Tech Support banner
Status
Not open for further replies.
1 - 20 of 20 Posts

·
Registered
Joined
·
132 Posts
Discussion Starter · #1 ·
Greetings with Great respect to you all,

My problem is summarized as follow:
I've a high speed LAN cable, at first everything was sweet and going well, then as nothing is well forever, once i log into the network sygate immediately show you what's included in the pic and block the net connection as to say connected or not are all the same
what i have to do i don't know how to go through net and not be blocked by Sygate, please help....
Here is the pic:


View attachment The Problem.bmp

What should be done and what is the analysis of my problem???

I would be so greetful to you if you help me to get ride of this annoying matter.
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Abdurrahman,

Please download HijackThis.zip - this program will help us determine the extent of any spyware/malware that may be on your computer as well as aid us in removing it.

Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\PROGRAM FILES\HIJACKTHIS\

Double click on HijackThis.exe to run the program.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here.

**Do not fix anything in HijackThis since many entries are harmless and necessary for the proper operation of your system.
 

·
Registered
Joined
·
132 Posts
here it is

Hello

Thanks for caring and here you are what you asked me :

View attachment dat it.txt

thanks again

Logfile of HijackThis v1.99.1
Scan saved at 06:39:26 ã, on 16/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\Program Files\Common Files\GuruNet Shared\agtserv.exe
C:\Program Files\QuickWiz\EasyLingo\wdtspeak.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Cydoor] CD_Load.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Abdurrahman,

You could do us a great service here, if you don't mind. :smile:

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Before we begin the fix, we would like a closer look at one of the files. Please do the following:

Please download the Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Run SFP.exe.

Please copy the following lines into the Step 1: Paste Text window:

C:\WINDOWS\System32\scvhost.exe

then click "Continue".

This will create a .cab file on your desktop named requested-files[Date/Time].cab

Next, please visit TheSpyKillers forum HERE

Read the first topic for instructions on uploading files then start a new Topic, title the thread Files for AndyManchesta, post a link to this thread and upload the requested files.cab archive from your desktop.

--------------------------------------------------------------------

Download SDFix and save it to your Desktop. Do not run it yet, just extract it:

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\Run: [Cydoor] CD_Load.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File If they still exist.

CD_Load.exe <--Search for this file via Start>Search>All Files and folders. Delete all instances of this file.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Also, please let me know if you can access the internet as additional tools and scans are required to continue the cleansing process.
 

·
Registered
Joined
·
132 Posts
The report.txt & new HijackThis.log

Hello again
I have done what you asked me and here you are the results:

1) The Report.txt of SDfix:


SDFix: Version 1.59

Thu 01/18/2007 - 9:13:52.17

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Name:


Path:



Restoring Windows Registry Entries
Restoring Default Hosts File

Rebooting

Normal Mode:

Checking Files:


Files will be copied to Backups folder then removed:

C:\WINDOWS\system32\ckl009.dat - Deleted



Alternate Stream Check:

C:\WINDOWS\system32
No streams found.
Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\download\BIT3C.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e832edb8109edda4f481a6bd4b9ea11a\BITF.tmp

Finished




And the new HijackThis log is as follow:

Logfile of HijackThis v1.99.1
Scan saved at 09:24:11 ص, on 18/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Programmes\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




Thank you very much for help and I've gained the access to the internet due to your help thanks a lot and if there is anything else with my PC should be done please tell me

Sincerely
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Abdurrahman, :smile:

Now that the main infection has been dealt with and your internet access has been restored, we can finish cleaning out the rest of the 'junk'. :winkgrin:

Please print out or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

******************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"


  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

(Alternate Link if main link doesn't work - http://www.greyknight17.com/spy/CleanUp.exe )

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on
    located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on
    then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log


What portions of Norton Internet Security do you currently have installed? Are the Anti-Virus and Firewall currently installed?
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #7 ·
Hello dear Ried

I've done what you asked me to do but before I show you the reports I want to ask some questions:

1) where do these bad files come from? and how to prvent the occurence of it in my PC before it comes??

2) I'm :eek: wondering:eek: of the cuase that made my PC so slow in the last period ? guess that I want to open My Computer; after double clicking it, it opens after about 10 seconds !!! guess if you want to do more complicated process!!! please aid me in this annoying matter:upset: :upset: , it is so recent, please :heartlove :heartlove

3) About the norton intenet security I've the Antiviru or to be more correct I was having the Antivirus. This is because that i tried to uninstall it then an error occured during the process so now I can't uninstall it nor redwonload it to repair it..

Then let's start the reprots
1) The AVG anti-spyware:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:15:44 19/01/2007 PM

+ Scan result:



:mozilla.134:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Adbrite : Cleaned.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zy7ugcbt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zy7ugcbt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.79:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Burstnet : Cleaned.
:mozilla.170:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.171:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.172:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Com : Cleaned.
:mozilla.78:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.213:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Euroclick : Cleaned.
:mozilla.227:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned.
:mozilla.228:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned.
:mozilla.229:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned.
:mozilla.230:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Falkag : Cleaned.
:mozilla.81:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.258:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Gamershell : Cleaned.
:mozilla.259:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Gamershell : Cleaned.
:mozilla.118:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.184:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.211:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.212:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.353:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.354:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.355:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.204:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.205:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.207:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.208:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Hitbox : Cleaned.
:mozilla.343:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Information : Cleaned.
:mozilla.145:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
:mozilla.215:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.216:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.217:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.218:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Pointroll : Cleaned.
:mozilla.284:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.285:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.286:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.297:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Revenue : Cleaned.
:mozilla.360:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.159:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.160:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.161:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.162:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.163:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.164:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.165:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.166:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Hothayfa\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.13:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\zy7ugcbt.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.173:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Yadro : Cleaned.
:mozilla.62:C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


2) Panda Active scan:

Incident Status Location

Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Hothayfa\Application Data\Mozilla\Firefox\Profiles\d1s64kyf.default\cookies.txt.old[.tucows.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Hothayfa\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\Programmes\SDFix.exe[SDFix\apps\Process.exe]
3) The newHijackThis.log :

Logfile of HijackThis v1.99.1
Scan saved at 05:38:55 م, on 20/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Programmes\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Unknown owner - C:\Program Files\Norton Internet Security\comHost.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

That is all for now, and i don't know how to fix them so I ask your suppor:heartlove
:heartlove
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Abdurrahman,

Your system may be a bit slow right now since we cleaned out the Temp, Temp Internet and Prefetch files. The failed uninstall of Norton could also be a factor.

I have one more fix for you to complete, then we'll try to get rid of Norton. :sayyes:

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now.

Open notepad and copy/paste the text in the quotebox below:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:


Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------

Here is a guide for uninstalling Norton, including uninstallers. Be sure to use the uninstaller for the version of Norton/Symantec that is active on your system. http://basconotw.mvps.org/SymRem.htm

---------------------------------------------------

Please let me know how the uninstall went, and provide a new HijackThis log.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #9 ·
before closing

Hello so dear Ried

Firstly I'd like to thank you, really I don't know to thank you for this or that or what........., however thank you very much for everything.

And also about Norton removing, a special thank to you, really you really are a tough man.

But before I show you the HijckThis.log I would like to ask some questions:

1) The computer speed is so slow and it is in decrease I don't know why, and I remember when i did a cleanUp using ur program the speed increased but now it is more bad than before, Hope you find a solution to this problem knowing that there is no improvement after norton removal!!!! please help me Ried

2) When I saw the task manager I noticed that there is a program running it self about 7 times taking a huge part of my memory the program named as follows
SVCHOST.EXE
this file is located in the system folder, when i try to end that process there is one of 2 problems:
Eithr it is not allowed or an error message appear counting one minute the the PC restarts???

3) Does the P2P programs are dangerous to my PC? How to be protected against any danger if any persist ??

4) How Could I know that the BITS is broken or still working?

However, here the New HijckThis.log

Logfile of HijackThis v1.99.1
Scan saved at 08:30:37 م, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Programmes\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Abdurrahman, :smile:

Well done on the Norton removal. :sayyes:

Please print or copy these instructions to Notepad and save to your desktop for reference.

**********************************************

It sounds as though the infection may have returned. Are all of those entries in your Task Manager svchost.exe or are some of them scvhost.exe?

Please download SREng.
Alternate link if needed.

**You may receive a message "The bandwidth limit for this site has been exceeded", please keep trying--eventually you'll get through.

-------------------------------------

Close any open browsers.

-------------------------------------


Run combofix first:

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Now run SREng:

1. Extract it to Desktop & double click SREng.exe to run it

2. Select 'Smart Scan' & tick "Verify Digital Signatures"

3. Click on the [Scan] button

4. When finished, click on the [Save Reports] button & save the log to Desktop

5. Attach the log in your next reply. Dont post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #11 ·
here u r

Hello Ried,

Here you are an image of my task manager they now became 6 rather than being 7 ie: there is one svchost.exe has been deleted here is the pic :

here u r.jpg


& here is the combofix.txt report:

View attachment ComboFix.txt

& here is the SREng.EXE report :

View attachment SREngLOG.txt


"Hothayfa" - 07-01-22 14:13:12 Service Pack 2
ComboFix 07-01-21 - Running from: "C:\Documents and Settings\Hothayfa\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2006-12-22 to 2007-01-22 ))))))))))))))))))))))))))))))))))


2007-01-21 22:52 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-01-21 22:52 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-01-21 22:52 <DIR> d-------- C:\Program Files\Atari
2007-01-21 22:46 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\Media Player Classic
2007-01-21 22:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2007-01-21 22:44 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-01-21 22:44 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-21 22:44 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-01-21 22:44 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-01-21 22:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-01-21 15:23 <DIR> d-------- C:\Program Files\mIRC
2007-01-20 18:30 <DIR> d-------- C:\WINDOWS\Sun
2007-01-20 18:30 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\Sun
2007-01-20 13:58 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-19 17:49 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-18 10:13 101,376 --a------ C:\WINDOWS\system32\drivers\ACEDRV07.sys
2007-01-18 00:02 <DIR> d-------- C:\SDFix
2007-01-16 21:00 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-01-16 21:00 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\MegauploadToolbar
2007-01-15 12:22 <DIR> d-------- C:\Program Files\eMule
2007-01-15 11:26 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-14 20:12 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\MSN6
2007-01-14 20:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\MSN6
2007-01-14 18:26 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-14 17:23 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-14 17:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-14 15:26 <DIR> d-------- C:\0e2832fe3b4fef40b5b0045e3007c5
2007-01-14 13:58 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-01-14 13:35 <DIR> d-------- C:\WINDOWS\WBEM
2007-01-14 13:35 <DIR> d-------- C:\WINDOWS\system32\en-US
2007-01-14 13:33 <DIR> d--h-c--- C:\WINDOWS\ie7
2007-01-14 13:29 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2007-01-14 13:26 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-01-14 13:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-01-13 16:54 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-13 14:53 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-13 14:53 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-13 14:48 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-13 14:48 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-13 14:48 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\AVG7
2007-01-13 14:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-13 14:41 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-13 14:35 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-13 14:33 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-01-13 14:33 937,984 --------- C:\WINDOWS\system32\winbrand.dll
2007-01-13 14:33 9,728 --------- C:\WINDOWS\system32\comsdupd.exe
2007-01-13 14:33 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2007-01-13 14:33 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-01-13 14:33 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2007-01-13 14:33 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2007-01-13 14:33 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2007-01-13 14:33 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2007-01-13 14:33 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-01-13 14:33 78,336 --a------ C:\WINDOWS\system32\ieencode.dll
2007-01-13 14:33 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2007-01-13 14:33 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2007-01-13 14:33 73,796 --------- C:\WINDOWS\system32\slserv.exe
2007-01-13 14:33 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-13 14:33 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2007-01-13 14:33 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-13 14:33 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2007-01-13 14:33 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2007-01-13 14:33 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2007-01-13 14:33 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2007-01-13 14:33 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2007-01-13 14:33 7,168 --------- C:\WINDOWS\system32\hccoin.dll
2007-01-13 14:33 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-01-13 14:33 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-01-13 14:33 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-01-13 14:33 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-13 14:33 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2007-01-13 14:33 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2007-01-13 14:33 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2007-01-13 14:33 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2007-01-13 14:33 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2007-01-13 14:33 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2007-01-13 14:33 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-01-13 14:33 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-01-13 14:33 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-13 14:33 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-01-13 14:33 537,088 --------- C:\WINDOWS\system32\msftedit.dll
2007-01-13 14:33 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2007-01-13 14:33 52,224 --------- C:\WINDOWS\system32\mspmsnsv.dll
2007-01-13 14:33 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-13 14:33 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2007-01-13 14:33 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2007-01-13 14:33 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2007-01-13 14:33 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2007-01-13 14:33 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2007-01-13 14:33 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2007-01-13 14:33 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-01-13 14:33 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-01-13 14:33 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-01-13 14:33 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-01-13 14:33 44,032 --------- C:\WINDOWS\system32\twext.dll
2007-01-13 14:33 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-01-13 14:33 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-01-13 14:33 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-01-13 14:33 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-01-13 14:33 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-01-13 14:33 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-01-13 14:33 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-01-13 14:33 4,096 --------- C:\WINDOWS\system32\dsprpres.dll
2007-01-13 14:33 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2007-01-13 14:33 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-01-13 14:33 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-01-13 14:33 37,376 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2007-01-13 14:33 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-01-13 14:33 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-01-13 14:33 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-01-13 14:33 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-01-13 14:33 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-13 14:33 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2007-01-13 14:33 32,866 --------- C:\WINDOWS\slrundll.exe
2007-01-13 14:33 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2007-01-13 14:33 32,768 --------- C:\WINDOWS\system32\asr_pfu.exe
2007-01-13 14:33 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2007-01-13 14:33 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2007-01-13 14:33 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-13 14:33 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-01-13 14:33 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2007-01-13 14:33 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-01-13 14:33 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-01-13 14:33 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-01-13 14:33 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-01-13 14:33 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-01-13 14:33 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-01-13 14:33 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-01-13 14:33 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-01-13 14:33 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-01-13 14:33 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2007-01-13 14:33 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-01-13 14:33 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2007-01-13 14:33 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-13 14:33 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-01-13 14:33 270,848 --------- C:\WINDOWS\system32\sbe.dll
2007-01-13 14:33 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-01-13 14:33 26,624 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2007-01-13 14:33 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-01-13 14:33 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-01-13 14:33 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-01-13 14:33 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-01-13 14:33 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2007-01-13 14:33 233,472 --------- C:\WINDOWS\system32\wmpdxm.dll
2007-01-13 14:33 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-01-13 14:33 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2007-01-13 14:33 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-01-13 14:33 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-01-13 14:33 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-01-13 14:33 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-01-13 14:33 201,728 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-01-13 14:33 20,992 --------- C:\WINDOWS\system32\bthci.dll
2007-01-13 14:33 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2007-01-13 14:33 188,508 --------- C:\WINDOWS\system32\slgen.dll
2007-01-13 14:33 187,392 --------- C:\WINDOWS\system32\xpsp1res.dll
2007-01-13 14:33 186,368 --------- C:\WINDOWS\system32\encdec.dll
2007-01-13 14:33 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-01-13 14:33 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-01-13 14:33 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2007-01-13 14:33 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-01-13 14:33 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-01-13 14:33 168,448 --------- C:\WINDOWS\system32\wmerror.dll
2007-01-13 14:33 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-01-13 14:33 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-01-13 14:33 159,232 --------- C:\WINDOWS\system32\sbeio.dll
2007-01-13 14:33 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2007-01-13 14:33 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-01-13 14:33 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-01-13 14:33 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-13 14:33 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-13 14:33 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2007-01-13 14:33 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-01-13 14:33 134,656 --------- C:\WINDOWS\system32\mssap.dll
2007-01-13 14:33 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2007-01-13 14:33 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-13 14:33 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-13 14:33 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2007-01-13 14:33 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-01-13 14:33 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-13 14:33 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-01-13 14:33 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2007-01-13 14:33 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-01-13 14:33 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-01-13 14:33 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-01-13 14:33 12,800 --------- C:\WINDOWS\system32\spiisupd.exe
2007-01-13 14:33 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-01-13 14:33 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-13 14:33 12,416 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2007-01-13 14:33 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-01-13 14:33 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2007-01-13 14:33 116,224 --------- C:\WINDOWS\system32\p2p.dll
2007-01-13 14:33 114,688 --------- C:\WINDOWS\system32\wmpasf.dll
2007-01-13 14:33 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-01-13 14:33 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-01-13 14:33 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-01-13 14:33 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-01-13 14:33 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-01-13 14:33 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-01-13 14:33 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-01-13 14:33 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-01-13 14:33 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-01-13 14:33 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2007-01-13 14:33 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-13 14:33 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-01-13 14:33 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-01-13 14:33 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2007-01-13 14:33 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2007-01-13 14:33 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-01-13 14:33 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-01-13 14:33 <DIR> d-------- C:\WINDOWS\provisioning
2007-01-13 14:33 <DIR> d-------- C:\WINDOWS\peernet
2007-01-13 14:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-01-13 14:26 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2007-01-13 14:24 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-13 14:20 <DIR> d-------- C:\WINDOWS\EHome
2007-01-13 13:37 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-01-13 13:37 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-01-13 13:37 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-01-13 13:37 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-01-13 13:37 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-01-13 13:37 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-01-13 13:37 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-01-13 13:37 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-01-13 11:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Office Genuine Advantage
2007-01-13 06:00 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\Azureus
2007-01-13 05:59 <DIR> d-------- C:\Program Files\Azureus
2007-01-13 05:56 <DIR> d-------- C:\Program Files\Java
2007-01-13 05:53 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-13 02:12 <DIR> d-------- C:\Program Files\Haali
2007-01-12 08:21 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\COWON
2007-01-12 08:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-12 06:41 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-01-11 16:07 <DIR> d-------- C:\WINDOWS\system32\WAV
2007-01-11 16:07 <DIR> d-------- C:\Program Files\USB_PS2 Vibration Pad
2007-01-11 15:06 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\Leadertech
2007-01-11 14:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\nView_Profiles
2007-01-10 21:55 225,280 --a------ C:\WINDOWS\system32\UAService7.exe
2007-01-10 21:45 <DIR> d-------- C:\Program Files\Serials 2000
2007-01-09 20:38 <DIR> d-------- C:\DOCUME~1\Hothayfa\Application Data\Google
2007-01-09 20:36 <DIR> d-------- C:\Program Files\Google
2007-01-09 12:16 1,295,582 --a------ C:\WINDOWS\system\cygwin1.dll
2007-01-05 22:22 <DIR> d-------- C:\Program Files\7-Zip
2006-12-30 23:44 <DIR> d-------- C:\Teton
2006-12-30 23:28 93,184 --a------ C:\WINDOWS\system\MVMCI2.DLL
2006-12-30 23:28 7,168 --a------ C:\WINDOWS\system\DISPDIB.DLL
2006-12-30 23:28 53,760 --a------ C:\WINDOWS\system\MVSRCH2.DLL
2006-12-30 23:28 52,224 --a------ C:\WINDOWS\system\MVFS2.DLL
2006-12-30 23:28 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2006-12-30 23:28 286,704 --a------ C:\WINDOWS\system\MVIEWER2.EXE
2006-12-30 23:28 24,576 --a------ C:\WINDOWS\system\MVTITLE2.DLL
2006-12-30 23:28 21,008 --a------ C:\WINDOWS\system\CTL3D.DLL
2006-12-30 23:28 19,968 --a------ C:\WINDOWS\system\MVBRKR2.DLL
2006-12-30 23:28 181 --a------ C:\WINDOWS\system\MVWR.REG
2006-12-30 23:28 161,280 --a------ C:\WINDOWS\system\MVFTSUI2.DLL
2006-12-30 23:28 138,864 --a------ C:\WINDOWS\system\MVBMP2.DLL
2006-12-30 23:28 12,288 --a------ C:\WINDOWS\system\MVAPI2.DLL
2006-12-30 23:28 <DIR> d-------- C:\WINDOWS\A3W_DATA
2006-12-30 23:28 <DIR> d-------- C:\DISEASES
2006-12-27 21:19 172,032 --a------ C:\WINDOWS\JAPI2.DLL
2006-12-27 21:19 109,840 --a------ C:\WINDOWS\VidCap32.exe
2006-12-27 21:19 106,496 --a------ C:\WINDOWS\JAPI.DLL
2006-12-27 21:19 102,400 --a------ C:\WINDOWS\MMVEM.EXE
2006-12-26 16:27 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-12-26 15:34 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2006-12-26 15:34 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-26 15:34 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-12-26 15:31 81,920 --a------ C:\WINDOWS\system32\VM303STI.dll
2006-12-26 15:31 61,440 --a------ C:\WINDOWS\VM303_STI.EXE
2006-12-26 15:31 53,248 --a------ C:\WINDOWS\Sti303.exe
2006-12-26 15:31 32,768 --a------ C:\WINDOWS\VMZoom.exe
2006-12-26 15:31 24,576 --a------ C:\WINDOWS\VMPipe.dll
2006-12-26 15:31 176,128 --a------ C:\WINDOWS\amcap.exe
2006-12-26 15:31 102,400 --a------ C:\WINDOWS\VM303Cap.exe
2006-12-26 15:31 <DIR> d-------- C:\WINDOWS\CatRoot
2006-12-26 15:30 390,849 --a------ C:\WINDOWS\system32\drivers\usbVM303.sys
2006-12-26 15:30 <DIR> d-------- C:\WINDOWS\EffectResources
2006-12-26 15:30 <DIR> d-------- C:\Program Files\Vimicro


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-22 14:11 -------- d-------- C:\DOCUME~1\Hothayfa\Application Data\utorrent
2007-01-22 13:44 -------- d-------- C:\Program Files\mozilla firefox
2007-01-21 13:23 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-21 00:22 -------- d--h----- C:\Program Files\installshield installation information
2007-01-20 20:51 -------- d-------- C:\Program Files\msn messenger
2007-01-20 15:34 -------- d-------- C:\Program Files\utorrent
2007-01-20 15:33 -------- d-------- C:\Program Files\poweriso
2007-01-20 15:24 -------- d-------- C:\Program Files\dap
2007-01-20 15:23 -------- d-------- C:\Program Files\daemon tools
2007-01-20 15:20 -------- d-------- C:\Program Files\Common Files\lightscribe
2007-01-20 15:20 -------- d-------- C:\Program Files\Common Files\justdo
2007-01-19 17:48 -------- d-------- C:\Program Files\grisoft
2007-01-14 18:30 -------- d-------- C:\Program Files\messenger
2007-01-14 12:59 -------- d---s---- C:\DOCUME~1\Hothayfa\Application Data\microsoft
2007-01-13 14:40 96256 --a------ C:\WINDOWS\system32\drivers\sptd0829.sys
2007-01-13 14:33 -------- d-------- C:\Program Files\movie maker
2007-01-13 14:29 -------- d-------- C:\Program Files\windows nt
2007-01-13 12:20 -------- d-------- C:\Program Files\ffdshow
2007-01-13 06:50 -------- d-------- C:\DOCUME~1\Hothayfa\Application Data\adobeum
2007-01-12 08:18 -------- d-------- C:\DOCUME~1\Hothayfa\Application Data\real
2007-01-12 08:17 -------- d-------- C:\Program Files\Common Files\real
2007-01-11 10:28 -------- d-------- C:\Program Files\ringvoiz dialer
2007-01-10 12:53 -------- d-------- C:\DOCUME~1\Hothayfa\Application Data\adobe
2006-12-26 15:30 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-15 14:59 -------- d-------- C:\Program Files\divx subtitle displayer
2006-12-14 02:27 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-01 04:54 -------- d-------- C:\Program Files\Common Files\easyinfo
2006-11-30 16:26 -------- d-------- C:\Program Files\Common Files\directx
2006-11-24 21:35 -------- d-------- C:\Program Files\adultpdf
2006-11-10 01:19 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-11-08 07:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\system32\msxml6.dll
2006-10-22 12:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-10-22 12:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-22 12:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-22 12:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-10-22 12:22 7700480 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-22 12:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-10-22 12:22 5644288 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-22 12:22 5619712 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-10-22 12:22 5255168 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-10-22 12:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-10-22 12:22 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-10-22 12:22 4527488 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-10-22 12:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-22 12:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-10-22 12:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-22 12:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-22 12:22 3203072 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-10-22 12:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-10-22 12:22 3047424 --a------ C:\WINDOWS\system32\nvgames.dll
2006-10-22 12:22 2973696 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-10-22 12:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-10-22 12:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-10-22 12:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-10-22 12:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-22 12:22 212992 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-22 12:22 208896 --------- C:\WINDOWS\system32\nvudisp.exe
2006-10-22 12:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-10-22 12:22 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-10-22 12:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-10-22 12:22 1622016 --a------ C:\WINDOWS\system32\nwiz.exe
2006-10-22 12:22 159810 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-22 12:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-10-22 12:22 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-10-22 12:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-10-22 12:22 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-10-22 12:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-10-22 12:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-10-07 04:50 62 --ahs---- C:\DOCUME~1\Hothayfa\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"PVR Agent"="C:\\Program Files\\XTREME Multimedia\\PVR Plus\\TVR\\Scheduled.exe"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"BigDog303"="C:\\WINDOWS\\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"Generic Host Process"="C:\\WINDOWS\\System32\\scvhost.exe"
"Norton Ghost 9.0"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"PVR Agent"="C:\\Program Files\\XTREME Multimedia\\PVR Plus\\TVR\\Scheduled.exe"
"SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Generic Host Process"="C:\\WINDOWS\\System32\\scvhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bilal.LNK]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Bilal.LNK"
"backup"="C:\\WINDOWS\\pss\\Bilal.LNKCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Prayer\\Prayer.exe "
"item"="Bilal"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Remote Control.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Remote Control.lnk"
"backup"="C:\\WINDOWS\\pss\\Remote Control.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\XTREME~1\\DIGITA~1\\C7XRCtl.exe "
"item"="Remote Control"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Ulead Photo Express 3.0 SE Calendar Checker.lnk"
"backup"="C:\\WINDOWS\\pss\\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ULEADS~1\\ULEADP~1.0SE\\CalCheck.exe "
"item"="Ulead Photo Express 3.0 SE Calendar Checker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cydoor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CD_Load"
"hkey"="HKLM"
"command"="CD_Load.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Generic Host Process]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="scvhost"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\scvhost.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_5618428]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"D:\\Encyclopedia Encarta 2007\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L07AXLRD_842351]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"D:\\Encyclopedia Encarta 2007\\Microsoft Student with Encarta Premium 2007 DVD\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="scvhost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\scvhost.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GhostTray"
"hkey"="HKLM"
"command"="C:\\Program Files\\Symantec\\Norton Ghost\\Agent\\GhostTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRTCLK]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVRTClk"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\NVRTCLK\\NVRTClk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PVR Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Scheduled"
"hkey"="HKLM"
"command"="C:\\Program Files\\XTREME Multimedia\\PVR Plus\\TVR\\Scheduled.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PWRISOVM"
"hkey"="HKLM"
"command"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="scvhost"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\scvhost.exe"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\setup.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ATKSGT
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_LIRSGT



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070118-085639-627
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe
backup-20070118-085639-599
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
backup-20070118-085639-203
O4 - HKLM\..\Run: [Cydoor] CD_Load.exe
backup-20070118-085639-303
F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-22 14:17:31


Code:
2007-01-22,14:23:35

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet>  [(Verified)Yahoo! Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Zone Labs Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe">  [(Verified)Zone Labs, LLC]
    <SmcService><C:\PROGRA~1\Sygate\SPF\smc.exe -startgui>  [(Verified)Sygate Technologies, Inc.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <PVR Agent><C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe>  [N/A]
    <RemoteControl><"C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
    <DownloadAccelerator><"C:\Program Files\DAP\DAP.EXE" /STARTUP>  [Speedbit Ltd.]
    <PWRISOVM.EXE><C:\Program Files\PowerISO\PWRISOVM.EXE>  [PowerISO Computing, Inc.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WINDOW~4\MpShHook.dll>  [(Verified)Microsoft Corporation]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <CTFMON.EXE><; C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Cydoor><; CD_Load.exe>  [N/A]
    <DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
    <DownloadAccelerator><; "C:\Program Files\DAP\DAP.EXE" /STARTUP>  [Speedbit Ltd.]
    <Generic Host Process><; C:\WINDOWS\System32\scvhost.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <L07AXLRD_5618428><; "D:\Encyclopedia Encarta 2007\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m>  [(Verified)Microsoft Corporation]
    <L07AXLRD_842351><; "D:\Encyclopedia Encarta 2007\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; C:\WINDOWS\System32\scvhost.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <Norton Ghost 9.0><; C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe>  [N/A]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <NVRTCLK><; C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe>  []
    <nwiz><; nwiz.exe /install>  [N/A]
    <PVR Agent><; C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe>  [N/A]
    <PWRISOVM.EXE><; C:\Program Files\PowerISO\PWRISOVM.EXE>  [PowerISO Computing, Inc.]
    <RemoteControl><; "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe">  [Cyberlink Corp.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Run><; C:\WINDOWS\System32\scvhost.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SmcService><; C:\PROGRA~1\Sygate\SPF\smc.exe -startgui>  [(Verified)Sygate Technologies, Inc.]
    <SSC_UserPrompt><; "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe">  [N/A]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Yahoo! Pager><; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Zone Labs Client><; "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe">  [(Verified)Zone Labs, LLC]

==================================
Startup Folders
[Adobe Reader Speed Launch.lnk.disa]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
Services
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
  <C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe><GRISOFT, s.r.o.>
[GEARSecurity / GEARSecurity][Running/Auto Start]
  <C:\WINDOWS\System32\GEARSec.exe><GEAR Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <C:\Program Files\Common Files\LightScribe\LSSrvc.exe><Hewlett-Packard Company>
[Network Location Awareness (NLA) / Nla][Running/Boot Start]
  <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Sygate Personal Firewall Pro / SmcService][Running/Auto Start]
  <C:\Program Files\Sygate\SPF\smc.exe><Sygate Technologies, Inc.>
[Symantec Core LC / Symantec Core LC][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>
[SecuROM User Access Service (V7) / UserAccess7][Running/Auto Start]
  <C:\WINDOWS\System32\UAService7.exe><Sony DADC Austria AG.>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
  <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

==================================
Drivers
[ACEDRV07 / ACEDRV07][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ACEDRV07.sys><Protect Software GmbH>
[ALi PCI to USB Enhanced Host Controller / ALIEHCD][Running/Auto Start]
  <System32\Drivers\ALIEHCI.sys><ALi Corporation>
[USB2.0 Root Hub / aliroothub][Running/Manual Start]
  <System32\DRIVERS\AliRtHub.sys><ALi Corporation>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG7 Kernel / Avg7Core][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
  <\SystemRoot\system32\drivers\avgclean.sys><GRISOFT, s.r.o.>
[TV878 Video Capture / BT848][Running/Auto Start]
  <system32\drivers\cxvcap.sys><Windows (R) Server 2003 DDK provider>
[TV878 Crossbar / BTXBAR][Running/Auto Start]
  <system32\drivers\CXXBAR.sys><Conexant Systems, Inc.>
[SoundFusion(tm) WDM Driver / cwrwdm][Running/Manual Start]
  <System32\DRIVERS\cwrwdm.sys><Crystal Semiconductor Corp.>
[TV878 Tuner / CXTUNER][Running/Auto Start]
  <system32\drivers\CXTUNER.sys><Conexant Systems, Inc.>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><N/A>
[D-Link PCI Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <System32\DRIVERS\dlkfet5b.sys><D-Link>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[sony_ssm.sys / sony_ssm.sys][Stopped/Manual Start]
  <\??\C:\DOCUME~1\Hothayfa\LOCALS~1\Temp\sony_ssm.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[srescan / srescan][Running/Boot Start]
  <\SystemRoot\System32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[symlcbrd / symlcbrd][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\symlcbrd.sys><Symantec Corporation>
[Teefer for NT / Teefer][Running/Boot Start]
  <\SystemRoot\SYSTEM32\Drivers\Teefer.sys><Sygate Technologies, Inc.>
[TVICHW32 / TVICHW32][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
[vsdatant / vsdatant][Running/System Start]
  <System32\vsdatant.sys><Zone Labs, LLC>
[SyGate for NT, wg3n / wg3n][Running/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg3n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg4n / wg4n][Running/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg5n / wg5n][Running/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
[SyGate for NT, wg6n / wg6n][Running/Auto Start]
  <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
[WINFLASH / WINFLASH][Stopped/Manual Start]
  <\??\D:\Programmes\BIOS UPGRADE\WinFlash 184\WinFlash.sys><N/A>
[wpsdrvnt / wpsdrvnt][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys><Sygate Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[A4 TECH PC Camera H / ZSMC303][Running/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>
[lirsgt / lirsgt][Running/Auto Start]
  <system32\DRIVERS\lirsgt.sys><N/A>
[atksgt / atksgt][Running/Auto Start]
  <system32\DRIVERS\atksgt.sys><N/A>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MegaUpload>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Encarta Web Companion Helper Object]
  {955BE0B8-BC85-4CAF-856E-8E0D8B610560} <C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL, Microsoft Corporation>
[SnapFlash Class]
  {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} <C:\Program Files\Common Files\justDo\Jd2002.dll, justDo Software>
[Java Plug-in 1.5.0_10]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[Flash Catcher]
  {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} <, N/A>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Encarta Search Bar]
  {B205A35E-1FC4-4CE3-818B-899DBBB3388C} <C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL, Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Yahoo! Messenger]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe, Yahoo! Inc.>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Encarta Web Companion]
  {147D6308-0614-4112-89B1-31402F9B82C4} <C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL, Microsoft Corporation>
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MegaUpload>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[Symantec RuFSI Utility Class]
  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Java Plug-in 1.5.0_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Microsoft Office Spreadsheet 11.0]
  {0002E559-0000-0000-C000-000000000046} <C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL, Microsoft Corporation>
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Encarta Web Companion]
  {147D6308-0614-4112-89B1-31402F9B82C4} <C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL, Microsoft Corporation>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Reporte Class]
  {4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MegaUpload>
[]
  {4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
  {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[ControlConexion Class]
  {6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Catcher Class]
  {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} <C:\Program Files\Common Files\justDo\IECatcher.dll, justDo Software>
[Encarta Web Companion Helper Object]
  {955BE0B8-BC85-4CAF-856E-8E0D8B610560} <C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL, Microsoft Corporation>
[Panda ActiveScan]
  {96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[SnapFlash Class]
  {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} <C:\Program Files\Common Files\justDo\Jd2002.dll, justDo Software>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>
[Messenger Class]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[&Clean Traces]
  <C:\Program Files\DAP\Privacy Package\dapcleanerie.htm, N/A>
[&Download with &DAP]
  <C:\Program Files\DAP\dapextie.htm, N/A>
[&Yahoo! Search]
  <file:///C:\Program Files\Yahoo!\Common/ycsrch.htm, N/A>
[Download &all with DAP]
  <C:\Program Files\DAP\dapextie2.htm, N/A>
[Save Flash with Flash Catcher]
  <res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm, N/A>
[Yahoo! &Dictionary]
  <file:///C:\Program Files\Yahoo!\Common/ycdict.htm, N/A>
[Yahoo! &Maps]
  <file:///C:\Program Files\Yahoo!\Common/ycmap.htm, N/A>
[Yahoo! &SMS]
  <file:///C:\Program Files\Yahoo!\Common/ycsms.htm, N/A>

==================================
Running Processes
[PID: 508][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\Program Files\Windows Defender\MsMpEng.exe]  [Microsoft Corporation, 1.1.1593.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.91]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.91]
[PID: 1000][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1324][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 1340][C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe]  [GRISOFT, s.r.o., 7.5.0.420]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\Grisoft\AVG7\avglog.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgcfg.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgklib.dll]  [GRISOFT, s.r.o., 7.5.0.424]
    [C:\Program Files\Grisoft\AVG7\avglng.dll]  [GRISOFT, s.r.o., 7.5.0.429]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 1392][C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe]  [GRISOFT, s.r.o., 7.5.0.420]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1444][C:\WINDOWS\System32\GEARSec.exe]  [GEAR Software, 1, 0, 0, 6]
[PID: 1464][C:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.4.39.1]
    [C:\Program Files\Common Files\LightScribe\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\LightScribe\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1488][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\System32\nvapi.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 1560][C:\Program Files\Sygate\SPF\smc.exe]  [Sygate Technologies, Inc., 5.6.00.3408]
    [C:\Program Files\Sygate\SPF\Trident.dll]  [Sygate Technologies, Inc., 5, 5, 0, 0]
    [C:\Program Files\Sygate\SPF\tfman.dll]  [Sygate Technologies, Inc., 1.62.1200.0]
    [C:\Program Files\Sygate\SPF\tse.dll]  [N/A, N/A]
    [C:\Program Files\Sygate\SPF\DataMan.dll]  [Sygate Technologies, Inc., 5. 5. 0. 0]
    [C:\Program Files\Sygate\SPF\PSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 0]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
    [C:\Program Files\Sygate\SPF\SpNet.dll]  [N/A, N/A]
    [C:\Program Files\Sygate\SPF\IdsTrafficPipe.dll]  [Sygate Technologies, Inc., 5. 5. 0. 0]
    [C:\Program Files\Sygate\SPF\wpsman.dll]  [Sygate Technologies, Inc., 5, 5, 0, 0]
    [C:\Program Files\Sygate\SPF\wsman.dll]  [Sygate Technologies, Inc., 2, 3, 3115, 0]
    [C:\Program Files\Sygate\SPF\wgman.dll]  [Sygate Technologies, Inc., 1.01.1222]
    [C:\Program Files\Sygate\SPF\SyLog.dll]  [Sygate Technologies, Inc., 5. 5. 0. 0]
    [C:\Program Files\Sygate\SPF\Netport.dll]  [Sygate Technologies, Inc., 5, 5, 0, 0]
    [C:\Program Files\Sygate\SPF\SyLink.dll]  [N/A, N/A]
[PID: 1768][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.91]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.91]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\nvshell.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\7-Zip\7-zip.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  [Yahoo! Inc., 2004, 11, 23, 1]
    [C:\Program Files\PowerISO\PWRISOSH.DLL]  [PowerISO Computing, Inc., 3, 0, 0, 0]
    [C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL]  [Speedbit Ltd., 8, 0, 0, 2]
    [C:\Program Files\Grisoft\AVG7\avgse.dll]  [GRISOFT, s.r.o., 7.5.0.409]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [C:\WINDOWS\System32\CmdLineExt.dll]  [Sony DADC Austria AG., 1,0,201,0]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
    [C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll]  [Sun Microsystems, Inc., 5.0.100.3]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
    [C:\WINDOWS\system32\dxmasf.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll]  [Ahead Software AG, 1,2,10, 2305]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 6.0]
    [C:\WINDOWS\system32\quartz.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\devenum.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\VM303Prp.Ax]  [Vimicro, 3.5.1025. 9]
    [C:\WINDOWS\System32\qcap.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\wiasf.ax]  [N/A, N/A]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[PID: 1820][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1832][C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe]  [Symantec Corporation, 1.9.1.762]
    [C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll]  [Symantec Corporation, 1.9.1.762]
    [C:\WINDOWS\system32\MSVCR71.DLL]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1848][C:\WINDOWS\System32\UAService7.exe]  [Sony DADC Austria AG., 1,2,0,2]
[PID: 824][C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe]  [Cyberlink Corp., 6.00.1027]
    [C:\Program Files\ASUSTeK\ASUSDVD\CLRCEngine2.dll]  [CyberLink Corp., 3.2.2021 ]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 1700][C:\Program Files\PowerISO\PWRISOVM.EXE]  [PowerISO Computing, Inc., 3, 0, 0, 0]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 2272][C:\WINDOWS\VM303_STI.EXE]  [Vimicro, 3, 5, 930, 9]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\devenum.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\VM303Prp.Ax]  [Vimicro, 3.5.1025. 9]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 2364][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2680][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 2736][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 480][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 10040][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 6428][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]
[PID: 6316][C:\Documents and Settings\Hothayfa\Desktop\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\SSSensor.dll]  [Sygate Technologies, Inc., 5. 5. 0. 5]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hiya,

Launch SREng (System Repair Engineer)

Select 'Boot Items'
  • Click on 'Registry'
  • Select each of the following entries listed below & click the [Delete Seleted] button

<load><>
<Cydoor><; CD_Load.exe>
<Generic Host Process><; C:\WINDOWS\System32\scvhost.exe>
<Load><; C:\WINDOWS\System32\scvhost.exe>
<Run><; C:\WINDOWS\System32\scvhost.exe>


----------------------------------------------------------

The instances I see of svchost.exe are legit and normal for your system.

I'm not finding any malware lurking in these logs. I do notice however, that you are running 2 Firewalls--Sygate and ZoneAlarm and I should have noticed that earlier. Again, never a good idea so please choose 1 and uninstall the other via the Add/Remove programs.

After you've uninstalled one of them, I'd like you to run an online scan at Bitdefender:

Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Leave the scanning options at default and press "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and post it in your next reply along with a new Hijack This log

How many user accounts are on this system?
 

·
Registered
Joined
·
132 Posts
hi again

Dear Ried

I've done all what you asked me to do and deleted all the files from the registry except one file which i didn't find in the list which is

<load><>

But I'm still suffering from the so slow PC!!! What is the cause in ur opinion???

However here you are the BitDefender report :

View attachment BitDefender.doc

& here is the new HijackThis.log :

View attachment hijackthis.txt

Sincerely
Abdurrahman

Logfile of HijackThis v1.99.1
Scan saved at 02:24:28 ã, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Prayer\Prayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\QuickWiz\EasyLingo\ELINGO.EXE
C:\Program Files\Common Files\GuruNet Shared\agtserv.exe
C:\Program Files\QuickWiz\EasyLingo\wdtspeak.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Programmes\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Encarta Web Companion Helper Object - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Zone Labs Client] ; "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SmcService] ; C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PVR Agent] ; C:\Program Files\XTREME Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [RemoteControl] ; "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] ; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] ; "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PWRISOVM.EXE] ; C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ccApp] ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] ; C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NVRTCLK] ; C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [SSC_UserPrompt] ; "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{1D8D7~1\setup.exe /reboot /z
O4 - HKLM\..\RunOnce: [tv_enua] RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, RemoveCabinet
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [L07AXLRD_5618428] ; "D:\Encyclopedia Encarta 2007\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [L07AXLRD_842351] ; "D:\Encyclopedia Encarta 2007\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE" -m
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Bilal.lnk = C:\Program Files\Prayer\Prayer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hi,

I'm still not seeing any malware. I do still see 2 Firewalls installed--you need to uninstall one of them. Choose either Sygate or ZoneAlarm and uninstall the other.

I'll need a bit more detail from you. Is just the internet slow, or the entire computer? Any detail you could provide may prove helpful.

Let's try disabling AVG A-S from running at start up and you can just call it into service when needed. To do this, right click on the AVG A/S system tray icon, and uncheck Start with Windows. Also disable it's real time protection, as this will also use system resources, and will time out at the end of the trial period in 30 days:

Open AVG Anti-Spyware.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #15 ·
Greeting to you Ried:wave:

Now I've uninstalled the Zone Alarm firewall.

About my computer it became slow about 3 weeks ago started with the construction of the high speed network.
Now it is :upset: slow, but when I connect to the network it becomes :upset: :upset: :upset: very slow !!!!!!!

I've done the AVG A-S process. There is a bit increase in the speed, but not satisfactory

However another problem now is appearing which I don't know if it is related to our subject or not, however, here it is:
There are a many site the wont be opened, every time i try to log into them the browser says the page can't be displayed in the same time I'm browsing other site, these site such as : Yahoo, Hotmail, Gamespot,........
These are some of the site i'm usually surfing, but who knows what about other sites!!!

That's all for now
Sincerely
Abdurrahman
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hiya,

I'd like you to run combofix.exe and SREng again, in that order:

-------------------------------------

Close any open browsers.

-------------------------------------


Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Double click SREng.exe to run it
  • Select 'Smart Scan' & tick "Verify Digital Signatures"
  • Click on the [Scan] button
  • When finished, click on the [Save Reports] button & save the log to Desktop

Attach the log in your next reply. Dont post it.

You may have to rename SREngLOG.log to SREngLOG.txt to upload it.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #17 ·
Please Heeeelllllllpppp!!!

Hi so Dear Ried

I couldn't do what you asked me to do :sigh: :sigh:
Because I'm suffering from a big catastroph & I need your instant help, so please be with me in such a problem. :sigh: :sigh:
MY WIN XP HAS GONE
After I've saved the log files in the desktop and are ready to post them to you, I noticed that the net connection wont be opened, so I restarted my PC; and here comes the matter. An erorr screen appeared while trying to load windows saying a missing files & windows can't load without them so you should try to repair using your original cd.
In harry & with no sense & without taking the names of the missing files I ineserted the windows CD, Boot from it, and after searching for previous win installations I pressed "R" to start the repair then after performing the copy of needed files by the setup & after restaring my PC, a continuation of the repair process came, & here comes the problem, the process stops at installing windows\installing devices step and the time left indicated is 34min.
I've tryed again and again to reapeat such a process but in vain, eachtime the same stopage occurs, also I waited for long time to allow the continuation of the process but, the windows installation is running & it is not & the time left is the same 34min without any progress.
Please, help me to regain that windows as it is my life & it is very precious for me. I'm talking to you from another copy of windows I installed in the same PC but in a different Drive & I've only 28 days left using this windows. please help me.I don't have a backup of my previous win, or I've had one but I deleted it for my stupidness. I know it is not related to our topic so you can guid me where to post, that would be also of a great support, please!!?
PLEASE HELP ME TO GET IT BACK
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
Hello Abdurrahman,

I'm sorry to hear about this turn of events. :sad:

I think it's best you let the experts in the Windows XP section guide you from here.
 

·
Registered
Joined
·
132 Posts
Discussion Starter · #19 ·
I'll

Hello dear Ried,

I'll do the post in that forum, then I'll get back to you if I get my win back.
I'll miss you until that time.

Sincerely
Abdurrahman
 

·
TSF Security Manager, Emeritus
Joined
·
42,836 Posts
I'll be waiting for you--good luck! :sayyes:
 
1 - 20 of 20 Posts
Status
Not open for further replies.
Top