logfile of trend micro hijackthis v2.0.2
scan saved at 01:35:47 ص, on 21/02/2011
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp3 (6.00.2900.5512)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\alwil software\avast5\afwserv.exe
c:\program files\alwil software\avast5\avastsvc.exe
c:\windows\system32\spoolsv.exe
c:\program files\common files\motive\mccicmservice.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\explorer.exe
c:\windows\rthdcpl.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\real\realplayer\update\realsched.exe
c:\program files\alwil software\avast5\avastui.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\program files\fahess\mccitrayapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe
c:\windows\system32\wuauclt.exe
c:\program files\mcafee security scan\2.0.181\ssscheduler.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\windows live\toolbar\wltuser.exe
c:\program files\windows media player\wmplayer.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\contacts\wlcomm.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page = http://search.live.com
r0 - hklm\software\microsoft\internet explorer\search,searchassistant = http://search.live.com/sphome.aspx
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
o2 - bho: Search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\gra8e1~1.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [tkbellexe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
o4 - hklm\..\run: [avast5] "c:\program files\alwil software\avast5\avastui.exe" /nogui
o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 10.0\reader\reader_sl.exe"
o4 - hklm\..\run: [adobe arm] "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hklm\..\run: [fahess_mccitrayapp] "c:\program files\fahess\mccitrayapp.exe"
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - startup: Imvu.lnk = ?
O4 - global startup: Mcafee security scan plus.lnk = ?
O8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\mi1933~1\office12\excel.exe/3000
o8 - extra context menu item: Google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_e117 12c84ea7e12b.dll/cmsidewiki.html
o9 - extra button: تدوين هذا في المدونة - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &تدوين هذا في windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\mi1933~1\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\mi1933~1\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\mi1933~1\office12\refiebar.dll
o9 - extra button: Run imvu - {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\إح ـسآس روح\قائمة ابدأ\البرامج\imvu\run imvu.lnk
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=39204
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (mu************control class) - http://www.update.microsoft.com/micr...?1295641627062
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\progra~1\mi1933~1\office12\gr99d3~1.dll
o23 - service: Avast! Antivirus - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: Avast! Firewall - avast software - c:\program files\alwil software\avast5\afwserv.exe
o23 - service: خدمة تحديث google (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Mccicmservice - alcatel-lucent - c:\program files\common files\motive\mccicmservice.exe
o23 - service: Mcafee security scan component host service (mccomponenthostservice) - mcafee, inc. - c:\program files\mcafee security scan\2.0.181\mcchsvc.exe
--
end of file - 7178 bytes

logfile of trend micro hijackthis v2.0.2
scan saved at 0251 ص, on 21/02/2011
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp3 (6.00.2900.5512)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\alwil software\avast5\afwserv.exe
c:\program files\alwil software\avast5\avastsvc.exe
c:\windows\system32\spoolsv.exe
c:\program files\common files\motive\mccicmservice.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\windows\system32\wuauclt.exe
c:\windows\explorer.exe
c:\windows\rthdcpl.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\real\realplayer\update\realsched.exe
c:\program files\alwil software\avast5\avastui.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\program files\fahess\mccitrayapp.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\ctfmon.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\mcafee security scan\2.0.181\ssscheduler.exe
c:\windows\system32\wuauclt.exe
c:\program files\windows live\contacts\wlcomm.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\windows live\toolbar\wltuser.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page = http://search.live.com
r0 - hklm\software\microsoft\internet explorer\search,searchassistant = http://search.live.com/sphome.aspx
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrow serrecordplugin.dll
o2 - bho: Search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mi1933~1\office12\gra8e1~1.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [tkbellexe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
o4 - hklm\..\run: [avast5] "c:\program files\alwil software\avast5\avastui.exe" /nogui
o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 10.0\reader\reader_sl.exe"
o4 - hklm\..\run: [adobe arm] "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hklm\..\run: [fahess_mccitrayapp] "c:\program files\fahess\mccitrayapp.exe"
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - startup: Imvu.lnk = ?
O4 - global startup: Mcafee security scan plus.lnk = ?
O8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\mi1933~1\office12\excel.exe/3000
o8 - extra context menu item: Google sidewiki... - res://c:\program files\google\google toolbar\component\googletoolbardynamic_mui_en_e117 12c84ea7e12b.dll/cmsidewiki.html
o9 - extra button: تدوين هذا في المدونة - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &تدوين هذا في windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\mi1933~1\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\mi1933~1\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\mi1933~1\office12\refiebar.dll
o9 - extra button: Run imvu - {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\إح ـسآس روح\قائمة ابدأ\البرامج\imvu\run imvu.lnk
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) - http://go.microsoft.com/fwlink/?linkid=39204
o16 - dpf: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (mu************control class) - http://www.update.microsoft.com/micr...?1295641627062
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\progra~1\mi1933~1\office12\gr99d3~1.dll
o23 - service: Avast! Antivirus - avast software - c:\program files\alwil software\avast5\avastsvc.exe
o23 - service: Avast! Firewall - avast software - c:\program files\alwil software\avast5\afwserv.exe
o23 - service: خدمة تحديث google (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Mccicmservice - alcatel-lucent - c:\program files\common files\motive\mccicmservice.exe
o23 - service: Mcafee security scan component host service (mccomponenthostservice) - mcafee, inc. - c:\program files\mcafee security scan\2.0.181\mcchsvc.exe
--
end of file - 7110 bytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5824
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
22/02/2011 1218 ص
mbam-log-2011-02-22 (00-31-18).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 190944
Time elapsed: 27 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)