icons task bar all keep disapperaing then appearing please help

N

nawaffawaz

New member
have ie7 and windows xp 512 ram pentium 4 3.19 ghz
i have a broadband connection of 1mbps. This is share with others and i also have a wireless connection to my laptop.
Recently i went on vacation. During that time the modem turned off so my neighbour who is sharing my net connection came to turn on the modem. However when i returned i noticed my computer was also used and all my connections and my computer skewed up.
Now i can access the net can chat etc . but the pages are running VERY slowly, sometimes they dont even open up, or some parts of the page arent being displayed, I get the "Page cannot be displayed" ALOT, often need to refresh the page 5+ times for it to fully load, videos I stream online wont run until I've refreshed alot of times. Alot of sites I've completely given up on just because they dont work at my pace especially hotmail .
I thought it was a connection problem since sometimes it works reasonably weel and sometimes it is dead slow. But now when i use the laptop simultaneously i dont see the problem on the laptop. The pages open on the laptop in a jiffy. Thus i know the problem is my computer and not the connection
I have done virus scan trojan scan spyware etc nothing is found there can someone please help me restore my internet connection to its old speed. I tried tcp optimizer etc. BUt i dont know what i should be really doing.
I really in need of the internet connection since i have to submit my modules for a course on june 21 st and i am unable to search any information for this purpose quickly.\
PLEASE if anybody out there can help please help.
while i was trying to fix that as i was slowing surfing sudddenly all the desktop icons start menu task bar everything disappeared dont know if both the problems are connected. after googling i found out it was due to explorer.exe, since when i press CTRL aLt Del and stop explorer.exe then put new task and restart the task the icons reappear however they dont stay like that they disappear then appear and keeps doing that . Please help me bring my computer back to normal. Thanks alot
THANKS IN ADVANCE
 
Can anyone help i uninstalled norton still no solution i cant do much with the pc if the icons and taskbar disaapear

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:29 AM, on 6/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Program Files\Athan\Athan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=
O1 - Hosts: 64.4.26.249 by112w.bay112.mail.live.com
O1 - Hosts: 65.54.152.126 www.msn.com
O1 - Hosts: 84.235.120.56 84.235.120.56
O1 - Hosts: 65.242.27.33 view.atdmt.com
O1 - Hosts: 72.20.34.145 search.utorrent.com
O1 - Hosts: 74.125.39.164 pagead2.googlesyndication.com
O1 - Hosts: 208.71.112.30 isohunt.com
O1 - Hosts: 76.13.218.11 adserving.cpxinteractive.com
O1 - Hosts: 76.13.218.11 ad.directaclick.com
O1 - Hosts: 65.39.72.142 www.spyfu.com
O1 - Hosts: 207.46.73.64 in.msn.com
O1 - Hosts: 74.125.39.147 www.google.com
O1 - Hosts: 208.70.88.55 www.broadcom.com
O1 - Hosts: 203.27.235.60 infinity.icicibank.co.in
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Athan] D:\Program Files\Athan\Athan.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161338040585
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 8099 bytes
 
Hi

Start hjt, do a system scan, check:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=
O1 - Hosts: 64.4.26.249 by112w.bay112.mail.live.com
O1 - Hosts: 65.54.152.126 www.msn.com
O1 - Hosts: 84.235.120.56 84.235.120.56
O1 - Hosts: 65.242.27.33 view.atdmt.com
O1 - Hosts: 72.20.34.145 search.utorrent.com
O1 - Hosts: 74.125.39.164 pagead2.googlesyndication.com
O1 - Hosts: 208.71.112.30 isohunt.com
O1 - Hosts: 76.13.218.11 adserving.cpxinteractive.com
O1 - Hosts: 76.13.218.11 ad.directaclick.com
O1 - Hosts: 65.39.72.142 www.spyfu.com
O1 - Hosts: 207.46.73.64 in.msn.com
O1 - Hosts: 74.125.39.147 www.google.com
O1 - Hosts: 208.70.88.55 www.broadcom.com
O1 - Hosts: 203.27.235.60 infinity.icicibank.co.in

Close browsers and other windows. Click fix checked.


Reboot the system.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


Do also Kaspersky scan (full) and post back its report.
 
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; LaDeckard's System Scanner v20071014.68
Run by FAWAZ & NAWAF on 2008-06-06 16:41:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-06-06 13:41:34 UTC - RP21 - Deckard's System Scanner Restore Point
5: 2008-06-06 12:27:22 UTC - RP20 - Installed HiYo.
4: 2008-06-06 09:51:29 UTC - RP19 - ComboFix created restore point
3: 2008-06-05 05:02:49 UTC - RP18 - Installed BitDefender Total Security 2008
2: 2008-06-05 04:56:10 UTC - RP17 - Removed BitDefender Total Security 2008


-- First Restore Point --
1: 2008-06-04 19:01:27 UTC - RP16 - Installed BitDefender Total Security 2008


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as FAWAZ & NAWAF.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:34 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Free User\Desktop\dss.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\PROGRA~1\HIJACK~1\FAWAZ & NAWAF.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - d:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Athan] D:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP Premium\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161338040585
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - d:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - d:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10060 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20070730-094234-163 R3 - URLSearchHook: (no name) - - (no file)
backup-20070730-094234-860 O4 - HKLM\..\Run: [copy bin slow 16] C:\Documents and Settings\All Users\Application Data\Send acid copy bin\vc dead.exe
backup-20070730-094234-255 O4 - HKLM\..\Run: [Load Bait Coal 16] C:\Documents and Settings\All Users\Application Data\Plus Platform 16 Send\Help Eq Tons.exe
backup-20070730-094234-892 O4 - HKCU\..\Run: [WindowBoob] C:\DOCUME~1\FREEUS~1\APPLIC~1\LOGOWA~1\ArmyKeep.exe
backup-20070731-062943-372 R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
backup-20080120-200335-730 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
backup-20080120-200335-647 F2 - REG:system.ini: Shell=explorer.exe C:\windows\system32\iexplore.exe
backup-20080120-200335-427 O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
backup-20080120-200335-822 O8 - Extra context menu item: &Search - ?p=ZC
backup-20080120-200335-636 O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
backup-20080120-200335-459 O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.kumudam.com/wfplayer/tdserver.cab
backup-20080120-200335-942 O24 - Desktop Component 1: (no name) - (no file)
backup-20080603-101049-937 O1 - Hosts: 8.14.147.111 www.crackserialkeygen.com
backup-20080603-101121-895 O1 - Hosts: 69.55.50.102 www.downloadwarez.org
backup-20080603-101121-290 O1 - Hosts: 209.85.141.118 mybeatifulcervix.googlepages.com
backup-20080603-101121-105 O1 - Hosts: 209.85.141.118 mybeautifulcervix.googlepages.com
backup-20080606-124115-207 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080606-124115-750 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080606-124115-530 O2 - BHO: (no name) - {3AA3B177-3486-4DF6-8E1E-DB81D30BB526} - (no file)
backup-20080606-124115-925 O2 - BHO: (no name) - {3B4D69F3-B6DA-4949-ABD6-D12305A49BAF} - (no file)
backup-20080606-124115-740 O2 - BHO: (no name) - {62672C81-2094-4E80-9828-57D5DB54B5FF} - (no file)
backup-20080606-124115-562 O2 - BHO: (no name) - {D0D16626-3640-4732-B508-F25D506535D2} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 vcdrom (Virtual CD-ROM Device Driver) - c:\windows\system32\drivers\vcdrom.sys <Not Verified; Microsoft Corporation; VirtualCdRom>

S3 BDSelfPr - d:\program files\bitdefender\bitdefender 2008\bdselfpr.sys <Not Verified; BitDefender S.R.L.; BitDefender>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home>
S4 RichVideo (Cyberlink RichVideo Service(CRVS)) - "d:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1117367&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1117367&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 06:10:36 270 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-06-03 06:10:34 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-06-06 15:27:39 0 d-------- C:\Documents and Settings\Free User\Application Data\HiYo
2008-06-06 15:27:29 0 d-------- C:\Program Files\HiYo
2008-06-06 15:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\HiYo
2008-06-05 08:03:40 0 d-------- C:\Documents and Settings\Free User\Application Data\BitDefender
2008-06-05 08:03:02 0 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-04 20:26:49 0 d-------- C:\Program Files\Common Files\BitDefender
2008-06-04 20:05:31 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-06-04 20:04:45 0 d-------- C:\Program Files\BitDefender
2008-06-04 19:41:40 0 d-------- C:\cmdcons
2008-06-04 19:40:50 68096 --a------ C:\WINDOWS\zip.exe
2008-06-04 19:40:50 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-04 19:40:50 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-04 19:40:50 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-04 19:40:50 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-04 19:40:50 98816 --a------ C:\WINDOWS\sed.exe
2008-06-04 19:40:50 80412 --a------ C:\WINDOWS\grep.exe
2008-06-04 19:40:50 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-04 17:59:42 20574208 --a------ C:\Documents and Settings\Free User\NTUSER.DAT
2008-06-04 13:07:49 0 d-------- C:\Documents and Settings\Free User\Application Data\PC Tools
2008-06-04 08:56:56 0 d-------- C:\HostsXpert
2008-06-03 19:04:53 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-03 19:04:42 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-03 19:04:42 0 d-------- C:\Documents and Settings\Free User\Application Data\SUPERAntiSpyware.com
2008-06-03 19:04:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 18:32:25 0 d-------- C:\VundoFix Backups
2008-06-03 10:56:53 0 d-------- C:\Program Files\Registry Distiller 1.03
2008-06-03 07:04:31 0 d-------- C:\Program Files\Panda Security
2008-06-02 17:22:08 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 10:53:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-06-01 18:23:14 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-01 11:44:59 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-01 11:44:40 0 d-------- C:\Documents and Settings\Free User\Application Data\Mozilla
2008-05-15 22:50:01 0 d-------- C:\Program Files\Disney Interactive
2008-05-14 07:28:57 0 d-------- C:\WINDOWS\system32\Adobe


-- Find3M Report ---------------------------------------------------------------

2008-06-04 21:34:00 174520 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-27 18:53:58 23552 --a------ C:\WINDOWS\xobglu32.dll
2008-03-27 18:53:58 63488 --a------ C:\WINDOWS\xobglu16.dll
2008-03-26 11:36:58 676224 --a------ C:\WINDOWS\system32\ogacheckcontrol.dll
2008-03-22 15:49:40 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-15 17:16:50 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan"="D:\Program Files\Athan\Athan.exe" [09/12/2005 03:04 AM]
"BitDefender Antiphishing Helper"="D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [08/27/2007 03:24 PM]
"BDAgent"="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [10/01/2007 03:23 PM]
"HiYo"="C:\Program Files\HiYo\bin\HiYo.exe" [05/21/2008 12:19 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [03/16/2008 07:41 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [12/31/2002 12:00 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [03/16/2008 09:39 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSharedDocuments"=1 (0x1)
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Free User^Start Menu^Programs^Startup^MR Tech Systray.lnk]
backup=C:\WINDOWS\pss\MR Tech Systray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Free User^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"d:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AttuneClientEngine]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Globe7]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"d:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOTFOON2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
D:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"d:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp4 Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quran_AR]
D:\Program Files\Quran_AR\Quran_AR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMASTER]
"d:\PROGRA~1\TWEAKM~1\TMTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherBug]
C:\Program Files\AWS\WeatherBug\WeatherBug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yoomba]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"Adobe Photo Downloader"="d:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx scan


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07418128-8a65-11db-80b1-0002e356b9ca}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0981b918-798e-11db-808a-0002e356b9ca}]
Auto\command- rejoice101.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice101.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{676c9938-6a68-11db-805f-0002e356b9ca}]
AutoRun\command- I:\LaunchU3.exe -a




-- Hosts -----------------------------------------------------------------------

127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com


-- End of Deckard's System Scanner: finished at 2008-06-06 16:44:07 ------------

nguage: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 503.43 MiB / 205 MiB
Pagefile Memory (total/avail): 1983.82 MiB / 1751.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.62 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 23.89 GiB total, 13.17 GiB free.
D: is Fixed (NTFS) - 24.94 GiB total, 14.81 GiB free.
E: is Fixed (NTFS) - 25.69 GiB total, 24.87 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-00MSA1 - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 23.9 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 50.63 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Bitdefender Firewall v8.0 (BitDefender) Disabled
AV: Bitdefender Antivirus v8.0 (BitDefender) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IncrediMail\\BIN\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\BIN\\ImpCnt.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"="D:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\Custom Content Manager\\CCM.exe"="C:\\Program Files\\Custom Content Manager\\CCM.exe:*:Disabled:CCM"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\IncrediMail\\BIN\\IncrediMail_Install.exe"="C:\\Program Files\\IncrediMail\\BIN\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="D:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="D:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"="d:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Free User\Application Data
CLASSPATH=.;d:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FSNWR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Free User
LOGONSERVER=\\FSNWR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\program files\common files\ulead systems\mpeg;c:\program files\common files\ulead systems\dvd;c:\windows\system32\windowspowershell\v1.0;d:\Program Files\QuickTime\QTSystem;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=d:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\FREEUS~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\FREEUS~1\LOCALS~1\Temp
USERDOMAIN=FSNWR
USERNAME=FAWAZ & NAWAF
USERPROFILE=C:\Documents and Settings\Free User
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Free User (admin)

Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> d:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> D:\Program Files\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ace Utilities --> "d:\Program Files\Ace Utilities\uninstall.exe"
Ad Banner Remover --> MsiExec.exe /I{A241D17B-89D4-4380-8088-CE05F5736091}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "d:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Attune 2.3.2 --> MsiExec.exe /I{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}
AVG Anti-Spyware 7.5 --> d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Baby2Computer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3A94238-DDCB-48F9-906C-8CB0E218638A}\Setup.exe"
Backgammon Classic 3.1 --> "D:\Program Files\Backgammon Classic\unins000.exe"
Bilal Prayer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{1D8D708C-2C2E-4686-BC57-C55BFF536A1F}
BitDefender Total Security 2008 --> MsiExec.exe /I{DB368901-C41E-4D86-9809-E0EE635A6939}
Bookworm Adventures Deluxe --> D:\PROGRA~1\GAMEHO~1\BOOKWO~1\UNWISE.EXE /U D:\PROGRA~1\GAMEHO~1\BOOKWO~1\INSTALL.LOG
Broadcom Management Programs --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom NetXtreme Ethernet Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner (remove only) --> "d:\Program Files\CCleaner\uninst.exe"
Chikka (3.0.58) --> C:\PROGRA~1\CHIKKA\UNWISE.EXE C:\PROGRA~1\CHIKKA\INSTALL.LOG
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
CorelDRAW 10 --> C:\WINDOWS\Corel\uninst32.exe
CorelDRAW 10 --> MsiExec.exe /I{9E50DEC9-081B-441F-B647-98DBEA8B01DD}
CrazyTalk for Skype --> C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Creative Live! Cam Vista IM Driver (1.01.03.1104) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0260.uns -unsext NT -plugin V0260Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Vista IM User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"d:\Program Files\Creative\Creative Live! Cam Vista IM\Creative Live! Cam Vista IM User's Guide\English\CTManual.isu"
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Disneys Digital Coloring Book Featuring Pooh --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~1\DeIsL1.isu
DivX Converter --> d:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> d:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> d:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> D:\PROGRA~1\DAPPRE~1\DAPREMOVE.EXE
Flash Movie Player 1.4 --> d:\Program Files\Flash Movie Player\uninst.exe
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Global Mapper 8 --> MsiExec.exe /X{C123ADD7-97EB-447D-88C8-95124C2A8F2E}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Earth Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x9 -removeonly
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Talk (remove only) --> "d:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.12.1 rev b (remove only) --> d:\Program Files\Common Files\GTK\2.0\uninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HiYo --> MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
HiYo --> MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUnInstallLog.log"
HouseCall 6.6 --> "C:\Documents and Settings\Free User\Application Data\HouseCall 6.6\uninstaller.exe"
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
IncrediMail JunkFilter Plus --> D:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail Xe --> D:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:IncrediMail /log:IncMail.log
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kcast Beta 2.0.0 --> C:\WINDOWS\iun6002.exe "d:\Program Files\Kitco\Kcast\unkcast.ini"
Kid Pix Studio Deluxe --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Kid Pix Studio Deluxe\Uninstall.xml"
Lernout & Hauspie TruVoice American English TTS Engine --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Little Bear Toddler --> d:\Program Files\The Learning Company\Little Bear Toddler\uninstal.exe
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Messenger Plus! Live --> "d:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Forefront Client Security Collection Server --> MsiExec.exe /X{A424F11B-321F-44B3-ABE3-DD070ED751B1}
Microsoft Forefront Client Security State Assessment Service --> MsiExec.exe /X{8C4A926C-4ED7-4972-91AA-D36D5F29537E}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007 --> MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs --> MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
MR Tech Systray 2.5.0 --> C:\Program Files\MR Tech Systray\UnInstMrSystray.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition --> MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Multimedia Player --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Quran Auto Reciter 1.7 --> C:\WINDOWS\iun6002.exe "D:\Program Files\Quran_AR\Quran_AR\irunin.ini"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Distiller --> "C:\Program Files\Registry Distiller 1.03\Uninstall.exe" "C:\Program Files\Registry Distiller 1.03\install.log" -u
SCRABBLE Deluxe --> D:\PROGRA~1\ZONE~1.COM\SCRABB~1\UNWISE.EXE D:\PROGRA~1\ZONE~1.COM\SCRABB~1\INSTALL.LOG
SCRABBLE® Interactive 2007 EDITION Uninstall --> d:\Program Files\UBISOFT\SCRABBLE® Interactive 2007 EDITION\uninstall.exe
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "d:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Spyware Doctor 5.5 --> d:\Program Files\Spyware Doctor\unins000.exe /LOG
Stories of The Prophets 1.5 --> "d:\Program Files\DivineIslam\Stories of The Prophets 1\unins000.exe"
Sun Clock 6.5 --> d:\Program Files\Map Maker\Sun Clock\Version 6\uninst.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Technical Support Web Controls --> MsiExec.exe /X{DDC63227-BA06-4855-B002-BDB49E9F677E}
SyncToy --> MsiExec.exe /I{E7887F0B-066C-4D26-AFD9-62B72CF24D9A}
TeamViewer 3 --> d:\Program Files\TeamViewer3\uninstall.exe
The Alim --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ISL Software Corporation\The Alim\DeIsL1.isu" -c"C:\Program Files\ISL Software Corporation\The Alim\_ISREG32.DLL"
The File Splitter 1.31 --> "d:\Program Files\The File Splitter 1.31\unins000.exe"
The Hadith Software Version 1.0 --> "D:\Program Files\Islamasoft Solutions\The Hadith Software\unins000.exe"
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
TrojanHunter 4.7 --> "d:\Program Files\TrojanHunter 4.7\unins000.exe"
TweakMASTER --> "d:\Program Files\TweakMASTER\unins000.exe"
Ulead Photo Explorer 8.0 SE Basic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}\Setup.exe" -l0x9
Unix Utilities for Yahoo! Widgets --> d:\Program Files\Yahoo!\Widgets\UnixUtils\uninstall.exe
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VideoLAN VLC media player 0.8.6d --> d:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Desktop Manager Powertoy for Windows XP --> MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
WaterLilyRipple Wallpaper --> C:\WINDOWS\WEB\Wallpaper\WaterLilyRipple dir\uninstall.exe
WeatherBug 7.0 --> C:\Program Files\AWS\WeatherBug\WeatherBug.exe Remove
Wheel Of Fortune --> C:\WINDOWS\IsUninst.exe -f"d:\program files\wheel\Uninst.isu"
Winamp --> "d:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Extras --> D:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger --> D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widgets --> d:\PROGRA~1\Yahoo!\Widgets\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type12049 / Warning
Event Submitted/Written: 06/06/2008 03:47:51 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: warning

Schedule has been paused too long (5 seconds); automatically re-enabling the schedule...

Event Record #/Type12046 / Error
Event Submitted/Written: 06/06/2008 10:13:28 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application livesrv.exe, version 11.0.0.49, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x00012331.
Processing media-specific event for [livesrv.exe!ws!]

Event Record #/Type12027 / Error
Event Submitted/Written: 06/05/2008 07:32:18 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application livesrv.exe, version 11.0.0.49, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x00012331.
Processing media-specific event for [livesrv.exe!ws!]

Event Record #/Type12002 / Error
Event Submitted/Written: 06/04/2008 08:22:35 PM
Event ID/Source: 11920 / MsiInstaller
Event Description:
Product: BitDefender Total Security 2008 -- Error 1920. Service 'BitDefender Communicator' (XCOMM) failed to start. Verify that you have sufficient privileges to start system services.

Event Record #/Type11946 / Warning
Event Submitted/Written: 06/04/2008 11:22:34 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type15230 / Error
Event Submitted/Written: 06/06/2008 04:37:23 PM
Event ID/Source: 10008 / FcsSas
Event Description:
This beta version of Microsoft Forefront Client Security has expired. Please install a retail version of Microsoft Forefront Client Security when it becomes available or obtain an updated beta release from Microsoft. For more information, visit http://go.microsoft.com/fwlink/?LinkID=55219.

Event Record #/Type15226 / Error
Event Submitted/Written: 06/06/2008 04:10:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type15202 / Error
Event Submitted/Written: 06/06/2008 03:57:22 PM
Event ID/Source: 10008 / FcsSas
Event Description:
This beta version of Microsoft Forefront Client Security has expired. Please install a retail version of Microsoft Forefront Client Security when it becomes available or obtain an updated beta release from Microsoft. For more information, visit http://go.microsoft.com/fwlink/?LinkID=55219.

Event Record #/Type15178 / Error
Event Submitted/Written: 06/06/2008 10:15:02 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The BitDefender Desktop Update Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type15158 / Error
Event Submitted/Written: 06/06/2008 09:48:08 AM
Event ID/Source: 10008 / FcsSas
Event Description:
This beta version of Microsoft Forefront Client Security has expired. Please install a retail version of Microsoft Forefront Client Security when it becomes available or obtain an updated beta release from Microsoft. For more information, visit http://go.microsoft.com/fwlink/?LinkID=55219.



-- End of Deckard's System Scanner: finished at 2008-06-06 16:44:07 ------------
 
Hi

Why do you have Norton 360 disabled? Is your BitDefender 2008 license expired?

I'm still waiting for that Kaspersky report. Meanwhile, here's further instructions to follow after Kaspersky scan


1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log + in previous post asked Kaspersky online scanner report in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here
 
no i removed norton 360 since i thought it was causing my slow internet
kapersky isnt working for me online
it isnt going online it is not updating says run as updater and set security to medium which i did
so i am scanning with kapersky virus software. Bitdefender i removed. Now the thing is explorer.exe is fixed my main propblem is left that is the internt is very slow. can you help with that .

i already ran combofix following anothewr persons advise here is the log
any help on how to fix my internet speed. which got mixed up

ComboFix 08-06-05.3 - FAWAZ & NAWAF 2008-06-06 12:51:47.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.197 [GMT 3:00]
Running from: C:\Documents and Settings\Free User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Free User\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\MF_C420.lfa
C:\WINDOWS\MF_C421.lfa
C:\WINDOWS\system32\cbXRKbcy.dll
C:\WINDOWS\system32\hgGwXopn.dll
C:\WINDOWS\system32\jkkkIXqO.dll
C:\WINDOWS\system32\khfCspME.dll.vir
C:\WINDOWS\system32\xxyYQgEW.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\MF_C420.lfa
C:\WINDOWS\MF_C421.lfa
C:\WINDOWS\system32\khfCspME.dll.vir

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 08:03 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\Free User\Application Data\BitDefender
2008-06-05 08:03 . 2008-06-05 08:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-06-04 20:26 . 2008-06-04 20:26 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-06-04 20:10 . 2008-06-06 12:51 121 --a------ C:\WINDOWS\bdagent.INI
2008-06-04 20:05 . 2008-06-05 10:27 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-06-04 20:04 . 2008-06-04 20:04 <DIR> d-------- C:\Program Files\BitDefender
2008-06-04 13:07 . 2008-06-04 13:07 <DIR> d-------- C:\Documents and Settings\Free User\Application Data\PC Tools
2008-06-04 13:07 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-04 13:07 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-04 13:07 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-04 13:07 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-04 08:56 . 2008-06-04 08:56 <DIR> d-------- C:\HostsXpert
2008-06-03 21:22 . 2004-08-04 00:56 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-06-03 21:22 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2008-06-03 21:22 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-06-03 21:22 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-06-03 21:22 . 2004-08-03 22:29 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-06-03 21:22 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-06-03 21:22 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-06-03 21:22 . 2004-08-03 22:29 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-06-03 21:22 . 2004-08-04 00:56 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2008-06-03 21:22 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-06-03 21:20 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-03 21:19 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-03 21:18 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-03 21:17 . 2004-08-04 00:56 4,274,816 --a------ C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-06-03 21:16 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-03 21:15 . 2004-08-04 00:56 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-06-03 21:14 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-03 21:13 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-03 21:12 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-06-03 21:11 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-06-03 21:10 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-03 21:09 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-03 19:04 . 2008-06-03 19:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-03 19:04 . 2008-06-03 19:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 19:04 . 2008-06-03 19:04 <DIR> d-------- C:\Documents and Settings\Free User\Application Data\SUPERAntiSpyware.com
2008-06-03 19:04 . 2008-06-03 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-03 18:32 . 2008-06-03 18:32 <DIR> d-------- C:\VundoFix Backups
2008-06-03 10:56 . 2008-06-03 10:56 <DIR> d-------- C:\Program Files\Registry Distiller 1.03
2008-06-03 07:04 . 2008-06-03 07:04 <DIR> d-------- C:\Program Files\Panda Security
2008-06-03 05:44 . 2008-02-04 18:23 693,792 --------- C:\WINDOWS\system32\OGACheckControl.tmp
2008-06-02 17:22 . 2008-06-02 17:22 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-02 10:53 . 2008-06-02 10:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hagel Technologies
2008-06-01 18:23 . 2008-06-01 18:23 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-01 11:44 . 2008-06-01 11:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-20 20:52 . 2008-05-28 17:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-20 20:52 . 2008-05-20 20:52 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-15 22:50 . 2008-05-15 22:50 <DIR> d-------- C:\Program Files\Disney Interactive
2008-05-15 22:49 . 2008-05-15 22:50 1,396 --a------ C:\WINDOWS\disney.ini
2008-05-14 07:28 . 2008-05-14 07:28 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 10:04 175,104 ----a-w C:\WINDOWS\system32\drivers\b57xp32.sys
2008-05-12 10:04 175,104 ----a-w C:\WINDOWS\system32\dllcache\b57xp32.sys
2008-03-27 15:53 63,488 ----a-w C:\WINDOWS\xobglu16.dll
2008-03-27 15:53 23,552 ----a-w C:\WINDOWS\xobglu32.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-26 08:36 676,224 ----a-w C:\WINDOWS\system32\ogacheckcontrol.dll
2008-03-22 12:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-15 14:16 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-02-21 06:12 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\doc2pdfpro.dll
2008-01-11 15:25 92,064 ----a-w C:\Documents and Settings\Free User\mqdmmdm.sys
2008-01-11 15:25 9,232 ----a-w C:\Documents and Settings\Free User\mqdmmdfl.sys
2008-01-11 15:25 79,328 ----a-w C:\Documents and Settings\Free User\mqdmserd.sys
2008-01-11 15:25 66,656 ----a-w C:\Documents and Settings\Free User\mqdmbus.sys
2008-01-11 15:25 6,208 ----a-w C:\Documents and Settings\Free User\mqdmcmnt.sys
2008-01-11 15:25 5,936 ----a-w C:\Documents and Settings\Free User\mqdmwhnt.sys
2008-01-11 15:25 4,048 ----a-w C:\Documents and Settings\Free User\mqdmcr.sys
2008-01-11 15:25 25,600 ----a-w C:\Documents and Settings\Free User\usbsermptxp.sys
2008-01-11 15:25 22,768 ----a-w C:\Documents and Settings\Free User\usbsermpt.sys
2007-11-20 12:42 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
1998-07-03 12:27 7,488 ----a-w C:\WINDOWS\inf\unregpn.exe
2007-05-29 19:00 10,022 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-04_19.46.34.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-04 16:44:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 06:47:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-05 05:03:44 61,440 ----a-r C:\WINDOWS\Installer\{DB368901-C41E-4D86-9809-E0EE635A6939}\helpicon.exe
+ 2008-06-05 05:03:44 32,768 ----a-r C:\WINDOWS\Installer\{DB368901-C41E-4D86-9809-E0EE635A6939}\maintenance_icon.exe
+ 2008-06-05 05:03:44 22,486 ----a-r C:\WINDOWS\Installer\{DB368901-C41E-4D86-9809-E0EE635A6939}\register_icon.exe
+ 2008-06-05 05:03:44 57,344 ----a-r C:\WINDOWS\Installer\{DB368901-C41E-4D86-9809-E0EE635A6939}\texticon.exe
+ 2007-09-25 08:01:12 87,824 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
+ 2007-08-02 14:03:44 188,432 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
- 2008-05-31 03:06:30 174,520 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
+ 2008-06-04 18:34:00 174,520 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
- 2002-12-31 09:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 10:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2002-01-05 00:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 00:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
- 2007-03-21 17:39:00 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.DLL
+ 2003-03-18 18:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
- 2003-03-18 21:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2003-03-18 18:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2002-01-05 00:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-05 00:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
- 2007-03-21 17:33:00 503,808 ----a-w C:\WINDOWS\system32\MSVCP71.DLL
+ 2003-03-18 17:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2002-01-04 23:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2008-02-29 05:58:06 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 01:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2008-06-04 18:31:56 1,845,772 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-07-20 12:54:30 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
+ 2007-01-31 11:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-03-16 07:41 3810544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 12:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-16 09:39 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan"="D:\Program Files\Athan\Athan.exe" [2005-09-12 03:04 937984]
"BitDefender Antiphishing Helper"="D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-08-27 15:24 49152]
"BDAgent"="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2007-10-01 15:23 294912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 12:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 11:48 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VDOM"= vdowave.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Free User^Start Menu^Programs^Startup^MR Tech Systray.lnk]
backup=C:\WINDOWS\pss\MR Tech Systray.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Free User^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=C:\WINDOWS\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 d:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AttuneClientEngine]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-01-15 16:14 147456 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a------ 2002-03-19 17:30 45632 C:\WINDOWS\system32\taskswitch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2002-12-31 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Globe7]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 00:22 3739648 d:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HOTFOON2]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2005-09-20 09:32 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2005-09-20 09:36 114688 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2005-09-20 09:35 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-01-12 20:44 214456 D:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2006-04-13 11:09 49152 d:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mp4 Player]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2008-03-16 09:39 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nektra OEAPI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 D:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Quran_AR]
--a------ 2007-06-12 22:07 335872 D:\Program Files\Quran_AR\Quran_AR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2005-12-07 22:57 30208 d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-03-12 10:44 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkAndWrite]
--a------ 2007-07-22 16:23 2664448 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\1163D2B46CC742E5A3CC9E4157887751\TalkAndWrite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-29 08:57 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMASTER]
--a------ 2006-11-27 15:25 283168 d:\PROGRA~1\TWEAKM~1\TMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherBug]
--a------ 2005-09-01 04:33 374344 C:\Program Files\AWS\WeatherBug\WeatherBug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yoomba]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"Adobe Photo Downloader"="d:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\BIN\\ImpCnt.exe"=
"D:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"C:\\Program Files\\Custom Content Manager\\CCM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\IncrediMail\\BIN\\IncrediMail_Install.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"D:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56632:TCP"= 56632:TCP:utorrent
"56632:UDP"= 56632:UDP:utorrent
"8000:UDP"= 8000:UDP:Express Talk RTP Incoming Audio (UDP)
"8001:UDP"= 8001:UDP:Express Talk RTP Incoming Audio (UDP)
"8002:UDP"= 8002:UDP:Express Talk RTP Incoming Audio (UDP)
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
"5060:UDP"= 5060:UDP:Axon Sip Incoming Calls (UDP)
"81:TCP"= 81:TCP:Axon Web Server
"606:TCP"= 606:TCP:VoIP On-Hold Server
"8003:UDP"= 8003:UDP:Express Talk RTP Incoming Audio (UDP)
"26247:TCP"= 26247:TCP:BitComet 26247 TCP
"26247:UDP"= 26247:UDP:BitComet 26247 UDP

R1 vcdrom;Virtual CD-ROM Device Driver;C:\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 11:45]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-09-25 11:01]
R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 06:45]
S2 FcsSas;Microsoft Forefront Client Security State Assessment Service;"C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe" [2006-10-25 13:14]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-04-14 00:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07418128-8a65-11db-80b1-0002e356b9ca}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0981b918-798e-11db-808a-0002e356b9ca}]
\Shell\Auto\command - rejoice101.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rejoice101.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{676c9938-6a68-11db-805f-0002e356b9ca}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-06-03 03:10:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 03:10:36 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 12:53:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-06-06 12:53:50
ComboFix-quarantined-files.txt 2008-06-06 09:53:50
ComboFix3.txt 2008-06-04 16:46:54
ComboFix2.txt 2008-06-04 18:59:14

Pre-Run: 14,421,295,104 bytes free
Post-Run: 14,465,777,664 bytes free

319 --- E O F --- 2008-05-28 19:39:00
 
i already ran combofix following anothewr persons advise here is the log
Click to expand...
Hi

Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (ran ComboFix though it shouldn't be used without supervision) topic is not sticky without a reason. I see you used also CFScript that was designed for other user. Doing this is risky since you might had ended up with even worse messed system. I wish you all who read this will remember not to use scripts designed for other victims.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
Folder::
C:\VundoFix Backups

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0981b918-798e-11db-808a-0002e356b9ca}]


Save this as
CFScript


CFScript.gif


Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top