Contents of the Main.txt File
Deckard's System Scanner v20071014.68
Run by msherazshafiq on 2008-05-26 12:56:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
98: 2008-05-26 11:57:18 UTC - RP759 - Deckard's System Scanner Restore Point
97: 2008-05-25 18:50:01 UTC - RP758 - Last known good configuration
96: 2008-05-25 18:49:51 UTC - RP757 - Installed Windows XP Service Pack 3.
95: 2008-05-25 18:49:50 UTC - RP756 - Removed Thinstall Virtualization Suite 3.358
94: 2008-05-25 18:49:50 UTC - RP755 - Restore Operation
-- First Restore Point --
1: 2008-05-25 18:49:21 UTC - RP662 - Update to an unsigned driver
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as msherazshafiq.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:06, on 26/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\msherazshafiq\Desktop\dss.exe
C:\WINDOWS\system32\taskmgr.exe
c:\program files\mcafee\mpf\mc\mpfalert.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\msherazshafiq.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = :: :: IE-Chaji
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {7421A88A-46F6-4D3F-B4AB-3A5C5CD609A8} - C:\WINDOWS\system32\iifgHyVM.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [AccountLogon] "C:\Program Files\AccountLogon\AccountLogon.exe" /regserver
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-msherazshafiq.html
O8 - Extra context menu item: Add to &Windows Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: KIM Plugin - {C090DCD2-0339-4C3F-8441-302449B3ED74} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-msherazshafiq.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-msherazshafiq.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://picasaweb.goo...2/uploader2.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail....es/MSNPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onec...lscbase9563.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1211730206734O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.co.../sysreqlab2.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1169759172252O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by103fd.bay10...ex/HMAtchmt.ocxO16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} -
http://dictionary.re...lbar/lexico.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: khfcbby - khfcbby.dll (file missing)
O20 - Winlogon Notify: khfecbx - khfecbx.dll (file missing)
O20 - Winlogon Notify: wvUmkjJc - wvUmkjJc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 17917 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080524-232421-330 O3 - Toolbar: (no name) - {11359F4A-B191-42D7-905A-594F8CF0387B} - (no file)
backup-20080524-235513-429 O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\msherazshafiq\Application Data\Systweak\ASO 2\smstartUp manager.exe
backup-20080524-235850-993 O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
backup-20080525-000437-487 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
backup-20080525-000929-407 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
backup-20080525-000929-585 O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
backup-20080525-000929-771 O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
backup-20080525-000929-959 O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) -
http://eros10.erosen...0_15_Silent.cabbackup-20080525-000930-193 O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
backup-20080525-004404-579 O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} -
http://static.photob...ploader_uni.cabbackup-20080525-004404-586 O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1".txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
R1 ELhid - c:\windows\system32\drivers\elhid.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELkbd - c:\windows\system32\drivers\elkbd.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmon - c:\windows\system32\drivers\elmon.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 ELmou - c:\windows\system32\drivers\elmou.sys <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R1 NEOFLTR_540_11359 (Juniper Networks TDI Filter Driver (NEOFLTR_540_11359)) - c:\windows\system32\drivers\neofltr_540_11359.sys <Not Verified; Juniper Networks; Secure Application Manager>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
S0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys (file missing)
S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S2 nvcap (nVidia WDM Video Capture (universal)) - c:\windows\system32\drivers\nvcap.sys
S3 alcan5wn (SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 alcaudsl (SpeedTouch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON; SpeedTouch USB>
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys (file missing)
S3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys (file missing)
S3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys (file missing)
S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys (file missing)
S3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys (file missing)
S3 K2220VID (DigitalCam Pro) - c:\windows\system32\drivers\k2220vid.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 motccgp (Motorola USB Composite Device Driver) - c:\windows\system32\drivers\motccgp.sys (file missing)
S3 motccgpfl (MotCcgpFlService) - c:\windows\system32\drivers\motccgpfl.sys (file missing)
S3 MotDev (Motorola Inc. USB Device) - c:\windows\system32\drivers\motodrv.sys (file missing)
S3 motmodem (Motorola USB CDC ACM Driver) - c:\windows\system32\drivers\motmodem.sys (file missing)
S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 StkAMini (Syntek STK1160) - c:\windows\system32\drivers\stkamini.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Video Mini Driver>
S3 StkScan (Syntek STK1160 Still Image) - c:\windows\system32\drivers\stkscan.sys <Not Verified; Syntek America Inc.; Syntek Universal Serial Bus 2.0 Still Image Driver>
S3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys (file missing)
S3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R2 ELService (Intel® Quick Resume Technology Drivers) - "c:\program files\intel\inteldh\intel® quick resume technology\elservice.exe" <Not Verified; Intel Corporation; Intel® Quick Resume Technology>
R2 MySql - c:/mysql/bin/mysqld-nt.exe
R2 StkASSrv (Syntek STK1160 Service) - c:\windows\system32\stkasv2k.exe <Not Verified; Syntek America Inc.; Syntek Hardware Snapshot Launch Application Services>
S2 LBTServ (Logitech Bluetooth Service) - c:\program files\common files\logitech\bluetooth\lbtserv.exe (file missing)
S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_01D11028&REV_01\4&22443A69&0&00E5
Manufacturer: Intel
Name: Intel® PRO/1000 PL Network Connection
PNP Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_01D11028&REV_01\4&22443A69&0&00E5
Service: e1express
Class GUID: {D76B962B-F0B8-41F2-8590-6605FE4EA312}
Description: Bluetooth VComm Manager
Device ID: ROOT\BLUETOOTH\0001
Manufacturer: IVT Corporation
Name: Bluetooth VComm Manager
PNP Device ID: ROOT\BLUETOOTH\0001
Service: VcommMgr
-- Scheduled Tasks -------------------------------------------------------------
2008-05-26 12:10:52 280 --a------ C:\WINDOWS\Tasks\Spyware Detective.job
2008-05-26 01:55:07 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-01 14:56:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-03-15 02:56:56 366 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-07-25 22:31:58 368 --a------ C:\WINDOWS\Tasks\McQcTask.job
-- Files created between 2008-04-26 and 2008-05-26 -----------------------------
2008-05-26 12:24:29 0 d-------- C:\WINDOWS\LastGood
2008-05-25 21:16:54 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 21:15:59 0 d-------- C:\Program Files\ThreatFire
2008-05-25 21:09:31 17408 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-05-25 21:09:28 0 d-------- C:\Program Files\PrevxCSI
2008-05-25 21:09:26 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-25 20:55:23 0 d-------- C:\VundoFix Backups
2008-05-25 19:21:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-25 18:00:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-25 17:37:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-25 17:37:27 0 d-------- C:\Program Files\Webroot
2008-05-25 17:37:27 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Webroot
2008-05-25 17:37:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-25 16:05:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-25 16:04:08 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-25 15:46:52 0 d-------- C:\WINDOWS\Prefetch
2008-05-25 00:32:39 3910 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 00:32:13 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-05-24 23:43:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-24 23:43:20 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-24 23:43:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-24 23:43:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-24 23:43:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-24 23:43:19 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-24 23:43:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-24 23:17:40 0 d-------- C:\Program Files\Trend Micro
2008-05-24 08:06:54 4 --a------ C:\WINDOWSRegDefrag.dat
2008-05-23 22:16:31 552553 --ahs---- C:\WINDOWS\system32\MVyHgfii.ini2
2008-05-23 22:16:29 370176 --a------ C:\WINDOWS\system32\iifgHyVM.dll
2008-05-23 22:11:28 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Downloaded Installations
2008-05-20 21:46:41 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Thinstall
2008-05-18 17:31:04 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sony Corporation
2008-05-15 06:21:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-14 19:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-05-14 19:29:10 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-05-13 20:55:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 20:52:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-10 19:26:50 0 d-------- C:\Program Files\Java
2008-05-04 18:45:14 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-04 01:57:06 4206592 --a------ C:\Documents and Settings\ALI\ntuser.dat
2008-04-29 20:06:41 0 d-------- C:\Program Files\Cedelia
2008-04-27 05:37:43 282624 --a------ C:\WINDOWS\system32\Chaji gdi32 - Old Copy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-26 21:51:35 0 d-------- C:\Documents and Settings\Project\Application Data\McAfee
2008-04-26 21:06:33 0 d-------- C:\WINDOWS\system32\en
2008-04-26 21:06:33 0 d-------- C:\WINDOWS\l2schemas
2008-04-26 21:06:32 0 d-------- C:\WINDOWS\system32\bits
2008-04-26 20:17:25 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\McAfee
2008-04-26 20:13:02 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\McAfee
2008-04-26 19:27:04 0 d--hs---- C:\Documents and Settings\Ali.SH\UserData
2008-04-26 18:45:26 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\IE7Pro
2008-04-26 18:35:46 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\IEPro
2008-04-26 18:32:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-26 18:10:45 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Macromedia
2008-04-26 18:10:45 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Adobe
2008-04-26 17:54:44 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Talkback
2008-04-26 17:54:35 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Mozilla
2008-04-26 17:53:52 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Ulead Systems
2008-04-26 17:53:52 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Juniper Networks
2008-04-26 17:53:51 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\SiteAdvisor
2008-04-26 17:53:49 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sony Ericsson
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Templates
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\Start Menu
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\SendTo
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\Recent
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\PrintHood
2008-04-26 17:52:55 1835008 --ah----- C:\Documents and Settings\Ali.SH\ntuser.dat
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\NetHood
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\My Documents
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Local Settings
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\Favorites
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Desktop
2008-04-26 17:52:55 0 d--hs---- C:\Documents and Settings\Ali.SH\Cookies
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\Application Data
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\You've Got Pictures Screensaver
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sun
2008-04-26 17:52:55 0 d---s---- C:\Documents and Settings\Ali.SH\Application Data\Microsoft
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Identities
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Application Data\Gtek
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Google
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Creative
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Corel
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\AOL
2008-04-26 16:46:42 0 d-------- C:\Documents and Settings\ALI\Application Data\SiteAdvisor
2008-04-26 15:41:57 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-04-26 15:41:57 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-04-26 02:15:50 0 d-------- C:\Documents and Settings\Project\Application Data\SiteAdvisor
2008-04-26 01:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-26 01:16:36 0 d-------- C:\Program Files\O2
2008-04-26 01:14:40 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-26 01:14:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Program Files\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-26 01:13:44 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-26 01:00:35 0 d-------- C:\Program Files\Common Files\SupportSoft
-- Find3M Report ---------------------------------------------------------------
2008-05-26 12:10:53 0 d-------- C:\Program Files\McAfee
2008-05-25 19:04:33 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\uTorrent
2008-05-24 14:51:10 0 d-------- C:\Program Files\DAP
2008-05-24 14:49:40 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-22 18:02:24 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-05-20 21:39:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 03:16:39 0 d-------- C:\Program Files\LowRateVoip
2008-05-13 20:55:35 0 d-------- C:\Program Files\Messenger
2008-05-13 20:55:15 0 d-------- C:\Program Files\Movie Maker
2008-05-13 20:51:55 0 d-------- C:\Program Files\Windows NT
2008-05-13 19:47:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 18:40:54 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\FreeCall
2008-04-28 22:54:17 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\U3
2008-04-28 12:41:52 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 21:59:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-26 21:01:36 1998 --a------ C:\WINDOWS\mozver.dat
2008-04-26 18:43:33 0 d-------- C:\Program Files\Common Files\GTK
2008-04-26 18:34:50 0 d-------- C:\Program Files\Google
2008-04-26 01:13:41 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-26 01:00:35 0 d-------- C:\Program Files\Common Files
2008-04-21 19:22:57 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Move Networks
2008-04-20 20:50:10 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\.purple
2008-04-20 20:28:41 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\.gaim
2008-04-20 20:28:26 0 d-------- C:\Program Files\Aspell
2008-04-20 20:22:41 0 d-------- C:\Program Files\Pidgin
2008-04-20 20:22:08 0 d-------- C:\Program Files\Gaim
2008-04-16 21:10:54 0 d-------- C:\Program Files\DBFView
2008-04-13 20:23:29 0 d-------- C:\Program Files\The Logo Creator v5
2008-04-07 19:56:58 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\dvdcss
2008-04-06 14:55:16 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\IEPro
2008-03-22 03:11:44 340967 --a------ C:\Program Files\UNINSTAL.EXE
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7421A88A-46F6-4D3F-B4AB-3A5C5CD609A8}]
23/05/2008 22:16 370176 --a------ C:\WINDOWS\system32\iifgHyVM.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [14/10/2005 11:01]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [28/05/2007 11:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 14:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [10/06/2005 10:44]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [09/02/2007 05:37]
"O2"="C:\Program Files\O2\bin\sprtcmd.exe" [28/03/2008 22:47]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NvMediaCenter"="RUNDLL32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04/01/2008 20:56]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 05:42]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"AccountLogon"="C:\Program Files\AccountLogon\AccountLogon.exe" [24/11/2007 01:47]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81AA6A16-B8CA-43C4-A347-A487764FF528}"= C:\WINDOWS\system32\wvUmkjJc.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcbby]
khfcbby.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfecbx]
khfecbx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUmkjJc]
wvUmkjJc.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iifgHyVM
"Notification Packages"= :\WINDOWS\syste scecli scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b5f373c-8bd4-11dc-8404-0002725674a9}]
-- End of Deckard's System Scanner: finished at 2008-05-26 13:12:39 ------------