Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help please [CLOSED]


  • This topic is locked This topic is locked

#1
mosheOofnik

mosheOofnik

    New Member

  • Member
  • Pip
  • 3 posts
Hello there dear geeks,

Lately, my computer is slower than ever and in the last week it started freezing completely while I was working on some picture files. It sent an error message about a memory problem and then halted with no way to close a window or even activate the task manager. I had to turn it off manually and reboot. Since then, this case happened again and again and it even couldn't reboot once for a whole night.

I just ran HJT and got this log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:07:05, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SpearCast BHO - {93AE98A9-E4F6-4F76-BD98-872FA7D45E51} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Palore - {C44B1312-178E-40A7-8B32-FEC9D6F4A159} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] "D:\Program Files\ASUS\Asus Probe\AsusProb.exe"
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] D:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RayV] "D:\Program Files\RayV\RayV\RayV.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Day/launcher.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11141 bytes


Hope there will be someone who could figure out something of this mess and tell me what should I remove in order to get my computer back on track...

Thanks in advance!
  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo..


Firstly, I personally don't think your slow computer is related with virus/malware, however, we will check it out for you :)


I noticed that you have two antivirus running in your computer
1. AVG7 (outdated and no longer supported by Grisoft.. It has been replaced by AVG8)
2. Symantec Antivirus

This is not good and both antivirus may conflict with each other and hampering your protection potential.. Please uninstall one of your antivirus now.. Please use ONLY ONE antivirus in your computer.. Its your choice to uninstall which one and leave the other...




NEXT


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
mosheOofnik

mosheOofnik

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi there,

first, thanks for the initial help Fenzo. I d/l DSS and here are the logs:

Main.txt:

Deckard's System Scanner v20071014.68
Run by yaara on 2008-07-07 12:09:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-07-07 10:09:42 UTC - RP744 - Deckard's System Scanner Restore Point
23: 2008-07-07 00:40:32 UTC - RP743 - System Checkpoint
22: 2008-07-06 00:37:17 UTC - RP742 - System Checkpoint
21: 2008-07-04 23:39:21 UTC - RP741 - System Checkpoint
20: 2008-07-03 23:33:54 UTC - RP740 - System Checkpoint


-- First Restore Point --
1: 2008-06-14 10:41:45 UTC - RP721 - AutoCAD 2007 - Italiano installato


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as yaara.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:53, on 07/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Skype\Phone\Skype.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\MSN Messenger\livecall.exe
D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroTray.exe
D:\Documents and Settings\yaara\Desktop\dss.exe
D:\WINDOWS\system32\logon.scr
D:\PROGRA~1\TRENDM~1\HIJACK~1\yaara.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SpearCast BHO - {93AE98A9-E4F6-4F76-BD98-872FA7D45E51} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Palore - {C44B1312-178E-40A7-8B32-FEC9D6F4A159} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSUSBRG] D:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ASUS Probe] "D:\Program Files\ASUS\Asus Probe\AsusProb.exe"
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] D:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RayV] "D:\Program Files\RayV\RayV\RayV.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B26018A-1D8D-4C19-9A9B-F6C49453A21D} (LauncherV1 Class) - http://irc.msn.co.il/Day/launcher.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11027 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.pif - piffile - shell\open\command - "%1" %*"
.scr - AutoCADScriptFile - shell\open\command - "D:\WINDOWS\system32\NOTEPAD.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sisidex - d:\windows\system32\drivers\sisidex.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R0 VClone - d:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R1 aslm75 - d:\windows\system32\drivers\aslm75.sys
R2 ElbyCDIO (ElbyCDIO Driver) - d:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 WIBUKEY (WIBU-KEY Kernel Driver) - d:\windows\system32\drivers\wibukey.sys <Not Verified; WIBU-SYSTEMS AG; WIBU-KEY Software Protection System>
R3 ElbyDelay - d:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>

S3 LMImirr - d:\windows\system32\drivers\lmimirr.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 Autodesk Licensing Service - "d:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 Adobe Version Cue CS2 - "d:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-03 01:06:40 0 d-------- D:\Program Files\Trend Micro
2008-07-01 22:26:58 0 dr-h----- D:\Documents and Settings\LocalService\Recent
2008-07-01 10:07:24 0 d-------- D:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-01 10:06:25 0 d-------- D:\Documents and Settings\yaara\Application Data\Webroot
2008-07-01 10:06:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Webroot
2008-07-01 10:06:24 0 d-------- D:\Program Files\Webroot
2008-06-14 12:54:56 0 d-------- D:\Program Files\Sun
2008-06-14 12:44:41 0 d-------- D:\Program Files\AnswerWorks 4.0


-- Find3M Report ---------------------------------------------------------------

2008-07-07 12:42:50 0 d-------- D:\Documents and Settings\yaara\Application Data\Skype
2008-07-07 11:55:12 0 d-------- D:\Documents and Settings\yaara\Application Data\AVG7
2008-07-07 11:42:27 0 d-------- D:\Program Files\Symantec AntiVirus
2008-07-01 22:26:08 0 d-------- D:\Program Files\MSN Messenger
2008-07-01 22:20:19 0 d-------- D:\Program Files\Wisdom-soft ScreenHunter
2008-07-01 01:27:25 2922 --a------ D:\Documents and Settings\yaara\Application Data\RayV.trc
2008-06-21 07:28:56 0 d-------- D:\Program Files\BitComet
2008-06-14 12:54:42 0 d-------- D:\Program Files\Java
2008-06-14 12:46:41 0 d-------- D:\Program Files\AutoCAD 2007
2008-06-14 12:44:55 0 d-------- D:\Program Files\Common Files\Autodesk Shared
2008-06-14 12:37:57 0 d-------- D:\Program Files\Elaborate Bytes
2008-06-08 23:35:50 0 d-------- D:\Documents and Settings\yaara\Application Data\U3
2008-06-05 12:36:11 0 d-------- D:\Program Files\NokiaFREE Unlock Codes Calculator
2008-05-30 23:47:07 0 d-------- D:\Program Files\Babylon
2008-05-26 11:35:59 0 d-------- D:\Documents and Settings\yaara\Application Data\Autodesk
2008-05-26 11:18:13 0 d-------- D:\Program Files\Revit Architecture 2009
2008-05-26 10:52:43 0 d-------- D:\Program Files\Autodesk Student Community Download Tool
2008-05-14 19:25:37 102259 --a------ D:\WINDOWS\hpoins05.dat
2008-05-07 23:21:58 0 d-------- D:\Documents and Settings\yaara\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="D:\WINDOWS\SiSUSBrg.exe" [07/12/2002 12:15 PM]
"SoundMan"="SOUNDMAN.EXE" [11/15/2004 12:20 PM D:\WINDOWS\SOUNDMAN.EXE]
"ASUS Probe"="D:\Program Files\ASUS\Asus Probe\AsusProb.exe" [12/06/2002 04:07 PM]
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 09:05 PM]
"ccApp"="D:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 03:52 PM]
"vptray"="D:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 12:30 PM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"TkBellExe"="D:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/09/2008 10:23 PM]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [06/28/2008 08:34 AM]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"VirtualCloneDrive"="D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 03:21 PM]
"RegistryMechanic"="" []
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Veoh"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"BitComet"="D:\Program Files\BitComet\BitComet.exe" [09/10/2007 02:33 PM]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [10/13/2006 06:20 PM]
"RayV"="D:\Program Files\RayV\RayV\RayV.exe" [04/09/2008 06:54 PM]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
Tasto di scelta rapida per l'avvio di AutoCAD.lnk - D:\Program Files\Common Files\Autodesk Shared\acstart17.exe [05/03/2006 14:43:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=D:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=D:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^yaara^Start Menu^Programs^Startup^Rainlendar.lnk]
backup=D:\WINDOWS\pss\Rainlendar.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"D:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
"D:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
"D:\Program Files\BitComet\BitComet.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
"D:\Program Files\RocketDock\RocketDock.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe Version Cue CS2"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{249d104c-3aa6-11dc-a3fa-0015f2d0dc94}]
auto\command- F:\Knight.exe open
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- F:\Knight.exe open
find\command- F:\Knight.exe open
install\command- F:\Knight.exe open
open\command- F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4323617b-2caa-11dd-a44f-0015f2d0dc94}]
AutoRun\command- F:\ufjtre.exe
explore\Command- F:\ufjtre.exe
open\Command- F:\ufjtre.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489bed3d-80ad-11db-a3c4-0015f2d0dc94}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{989d78dc-d58c-11db-a3d9-0015f2d0dc94}]
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9bc27a9-c356-11db-a3d6-0015f2d0dc94}]
auto\command- Knight.exe open
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- Knight.exe open
find\command- Knight.exe open
install\command- Knight.exe open
open\command- Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eece1c82-befa-11da-a35d-0015f2d0dc94}]
1\Command- .\RECYCLER\RECYCLER\autorun.exe
2\Command- .\RECYCLER\RECYCLER\autorun.exe
AutoRun\command- D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f37bd6-0def-11dd-a440-0015f2d0dc94}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f37bd7-0def-11dd-a440-0015f2d0dc94}]
AutoRun\command- H:\.\run\autorun.exe
open\Command- H:\.\run\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e439aa-4769-11dd-a467-0015f2d0dc94}]
AutoRun\command- F:\amn.exe
explore\Command- F:\amn.exe
open\Command- F:\amn.exe




-- End of Deckard's System Scanner: finished at 2008-07-07 12:45:49 ------------

And the extra.txt:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1022.73 MiB / 395.11 MiB
Pagefile Memory (total/avail): 1692.44 MiB / 1103.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.99 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.65 GiB total, 67.7 GiB free.
D: is Fixed (NTFS) - 55 GiB total, 30.04 GiB free.
E: is CDROM (CDFS)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160P0 - 152.66 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 55 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.526 v7.5.526 (Grisoft)
AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\AdunanzA\\eMule_AdnzA.exe"="D:\\Program Files\\AdunanzA\\eMule_AdnzA.exe:*:Enabled:eMule"
"D:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe"="D:\\Program Files\\@Last Software\\SketchUp 5\\SketchUp.exe:*:Enabled:SketchUp Application"
"D:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="D:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"
"D:\\WINDOWS\\system32\\dpvsetup.exe"="D:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\\WINDOWS\\system32\\rundll32.exe"="D:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="D:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe"="D:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe:*:Enabled:mxcl"
"D:\\Program Files\\Next Limit\\Maxwell\\mxst.exe"="D:\\Program Files\\Next Limit\\Maxwell\\mxst.exe:*:Enabled:mxst"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\WINDOWS\\system32\\rtcshare.exe"="D:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:RTC App Sharing"
"D:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="D:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="D:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"D:\\Program Files\\Kazaa\\kazaa.exe"="D:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"D:\\Program Files\\BitComet\\BitComet.exe"="D:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\\Program Files\\eMule\\emule.exe"="D:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="D:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe"="D:\\Program Files\\Graphisoft\\ArchiCAD 11\\ArchiCAD.exe:*:Enabled:ArchiCAD 11.0.0 Component"
"D:\\Program Files\\RayV\\RayV\\RayV.exe"="D:\\Program Files\\RayV\\RayV\\RayV.exe:*:Enabled:RayV"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\yaara\Application Data
CLASSPATH=.;D:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=NONE-2B2663CA09
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\yaara
LOGONSERVER=\\NONE-2B2663CA09
MAXWELL_ROOT=D:\Program Files\Next Limit\Maxwell
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\Common Files\Adobe\AGL;D:\Program Files\QuickTime\QTSystem\;D:\Program Files\Next Limit\Maxwell\;D:\Program Files\Common Files\Autodesk Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=D:\Program Files
PROMPT=$P$G
QTJAVA=D:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\yaara\LOCALS~1\Temp
TMP=D:\DOCUME~1\yaara\LOCALS~1\Temp
USERDOMAIN=NONE-2B2663CA09
USERNAME=yaara
USERPROFILE=D:\Documents and Settings\yaara
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

yaara (admin)
LogMeInRemoteUser (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Professional --> D:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> D:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=g:\adobe creative suite 2.0/lang=0409
Adobe Flash Player ActiveX --> D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Shockwave Player --> D:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe SVG Viewer 3.0 --> D:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fD:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AIDA32 v3.93 --> "D:\Program Files\AIDA32 - Enterprise System Information\unins000.exe"
ArchiCAD 11 ITA --> D:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.AC\uninstaller.exe
ASUS Probe V2.24.09 --> D:\WINDOWS\uninst.exe -f"D:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"D:\Program Files\ASUS\Asus Probe\probunis.dll"
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2007 - Italiano --> MsiExec.exe /I{5783F2D7-5001-0410-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> D:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Autodesk Student Community Download Tool --> "D:\Program Files\Autodesk Student Community Download Tool\unins000.exe"
AVG 7.5 --> D:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
BitComet 0.93 --> D:\Program Files\BitComet\uninst.exe
CIF USB CAMERA --> D:\WINDOWS\CleanDev.exe D:\WINDOWS\DC3110.txt
DivX Codec --> D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> D:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> D:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Express Burn --> D:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google SketchU 6 Construction Library --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5CF0CC4E-9B63-4E7E-8950-B92C6AA7E3BD}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x10 -removeonly
Google SketchUp 6 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x10 -removeonly
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP PSC & OfficeJet 5.3.B --> "D:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Kazaa 3.2.7 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EC8923CA-D7F5-46E4-98BB-E083E6E1C40D}\Setup.exe" -l0x9 --AddRemove
Lion Heart's Codec Pack --> D:\WINDOWS\iun6002.exe "D:\Program Files\Lion Heart's Codec Pack\irunin.ini"
LiveUpdate 2.6 (Symantec Corporation) --> D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection D:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Maxwell Render --> MsiExec.exe /I{B0F32962-61D7-41AA-AF91-EAF2F24415CE}
MaxwellExport (Version 1.4) --> "D:\Program Files\@Last Software\SketchUp 5\unins000.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{9011040D-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.15) --> D:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
NoAdware v3.0 --> "D:\Program Files\NoAdware3\unins000.exe"
NokiaFREE Unlock Codes Calculator --> "D:\Program Files\NokiaFREE Unlock Codes Calculator\uninst.exe"
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Rainlendar (remove only) --> "D:\Program Files\Rainlendar\uninst.exe"
RayV --> D:\Program Files\RayV\RayV\uninstall.exe
RealPlayer --> D:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
Registry Mechanic 6.0 --> "D:\Program Files\Registry Mechanic\unins000.exe"
Revit Architecture 2009 --> MsiExec.exe /X{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}
RocketDock 1.3.5 --> "D:\Program Files\RocketDock\unins000.exe"
SketchUp 5 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9
SketchUp 5 Architecture Library --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A535CF14-E12F-40B0-B6A3-6E214EA12CD3}\setup.exe" -l0x9 -removeonly
Skype 2.5 --> "D:\Program Files\Skype\Phone\unins000.exe"
SPA - Software --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468BFFBE-CCA1-11D7-82CE-0050BACD94EB} /l1031
Spy Sweeper --> "D:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Symantec AntiVirus --> MsiExec.exe /I{5A633ED0-E5D7-4D65-AB8D-53ED43510284}
Universal Document Converter --> "D:\Program Files\Universal Document Converter\unins000.exe"
V-Ray for SketchUp 6 --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{8D7BD6EE-C597-4375-B07F-A91FC78991C7}\setup.exe" -l0x9 -removeonly
VeohTV BETA --> D:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.5-svn-20051101-1758 --> D:\Program Files\VideoLAN\VLC\uninstall.exe
VirtualCloneDrive --> "D:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="D:\Program Files\Elaborate Bytes\VirtualCloneDrive"
WIBU-KEY Setup (WIBU-KEY Remove) --> D:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Live Messenger --> MsiExec.exe /I{426382FB-4792-44BA-8C6A-CB7C77F61F53}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Wisdom-soft ScreenHunter 4.2 Pro --> D:\PROGRA~1\WISDOM~1\UNWISE.EXE D:\PROGRA~1\WISDOM~1\INSTALL.LOG
ארכיונר WinRAR --> D:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type16044 / Error
Event Submitted/Written: 07/07/2008 11:11:09 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module xvid.dll, version 0.0.0.0, fault address 0x00047d0f.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type16043 / Error
Event Submitted/Written: 07/07/2008 09:55:35 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Backdoor.Graybird in File: D:\DOCUME~1\yaara\LOCALS~1\Temp\$190E6~1.T$M by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type16042 / Error
Event Submitted/Written: 07/07/2008 09:55:34 AM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: Backdoor.Graybird in File: D:\Documents and Settings\yaara\Local Settings\Temp\$190E6D09.t$m by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type16041 / Error
Event Submitted/Written: 07/07/2008 09:55:34 AM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Backdoor.Graybird in File: D:\DOCUME~1\yaara\LOCALS~1\Temp\$190E6~1.T$M by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Event Record #/Type16040 / Error
Event Submitted/Written: 07/07/2008 09:55:10 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Backdoor.Graybird in File: D:\DOCUME~1\yaara\LOCALS~1\Temp\$2D240~1.T$M by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type25927 / Error
Event Submitted/Written: 07/07/2008 11:45:05 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type25926 / Error
Event Submitted/Written: 07/07/2008 11:44:54 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type25925 / Error
Event Submitted/Written: 07/07/2008 11:44:43 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type25924 / Error
Event Submitted/Written: 07/07/2008 11:44:14 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type25881 / Error
Event Submitted/Written: 07/06/2008 10:40:14 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service usnjsvc with arguments ""
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}



-- End of Deckard's System Scanner: finished at 2008-07-07 12:45:49 ------------


Thanks again, hope you can figure out something of it...
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
I can see you still have two antivirus in your computer (Symantec and AVG7).. Please uninstall one of them... Leave the other inside your computer..


Please go to Start >> Run and type or copy/paste the following in the run box: "%userprofile%\desktop\dss.exe" /daft . Then press Enter
  • Click on the Scan button.
  • Select everything it is displaying there
  • Click the Fix button.
  • Then rescan with DAFT again - it should say now that "All associations are OK"
  • Close DAFT if you receive that message. This means that it is fixed now.




NEXT


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    F:\Knight.exe
    F:\ufjtre.exe
    H:\.\run\autorun.exe
    F:\amn.exe
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{249d104c-3aa6-11dc-a3fa-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4323617b-2caa-11dd-a44f-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{489bed3d-80ad-11db-a3c4-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{989d78dc-d58c-11db-a3d9-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9bc27a9-c356-11db-a3d6-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eece1c82-befa-11da-a35d-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f37bd6-0def-11dd-a440-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1f37bd7-0def-11dd-a440-0015f2d0dc94}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4e439aa-4769-11dd-a467-0015f2d0dc94}
    EmptyTemp
    purity
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Please post the following logs in your next reply..

1. OTMoveIt2
2. Malwarebytes'
3. A fresh DSS log (after Malwarebytes' step)..



Regards
fenzodahl512
  • 0

#5
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP