only"
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"="C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe:*:Enabled:World in Conflict - Dedicated Server"
"C:\\Documents and Settings\\Administrator\\Desktop\\Poison Ivy 2.3.2.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Poison Ivy 2.3.2.exe:*:Enabled:Poison Ivy Remote Administration"
"C:\\Documents and Settings\\Administrator\\Desktop\\Poison Ivy 2.3.2\\Poison Ivy 2.3.2.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Poison Ivy 2.3.2\\Poison Ivy 2.3.2.exe:*:Enabled:Poison Ivy Remote Administration"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:UT3"
"C:\\Documents and Settings\\Administrator\\Desktop\\Shark 3\\sharK.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Shark 3\\sharK.exe:*:Enabled:sharK 3.0.0"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\Administrator\\Desktop\\Hav RAT 1.3.2\\HR1.3.2.exe"="C:\\Documents and Settings\\Administrator\\Desktop\\Hav RAT 1.3.2\\HR1.3.2.exe:*:Enabled:Hav-Rat by Havalito."
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\service.exe"="C:\\WINDOWS\ \system32\\service.exe:*:Enabled:service"
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"="C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe:*:Enabled:InstallShield (R) Setup Engine"
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\garrysmod\\hl 2.exe"="C:\\Program Files\\Steam\\SteamApps\\obsidian44\\garrysmod\\hl 2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\obsidian44\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\obsidian44\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"="C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe:*:Enabled:Gears of War"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Mon 24 Mar 2008 379 ...H. --- "C:\Boot.BAK"
Mon 19 Nov 2007 23 A.SH. --- "C:\WINDOWS\system32\cbdabdeeac_r.dll"
Mon 19 Nov 2007 5 A.SH. --- "C:\WINDOWS\system32\fbbcaee6_d.dll"
Mon 24 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 9 Feb 2008 10,737 ...HR --- "C:\Documents and Settings\Administrator\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!


ComboFix 08-05-01.3 - Administrator 2008-05-03 20:32:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1348 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\qiqr
C:\Program Files\Common Files\qiqr\qiqra.exe
C:\Program Files\Common Files\qiqr\qiqra.lck
C:\Program Files\Common Files\qiqr\qiqrd\class-barrel
C:\Program Files\Common Files\qiqr\qiqrl.exe
C:\Program Files\Common Files\qiqr\qiqrl.lck
C:\Program Files\Common Files\qiqr\qiqrm.lck
C:\Program Files\Common Files\qiqr\qiqrp.exe
C:\WINDOWS\qiqr
C:\WINDOWS\qiqr\qiqr.dat
C:\WINDOWS\qiqr\wu
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\tsuninst.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
2008-05-03 20:03 . 2008-05-03 20:03 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-03 19:56 . 2008-05-03 20:14 <DIR> d-------- C:\SDFix
2008-05-03 16:08 . 2007-12-04 16:44 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-03 13:36 . 2008-05-03 13:56 7,168 --ah----- C:\WINDOWS\system32\taskmgr.suo
2008-05-03 13:36 . 2008-05-03 13:36 609 --a------ C:\WINDOWS\system32\taskmgr.sln
2008-05-03 00:55 . 2008-05-03 20:10 104,960 --a------ C:\WINDOWS\system32\VT100.EXE
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 10:39 . 2008-05-02 10:39 <DIR> d-------- C:\Program Files\Veoh Networks
2008-04-25 17:53 . 2008-04-25 17:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Microsoft Games
2008-04-24 17:33 . 2008-04-24 17:33 <DIR> d-------- C:\Program Files\iPod
2008-04-16 20:38 . 2008-04-16 20:38 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-16 18:55 . 2008-04-16 19:47 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-16 18:55 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-16 18:55 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-11 19:10 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:09 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:09 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:08 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\Common Files\T?sks
2008-04-11 19:08 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:07 . 2007-11-10 12:26 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 19:07 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2008-04-11 19:06 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:06 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:05 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:05 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\system32\çasks
2008-04-11 19:04 . 2008-04-11 23:01 <DIR> d-------- C:\WINDOWS\Q2hhc2UgUmlnZ2lucw
2008-04-11 19:04 . 2008-04-24 17:29 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-04-24 17:29 <DIR> d---s---- C:\WINDOWS\Tasks
2008-04-11 19:04 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:04 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:04 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\WINDOWS\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2008-04-11 19:03 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-05-03 20:32 <DIR> d-------- C:\WINDOWS\system32
2008-04-11 19:03 . 2008-03-25 18:08 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\Common Files\?ystem32
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Program Files\a?sembly
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\àppPatch
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem
2008-04-11 19:03 . 2008-04-11 19:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ystem32
2008-04-11 19:03 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:03 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:03 . 2008-04-11 18:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\S?mantec
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ystem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\system32\?ecurity
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 19:02 . 2007-10-22 19:07 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-11 19:02 . 2008-04-11 19:01 <DIR> d-------- C:\WINDOWS\M?crosoft
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Program Files\Common Files\M?crosoft.NET
2008-04-11 19:02 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\T?sks
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?mbols
2008-04-11 19:02 . 2008-04-11 19:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET
2008-04-11 19:02 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:02 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:01 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:01 . 2008-04-11 19:06 <DIR> d-------- C:\Program Files\A?pPatch
2008-04-11 19:01 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\s?mbols
2008-04-11 19:01 . 2008-04-11 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\M?crosoft.NET
2008-04-11 19:01 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\çasks
2008-04-11 19:00 . 2008-04-11 19:02 <DIR> d-------- C:\WINDOWS\çasks
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\àppPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\W?nSxS
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\M?crosoft
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\A?pPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?ssembly
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\?ymantec
2008-04-11 19:00 . 2008-04-11 19:01 <DIR> d-------- C:\Program Files\?racle
2008-04-11 19:00 . 2008-04-11 19:09 <DIR> d-------- C:\Program Files\?icrosoft
2008-04-11 19:00 . 2008-03-06 17:51 <DIR> d-------- C:\Program Files\Adobe
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\S?mantec
2008-04-11 19:00 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?curity
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?stem32
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\s?curity
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\A?pPatch
2008-04-11 19:00 . 2008-04-11 19:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\?ymantec
2008-04-11 19:00 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 19:00 . 2008-04-30 22:47 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\T?sks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\s?mbols
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\M?crosoft.NET
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2008-04-11 18:59 . 2008-04-12 14:24 <DIR> d-------- C:\WINDOWS\security
2008-04-11 18:59 . 2008-01-31 20:40 <DIR> dr--s---- C:\WINDOWS\Fonts
2008-04-11 18:59 . 2008-03-24 15:06 <DIR> d-------- C:\WINDOWS\AppPatch
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\WINDOWS\?racle
2008-04-11 18:59 . 2008-04-27 14:41 <DIR> dr--s---- C:\WINDOWS\assembly
2008-04-11 18:59 . 2008-01-31 20:33 <DIR> d-------- C:\WINDOWS\symbols
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\çasks
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\S?mantec
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?curity
2008-04-11 18:59 . 2007-11-10 12:26 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\s?curity
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\Common Files\a?sembly
2008-04-11 18:59 . 2007-11-10 12:26 <DIR> d-------- C:\Program Files\Common Files\System
2008-04-11 18:59 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\?icrosoft.NET
2008-04-11 18:59 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\Common Files\çasks
2008-04-11 18:59 . 2008-04-11 18:58 <DIR> d-------- C:\Program Files\Common Files\s?mbols
2008-04-11 18:59 . 2008-04-11 18:57 <DIR> d-------- C:\Program Files\Common Files\M?crosoft
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\?ssembly
2008-04-11 18:59 . 2008-04-11 19:00 <DIR> d-------- C:\Program Files\àppPatch
2008-04-11 18:59 . 2008-01-31 20:43 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Program Files\s?stem32
2008-04-11 18:59 . 2008-04-11 18:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\çasks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-05-04 01:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-05-04 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-05-04 01:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\VMware
2008-05-04 00:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-05-02 15:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 00:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-27 19:41 22,328 ----a-w C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2008-04-27 05:29 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 22:33 --------- d-----w C:\Program Files\iTunes
2008-04-24 22:32 --------- d-----w C:\Program Files\QuickTime
2008-04-13 05:32 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2008-04-09 23:33 --------- d-----w C:\Program Files\Wireshark
2008-04-09 23:33 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-04-09 23:28 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-04-09 23:19 --------- d-----w C:\Program Files\BurnInTest
2008-04-09 23:10 --------- d-----w C:\Program Files\AC3Filter
2008-04-09 02:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-29 18:43 880,640 ----a-w C:\WINDOWS\iun6002.exe
2008-03-29 18:43 --------- d-----w C:\Program Files\FireTune
2008-03-24 19:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-24 17:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2008-03-17 16:17 --------- d-----w C:\Program Files\AudioShell
2008-03-17 16:12 --------- d-----w C:\Program Files\TagRename
2008-03-17 16:09 --------- d-----w C:\Program Files\Abdio
2008-03-17 16:06 --------- d-----w C:\Program Files\Hexprobe
2008-03-09 22:26 573,440 ----a-w C:\WINDOWS\AJScreensaver.scr
2008-03-09 17:17 --------- d--h--w C:\Documents and Settings\Administrator\Application Data\FVSTemp
2008-03-09 16:52 --------- d-----w C:\Program Files\Electronic Arts
2008-03-09 16:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-03-07 13:24 97,216 ----a-w C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-03-07 02:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-18 16:39 524,288 ----a-w C:\WINDOWS\opuc.dll
2008-02-16 00:00 984,576 ----a-w C:\Documents and Settings\Administrator\Application Data\kernel33.dll
2004-09-28 01:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS
2007-11-20 02:46 23 --sha-w C:\WINDOWS\system32\cbdabdeeac_r.dll
2007-11-20 02:35 5 --sha-w C:\WINDOWS\system32\fbbcaee6_d.dll
.
------- Sigcheck -------
2007-11-25 15:41 502272 6225f14b8ce08ccba8b25ad27843c674 C:\WINDOWS\system32\winlogon.exe
2007-06-13 05:23 1043968 f8655f96b0ef9116738ec1092dc4a381 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1076736 a0ac0caf7f1f16ca295d5f9e5a18ff23 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1043968 4b39cd60a0bf8cd65946cfef65914f82 C:\WINDOWS\system32\dllcache\explorer.exe
2004-08-12 08:18 26112 dd545714c04b6f169de685be1462d95d C:\WINDOWS\system32\ctfmon.exe
2004-08-12 08:18 26112 7486b56961ef60d6be46d97129a96b27 C:\WINDOWS\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ic onOverlayHandlerAccessible]
@={3DBF5F01-3287-46EB-82CF-45AA5C241162}
[HKEY_CLASSES_ROOT\CLSID\{3DBF5F01-3287-46EB-82CF-45AA5C241162}]
2008-02-02 18:04 380472 --a------ C:\WINDOWS\system32\pgpfsshl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe" [2007-11-07 18:30 67128]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 14:31 22880040]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18 26112]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 16:27 455968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-07 13:19 50528]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-03-07 05:26 1694656]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-26 19:49 160592]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1704960]
"Steam"="c:\program files\steam\steam.exe" [2008-04-06 11:21 1271032]
"qiqr"="C:\PROGRA~1\COMMON~1\qiqr\qiqrm.exe" [ ]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-18 14:30 3640368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-28 17:52 8531968]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 10:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 10:26 55856]
"Maplom"="C:\Program Files\SlySoft\Game Jackal\GameJackal.exe" [2008-02-15 16:18 5224384]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2008-04-05 17:16 6731312]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 425984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [2008-05-03 20:36 50688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
"WinodwsUpdate"="service.exe" []
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe [2007-10-22 20:07:44 1007616]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe [2007-11-07 18:30:11 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-10-29 18:15:17 704512]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{3EAF9D5B-B0E8-4344-94E7-B27EB6C1B87B}\Icon6560581611.exe [2008-02-23 13:42:22 98816]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 129536]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=PGPmapih.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Gear Help]
--a------ 2006-07-27 20:39 429568 C:\Program Files\ASUS\Ai Gear\GearHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Nap]
--a------ 2006-11-30 11:23 1464832 C:\Program Files\ASUS\Ai Nap\AiNap.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files\GameSpy\Comrade\Comrade.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--------- 2005-12-12 09:36 221184 C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
--------- 2006-01-08 21:43 65628 C:\Program Files\Creative\Shared Files\CTSched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 1999-10-10 12:00 52736 C:\WINDOWS\CTRegRun.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 10:46 31232 C:\WINDOWS\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 11:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Ai Booster]
--a------ 2006-12-08 15:24 3760640 C:\Program Files\ASUS\AI Booster\OverClk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LcdStudio]
C:\Program Files\LcdStudio\LcdStudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1704960 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]
--a------ 2006-07-10 22:10 213504 C:\WINDOWS\system32\nvraidservice.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 03:08 2512392 C:\WINDOWS\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 425984 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 11:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SharK]
C:\WINDOWS\system32\The sharK Project.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 299008 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinodwsUpdate]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessen ger.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_online.exe"=
"C:\\Program Files\\Sierra Entertainment\\World In Conflict\\wic_ds.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Common Files\\InstallShield\\Engine\\6\\Intel 32\\IKernel.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\garrysmod\\hl 2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\obsidian44\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotc ore3.sys [2007-04-27 17:25]
R0 pgpfs;PGP File Sharing;C:\WINDOWS\system32\Drivers\PGPfsfd.sys [2008-02-02 18:04]
R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2008-02-02 18:05]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\orea ns32.sys [2008-02-17 17:22]
R2 DoublePasswordSvcoublePasswordSvc;C:\Program Files\Double Password\DblPswService.exe [2006-05-11 05:45]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdis k.sys [2008-02-02 18:04]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Driv ers\PGPsdk.sys [2008-02-02 18:04]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R2 SRTSERVERDAEMON;Titan FTP Server Daemon;"C:\WINDOWS\system32\srxTitan.exe" [2007-08-07 13:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\Maplom L.sys [2008-02-15 12:34]
S2 Abel;Abel;C:\Program Files\Cain\Abel.exe []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 15:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2008-01-28 13:13]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.s ys [2006-06-23 10:35]
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B1B5B04F-A20B-A6E0-E050-F0F00BCD201C}]
C:\WINDOWS\system32\My_Server.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 12:43:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 22:27:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-18 23:27:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
************************************************** ************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-03 20:35:27
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwOpenFile
scanning hidden processes ...
C:\WINDOWS\system32\VT100.EXE [4616] 0x86A93DA0
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VT100 Emulator = C:\WINDOWS\system32\VT100.EXE
runner1 = C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\run]
"VT100 Emulator"="C:\\WINDOWS\\system32\\VT100.EXE"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Double Password\dblpsw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\Temp\DILA.tmp
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\WINDOWS\mrofinu1001186.exexe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Completion time: 2008-05-03 20:37:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-04 01:37:31
Pre-Run: 9,314,119,680 bytes free
Post-Run: 8,879,292,416 bytes free
446 --- E O F --- 2008-04-09 03:19:36

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:17 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Double Password\DblPswService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\SlySoft\Game Jackal\GameJackal.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\steam\steam.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\vsjitdebugger.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\srxTitan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dl l
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Maplom] C:\Program Files\SlySoft\Game Jackal\GameJackal.exe /silent
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [WinodwsUpdate] service.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [qiqr] C:\PROGRA~1\COMMON~1\qiqr\qiqrm.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-18\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrob