Need Help with this

2 days ago, avg scanned the computer and found vb.bvj (googled it and found no info)- avg took care of it, and i thought everything is fine, well apprantly not.
when i did a restart, windows was ok, but it opend, i got this error message- it was something like "could not locate the file: c:\doncuments and settings\Admin\taskmgr.exe " (sorry, my windows isnt in english so i dont remember the exact term).
anyway, i knew taskmgr.exe is NOT suppose to be uner this folder.

i copied the tskmgr.exe file from i386 folder (its a laptop, so i dont have the original windows cd, instead i got it on the hard drive :\ ) and put it under the Admin folder- so now i dont get the error message, but instead- everytime i open the computer, the task manager pops up (like other programs that runs everytime i open the computer)- the task manager works fine, BUT i dont want him to pop up everytime windows starts- so what can i do?
today avg found 82 contaminated files on the registry files.

heres the hijackthis log
http://www.speedyshare.com/132765608.html

Use AutoRuns to look for the startup entry referencing the wrong location and delete it:

http://www.microsoft.com/technet/sysinternals/Utilities/AutoRuns.mspx

By the way, this is the avast! support forum. :wink:

ok kool thnx sorry man, but its still support is itnot

No problem. Everybody welcome here.

man its still doesn’t work the task manager still pops up


Google results:

http://g.s.scandoo.com/search?hl=en&meta=on&q=vb.bvj

It appears that you might have an I-worm infection or trojan/virus.


I can help clear it if you wish

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Hi Martin - JSP linked to the log in his initial post. Here it is

Logfile of HijackThis v1.99.1 Scan saved at 14:25:25, on 02/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Comodo\Firewall\cpf.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\Microsoft Office\Office10\POWERPNT.EXE
C:\Documents and Settings\Elad\ùåìçï äòáåãä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM..\Run: [ShowLOMControl] 
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM..\Run: [DVDLauncher] “C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe”
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM..\Run: [ISUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM..\Run: [OpwareSE2] “C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe”
O4 - HKLM..\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU..\Run: [Yahoo! Pager] “C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &éöà ì- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Day/launcher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O17 - HKLM\System\CCS\Services\Tcpip..{B6FEB43A-C70D-48F1-85CC-C698ACE9FAD5}: NameServer = 212.143.212.143 194.90.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Cheers Kieth I knew I should have worn my glasses ::slight_smile: Looks like a small registry fix would cure this and for that I need a combofix log

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

ok kool thnx

ComboFix 07-08-02.2 - “Elad” 08/02/2007 15:29:25.1 [GMT 3:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1255.1.1037.18.True

  • Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Elad\APPLIC~1.\macromedia\Flash Player#SharedObjects\GDDQ4QMS\www.broadcaster.com
C:\DOCUME~1\Elad\APPLIC~1.\macromedia\Flash Player#SharedObjects\GDDQ4QMS\www.broadcaster.com\played_list.sol
C:\DOCUME~1\Elad\APPLIC~1.\macromedia\Flash Player#SharedObjects\GDDQ4QMS\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\Elad\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com
C:\DOCUME~1\Elad\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#www.broadcaster.com\settings.sol
C:\WINDOWS\DOWNLO~1.\launcher.ocx
C:\WINDOWS\system32\drivers\sfsync02.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_SFSYNC02
-------\sfsync02

((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

08/02/2007 03:21 PM 53702 --a------ C:\WINDOWS\system32\perfc00d.dat
08/02/2007 03:21 PM 304696 --a------ C:\WINDOWS\system32\perfh00d.dat
08/02/2007 02:04 PM --------- d-------- C:\Program Files\Windows Defender
08/02/2007 02:04 PM --------- d-------- C:\Program Files\Winamp
08/02/2007 02:00 PM --------- d-------- C:\Program Files\MSN Messenger
08/02/2007 01:58 PM --------- d-------- C:\Program Files\ICQLite
08/02/2007 01:55 PM --------- d-------- C:\Program Files\Digital Line Detect
08/02/2007 01:55 PM --------- d-------- C:\Program Files\DAEMON Tools
08/02/2007 01:16 PM --------- d-------- C:\Program Files\Messenger
07/30/2007 10:16 PM --------- d-------- C:\DOCUME~1\Elad\APPLIC~1\Skype
07/26/2007 04:14 PM --------- d-------- C:\Program Files\Yahoo!
07/11/2007 12:09 AM --------- d-------- C:\DOCUME~1\Elad\APPLIC~1\HP
07/06/2007 08:30 AM --------- d-------- C:\DOCUME~1\Elad\APPLIC~1\Canon
06/17/2007 12:11 AM 51200 --a------ C:\WINDOWS\nircmd.exe
05/26/2007 11:36 PM 3175 --a------ C:\WINDOWS\mozver.dat
05/16/2007 06:12 PM 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
05/16/2007 06:12 PM 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
05/16/2007 06:12 PM 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
05/16/2007 06:11 PM 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
05/16/2007 06:11 PM 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
05/16/2007 06:11 PM 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
05/08/2007 11:56 AM 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
03/21/2007 08:21 PM 56872 --a------ C:\DOCUME~1\Elad\APPLIC~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“igfxtray”=“C:\WINDOWS\system32\igfxtray.exe” [12/14/2005 01:44 AM]
“igfxhkcmd”=“C:\WINDOWS\system32\hkcmd.exe” [12/14/2005 01:41 AM]
“igfxpers”=“C:\WINDOWS\system32\igfxpers.exe” [12/14/2005 01:45 AM]
“SunJavaUpdateSched”=“C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe” [11/19/2003 07:48 PM]
“SigmatelSysTrayApp”=“stsystra.exe” [11/16/2005 11:35 PM C:\WINDOWS\stsystra.exe]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [11/29/2005 08:56 PM]
“Dell QuickSet”=“C:\Program Files\Dell\QuickSet\quickset.exe” [12/06/2005 12:45 PM]
“Broadcom Wireless Manager UI”=“C:\WINDOWS\system32\WLTRAY.exe” [12/19/2005 05:08 PM]
“DVDLauncher”=“C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe” [12/09/2005 10:29 PM]
“DMXLauncher”=“C:\Program Files\Dell\Media Experience\DMXLauncher.exe” [01/27/2005 03:02 AM]
“dla”=“C:\WINDOWS\system32\dla\tfswctrl.exe” [12/06/2004 03:05 AM]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [07/27/2004 06:50 PM]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [07/27/2004 06:50 PM]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [05/12/2005 12:12 AM]
“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe” [10/22/2001 09:24 PM]
“OpwareSE2”=“C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe” [05/08/2003 01:00 PM]
“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [09/14/2006 11:09 PM]
“AVG7_CC”=“C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe” [04/29/2007 08:28 AM]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [08/27/2004 07:00 AM]
“ModemOnHold”=“C:\Program Files\NetWaiting\netWaiting.exe” [09/10/2003 04:24 AM]
“PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [11/30/2005 05:56 PM]
“Yahoo! Pager”=“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe”

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t

C:\Documents and Settings\All Users\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 13:11:42]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-19 05:11:53]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
“Task”=C:\DOCUME~1\Elad\taskmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^úôøéè äúçìä^úåëðéåú^äôòìä^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\úôøéè äúçìä\úåëðéåú\äôòìä\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^úôøéè äúçìä^úåëðéåú^äôòìä^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\úôøéè äúçìä\úåëðéåú\äôòìä\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Elad^úôøéè äúçìä^úåëðéåú^äôòìä^Netvision Cable Connect.url]
path=C:\Documents and Settings\Elad\úôøéè äúçìä\úåëðéåú\äôòìä\Netvision Cable Connect.url
backup=C:\WINDOWS\pss\Netvision Cable Connect.urlStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
“C:\Program Files\ICQLite\ICQLite.exe” -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
“C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
“C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe” -quiet

R0 Inspect;Comodo Network Engine;C:\WINDOWS\system32\DRIVERS\inspect.sys
R1 APPDRV;APPDRV;C:\WINDOWS\system32\DRIVERS\APPDRV.SYS
R1 CmdMon;Comodo Application Engine;C:\WINDOWS\system32\DRIVERS\cmdmon.sys
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfcom.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 MASPINT;MASPINT;C:\WINDOWS\system32\drivers\MASPINT.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 HSF_DPV;HSF_DPV;C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
R3 HSFHWAZL;HSFHWAZL;C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
R3 rimmptsk;rimmptsk;C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
R3 rimsptsk;rimsptsk;C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
R3 rismxdp;Ricoh xD-Picture Card Driver;C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 STHDA;SigmaTel High Definition Audio CODEC;C:\WINDOWS\system32\drivers\sthda.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 tosporte;Bluetooth Port Driver from Toshiba;C:\WINDOWS\system32\DRIVERS\tosporte.sys
S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\netrcacm.sys
S3 Nokia USB Generic;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 Nokia USB Modem;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Nokia USB Phone Parent;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 Nokia USB Port;Nokia USB Port;C:\WINDOWS\system32\drivers\nmwcdcj.sys
S3 tj2knd5;Terayon Cable Modem (NDIS);C:\WINDOWS\system32\DRIVERS\tj2knd5.sys
S3 tj2kunic;Terayon Cable Modem (WDM);C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
S3 toshidpt;TOSHIBA Bluetooth HID port driver;C:\WINDOWS\system32\drivers\Toshidpt.sys
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbd.sys
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA;C:\WINDOWS\system32\Drivers\tosrfbnp.sys
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA;C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA;C:\WINDOWS\system32\drivers\TosRfSnd.sys
S3 Tosrfusb;Bluetooth USB Controller;C:\WINDOWS\system32\Drivers\tosrfusb.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 Bluetooth Hid Switch Service;Bluetooth Hid Switch Service;“C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe”

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0d5cc56f-ca67-11db-8786-0015c50ebf9c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- F:\Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{43b81da0-b6e4-11db-875a-0016ce299ea2}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{67d4dad2-1997-11dc-8830-0016415ab544}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8cff9a0c-5f5e-11db-8686-0015c50ebf9c}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- F:\Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8fdfee7a-d08e-11db-8793-0015c50ebf9c}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8fdfee7d-d08e-11db-8793-0015c50ebf9c}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8fdfee7f-d08e-11db-8793-0015c50ebf9c}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b4b79a9f-d071-11db-8792-0015c50ebf9c}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bc4f459e-628f-11db-8695-0015c50ebf9c}]
AutoRun\command- E:\HPW.bat

Contents of the ‘Scheduled Tasks’ folder
2007-08-02 12:19:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 15:33:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden registry entries …

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\Publishers\xf892\5\x5d4\5\x5d8\5\x5d1\5\xf891\5 ]
@=“{CFCCC7A0-A282-11D1-9082-006008059382}”
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]

“\x5c1\5\x5d8\5\xf88d\5\x5d8\5\x5da\5 ?\xf892\5\x5f3\5\x5c3\5\xf890\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s?”=“”,“”
“\x5f0\5\x5d0\5\x5d4\5\x5d9\5\x5f0\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s?”=““C:\WINDOWS\Cursors\rainbow.ani,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,””
“\xf890\5\x5c1\5\xf893\5 ?\x5da\5\xf890\5\x5da\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5”=““C:\WINDOWS\Cursors\3dwarro.cur,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,””
“\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?1?”=““C:\WINDOWS\Cursors\harrow.cur,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,””
“\xf88d\5\x5c3\5\xf88d\5\xf88d\5\xf891\5 ?2?”=““C:\WINDOWS\Cursors\harrow.cur,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,””
“\x5c3\5\xf88d\5\x5d0\5\x5f1\5\x5f2\5\x5c0\5\x5f1\5\x5d8\5”=““C:\WINDOWS\Cursors\3dgarro.cur,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,””
“\x5d1\5\x5c2\5\x5d0\5\x5f1\5\xf893\5 ?\xf892\5\xf88d\5\x5f1\5\x5d9\5\xf893\5”=““C:\WINDOWS\Cursors\harrow.cur,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,””
“\xf892\5\x5d0\5\x5d6\5\x5f3\5”=““C:\WINDOWS\Cursors\harrow.cur,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,””
“\xf892\5\x5f1\5\x5c2\5\x5c3\5\xf890\5”=““C:\WINDOWS\Cursors\larrow.cur,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,””
“\x5d9\5\xf88d\5\x5d0\5\x5f1\5\xf88d\5\xf88d\5\xf891\5”=““C:\WINDOWS\Cursors\fillitup.ani,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,””
“\x5c0\5\x5d8\5\x5c3\5 ?\x5da\5\xf890\5\x5da\5-?\xf892\5\xf88d\5\xf892\5\x5c3\5\xf88d\5”=““C:\WINDOWS\Cursors\3dgarro.cur,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,””
“\x5d9\5\x5f3\5\x5f1\5\x5d8\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s? ?”=“C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur”
“\x5d9\5\x5f3\5\x5f1\5\x5d8\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5\x5f1\5\xf890\5)?”=“C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur”
“\x5d9\5\x5f3\5\x5f1\5\x5d8\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5\x5f1\5\xf890\5 ?\xf892\5\x5c0\5\x5f1\5\x5c3\5)?”=“C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur”
“\x5d6\5\x5c1\5\x5d2\5\xf88d\5\xf891\5 ?\x5f0\5\x5d4\5\x5f1\5\xf88f\5\xf88d\5\xf891\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s?”=“C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur”
“\x5d6\5\x5c1\5\x5d2\5\xf88d\5\xf891\5 ?\x5f0\5\x5d4\5\x5f1\5\xf88f\5\xf88d\5\xf891\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5\x5f1\5\xf890\5)?”=“C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur”
“\x5d6\5\x5c1\5\x5d2\5\xf88d\5\xf891\5 ?\x5f0\5\x5d4\5\x5f1\5\xf88f\5\xf88d\5\xf891\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5\x5f1\5\xf890\5 ?\xf892\5\x5c0\5\x5f1\5\x5c3\5)?”=“C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur”
“\x5d1\5\x5f4\5\x5d0\5\x5c3\5\x5d8\5\x5f4\5\xf88d\5 ?\x5d9\5\xf890\5 ?W?i?n?d?o?w?s? ?(?\x5c2\5\x5c3\5\x5f1\5\xf890\5)?”="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursoscanning hidden files …

scan completed successfully
hidden files: 0


Completion time: 08/02/2007 15:36:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt … 08/02/2007 03:35 PM

--- E O F ---

heres the full log in txt format
http://www.sendspace.com/file/86ky7v

One quick reg fix which should cure your problem. I will look at the rest of the log now

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
“Task”=-

Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop
http://img127.imageshack.us/img127/433/regtg8.jpg

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.

still didn’t work

Try a scan with TuneUp Utilities registry scan (free working trial) and see if it finds anything:

http://www.tune-up.com/

You can find many free registry cleaners here: http://www.snapfiles.com/Freeware/system/fwregtools.html

Could you post a fresh ComboFix log - let’s see if that registry value came back.

If it did come back there may well be a hidden infector somewhere. If it is there than mayhap it would be time for Winpfind to root it out