[Tal]

• Please go to Start > Run
• Paste in the following line: regedit /e c:\registrybackup.reg
• Click OK. It won't appear to be doing anything, that's normal.
• Your mouse pointer may turn to an hour glass for a minute. Please continue when it no longer has the hour glass.

Please open a new Notepad document (Note: Other text editors will not work) and paste the following code into it, starting from REGEDIT4:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF52906C-5427-4F9C-A4F2-C2B3E2398A86}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Now, click File > Save As... > Change the File Type to All Files > Name the file RegFix3.reg > Save it on your desktop.

Once you've saved it, please double click it. A window should pop up - Click Yes to merge the information with the registry.

Please rescan with DSS and include the log in your next reply, we're looking good

[Advertisements]

Deckard's System Scanner v20071014.68
Run by msherazshafiq on 2008-05-26 14:58:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as msherazshafiq.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:37, on 26/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\msherazshafiq\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MSHERA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [AccountLogon] "C:\Program Files\AccountLogon\AccountLogon.exe" /regserver
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-msherazshafiq.html
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: KIM Plugin - {C090DCD2-0339-4C3F-8441-302449B3ED74} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-msherazshafiq.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-msherazshafiq.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211730206734
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169759172252
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16937 bytes

-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 14:23:58 0 drahs---- C:\autorun.inf
2008-05-26 13:52:59 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-26 13:46:47 168681802 --a------ C:\registrybackup.reg
2008-05-25 21:16:54 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 21:15:59 0 d-------- C:\Program Files\ThreatFire
2008-05-25 21:09:26 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-25 20:55:23 0 d-------- C:\VundoFix Backups
2008-05-25 19:21:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-25 18:00:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-25 17:37:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-25 17:37:27 0 d-------- C:\Program Files\Webroot
2008-05-25 17:37:27 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Webroot
2008-05-25 17:37:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-25 16:05:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-25 16:04:08 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-25 15:46:52 0 d-------- C:\WINDOWS\Prefetch
2008-05-25 00:32:39 3424 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 00:32:13 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-24 23:43:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-24 23:43:20 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-24 23:43:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-24 23:43:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-24 23:43:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-24 23:43:19 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-24 23:43:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-24 23:17:40 0 d-------- C:\Program Files\Trend Micro
2008-05-24 08:06:54 4 --a------ C:\WINDOWSRegDefrag.dat
2008-05-23 22:11:28 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Downloaded Installations
2008-05-20 21:46:41 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Thinstall
2008-05-18 17:31:04 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sony Corporation
2008-05-15 06:21:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-14 19:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-05-14 19:29:10 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-05-13 20:55:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 20:52:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-11 19:36:51 0 d-------- C:\Documents and Settings\Shahayda\Application Data\SiteAdvisor
2008-05-11 19:36:48 0 d-------- C:\Documents and Settings\Shahayda\Application Data\McAfee
2008-05-11 13:28:31 0 d-------- C:\Documents and Settings\Ali.SH\Contacts
2008-05-10 19:26:50 0 d-------- C:\Program Files\Java
2008-05-04 18:45:14 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-04 01:57:06 4206592 --a------ C:\Documents and Settings\ALI\ntuser.dat
2008-04-29 20:06:41 0 d-------- C:\Program Files\Cedelia
2008-04-27 05:37:43 282624 --a------ C:\WINDOWS\system32\Chaji gdi32 - Old Copy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-26 21:51:35 0 d-------- C:\Documents and Settings\Project\Application Data\McAfee
2008-04-26 21:06:33 0 d-------- C:\WINDOWS\system32\en
2008-04-26 21:06:33 0 d-------- C:\WINDOWS\l2schemas
2008-04-26 21:06:32 0 d-------- C:\WINDOWS\system32\bits
2008-04-26 20:17:25 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\McAfee
2008-04-26 20:13:02 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\McAfee
2008-04-26 19:27:04 0 d--hs---- C:\Documents and Settings\Ali.SH\UserData
2008-04-26 18:45:26 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\IE7Pro
2008-04-26 18:35:46 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\IEPro
2008-04-26 18:32:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-26 18:10:45 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Macromedia
2008-04-26 18:10:45 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Adobe
2008-04-26 17:54:44 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Talkback
2008-04-26 17:54:35 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Mozilla
2008-04-26 17:53:52 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Ulead Systems
2008-04-26 17:53:52 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Juniper Networks
2008-04-26 17:53:51 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\SiteAdvisor
2008-04-26 17:53:49 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sony Ericsson
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Templates
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\Start Menu
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\SendTo
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\Recent
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\PrintHood
2008-04-26 17:52:55 1835008 --ah----- C:\Documents and Settings\Ali.SH\ntuser.dat
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\NetHood
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\My Documents
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Local Settings
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\Favorites
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Desktop
2008-04-26 17:52:55 0 d--hs---- C:\Documents and Settings\Ali.SH\Cookies
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\Application Data
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\You've Got Pictures Screensaver
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sun
2008-04-26 17:52:55 0 d---s---- C:\Documents and Settings\Ali.SH\Application Data\Microsoft
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Identities
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Application Data\Gtek
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Google
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Creative
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Corel
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\AOL
2008-04-26 16:46:42 0 d-------- C:\Documents and Settings\ALI\Application Data\SiteAdvisor
2008-04-26 15:41:57 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-04-26 15:41:57 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-04-26 02:15:50 0 d-------- C:\Documents and Settings\Project\Application Data\SiteAdvisor
2008-04-26 01:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-26 01:16:36 0 d-------- C:\Program Files\O2
2008-04-26 01:14:40 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-26 01:14:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Program Files\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-26 01:13:44 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-26 01:00:35 0 d-------- C:\Program Files\Common Files\SupportSoft


-- Find3M Report ---------------------------------------------------------------

2008-05-26 12:10:53 0 d-------- C:\Program Files\McAfee
2008-05-25 19:04:33 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\uTorrent
2008-05-24 14:51:10 0 d-------- C:\Program Files\DAP
2008-05-24 14:49:40 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-22 18:02:24 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-05-20 21:39:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 03:16:39 0 d-------- C:\Program Files\LowRateVoip
2008-05-13 20:55:35 0 d-------- C:\Program Files\Messenger
2008-05-13 20:55:15 0 d-------- C:\Program Files\Movie Maker
2008-05-13 20:51:55 0 d-------- C:\Program Files\Windows NT
2008-05-13 19:47:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 18:40:54 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\FreeCall
2008-04-28 22:54:17 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\U3
2008-04-28 12:41:52 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 21:59:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-26 21:01:36 1998 --a------ C:\WINDOWS\mozver.dat
2008-04-26 18:43:33 0 d-------- C:\Program Files\Common Files\GTK
2008-04-26 18:34:50 0 d-------- C:\Program Files\Google
2008-04-26 01:13:41 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-26 01:00:35 0 d-------- C:\Program Files\Common Files
2008-04-21 19:22:57 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Move Networks
2008-04-20 20:50:10 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\.purple
2008-04-20 20:28:41 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\.gaim
2008-04-20 20:28:26 0 d-------- C:\Program Files\Aspell
2008-04-20 20:22:41 0 d-------- C:\Program Files\Pidgin
2008-04-20 20:22:08 0 d-------- C:\Program Files\Gaim
2008-04-16 21:10:54 0 d-------- C:\Program Files\DBFView
2008-04-13 20:23:29 0 d-------- C:\Program Files\The Logo Creator v5
2008-04-07 19:56:58 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\dvdcss
2008-04-06 14:55:16 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\IEPro
2008-03-22 03:11:44 340967 --a------ C:\Program Files\UNINSTAL.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [14/10/2005 11:01]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [28/05/2007 11:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 14:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [10/06/2005 10:44]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [09/02/2007 05:37]
"O2"="C:\Program Files\O2\bin\sprtcmd.exe" [28/03/2008 22:47]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NvMediaCenter"="RUNDLL32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04/01/2008 20:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 05:42]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"AccountLogon"="C:\Program Files\AccountLogon\AccountLogon.exe" [24/11/2007 01:47]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-26 15:01:04 ------------

[mgr_classmates]

Deckard's System Scanner v20071014.68
Run by msherazshafiq on 2008-05-26 14:58:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as msherazshafiq.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:37, on 26/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\Program Files\O2\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\O2\bin\sprtcmd.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\msherazshafiq\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MSHERA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [MskAgentexe] "C:\Program Files\McAfee\MSK\MskAgent.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] "C:\Program Files\McAfee\MBK\LogOnHook.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Systweak Wallpaper Changer] wallpaper.exe -minimize
O4 - HKCU\..\Run: [AccountLogon] "C:\Program Files\AccountLogon\AccountLogon.exe" /regserver
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-msherazshafiq.html
O8 - Extra context menu item: Add to &Windows Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: KIM Plugin - {C090DCD2-0339-4C3F-8441-302449B3ED74} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-msherazshafiq.html (HKCU)
O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-msherazshafiq.html (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.goo...2/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9563.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211730206734
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1169759172252
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay10...ex/HMAtchmt.ocx
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 16937 bytes

-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 14:23:58 0 drahs---- C:\autorun.inf
2008-05-26 13:52:59 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-05-26 13:46:47 168681802 --a------ C:\registrybackup.reg
2008-05-25 21:16:54 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-25 21:15:59 0 d-------- C:\Program Files\ThreatFire
2008-05-25 21:09:26 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-05-25 20:55:23 0 d-------- C:\VundoFix Backups
2008-05-25 19:21:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-25 18:00:16 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-05-25 17:37:35 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-25 17:37:27 0 d-------- C:\Program Files\Webroot
2008-05-25 17:37:27 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Webroot
2008-05-25 17:37:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-25 16:05:46 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-05-25 16:04:08 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-05-25 15:46:52 0 d-------- C:\WINDOWS\Prefetch
2008-05-25 00:32:39 3424 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 00:32:13 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-05-24 23:43:20 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-24 23:43:20 82944 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-24 23:43:19 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-24 23:43:19 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-05-24 23:43:19 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-05-24 23:43:19 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-05-24 23:43:19 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-24 23:17:40 0 d-------- C:\Program Files\Trend Micro
2008-05-24 08:06:54 4 --a------ C:\WINDOWSRegDefrag.dat
2008-05-23 22:11:28 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Downloaded Installations
2008-05-20 21:46:41 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Thinstall
2008-05-18 17:31:04 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sony Corporation
2008-05-15 06:21:27 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-05-14 19:29:45 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-05-14 19:29:10 0 d-------- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
2008-05-13 20:55:16 0 d-------- C:\WINDOWS\system32\scripting
2008-05-13 20:52:42 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-13 17:40:48 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-11 19:36:51 0 d-------- C:\Documents and Settings\Shahayda\Application Data\SiteAdvisor
2008-05-11 19:36:48 0 d-------- C:\Documents and Settings\Shahayda\Application Data\McAfee
2008-05-11 13:28:31 0 d-------- C:\Documents and Settings\Ali.SH\Contacts
2008-05-10 19:26:50 0 d-------- C:\Program Files\Java
2008-05-04 18:45:14 0 d-------- C:\Program Files\Windows Live Safety Center
2008-05-04 01:57:06 4206592 --a------ C:\Documents and Settings\ALI\ntuser.dat
2008-04-29 20:06:41 0 d-------- C:\Program Files\Cedelia
2008-04-27 05:37:43 282624 --a------ C:\WINDOWS\system32\Chaji gdi32 - Old Copy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-26 21:51:35 0 d-------- C:\Documents and Settings\Project\Application Data\McAfee
2008-04-26 21:06:33 0 d-------- C:\WINDOWS\system32\en
2008-04-26 21:06:33 0 d-------- C:\WINDOWS\l2schemas
2008-04-26 21:06:32 0 d-------- C:\WINDOWS\system32\bits
2008-04-26 20:17:25 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\McAfee
2008-04-26 20:13:02 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\McAfee
2008-04-26 19:27:04 0 d--hs---- C:\Documents and Settings\Ali.SH\UserData
2008-04-26 18:45:26 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\IE7Pro
2008-04-26 18:35:46 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\IEPro
2008-04-26 18:32:04 0 d-------- C:\WINDOWS\system32\Adobe
2008-04-26 18:10:45 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Macromedia
2008-04-26 18:10:45 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Adobe
2008-04-26 17:54:44 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Talkback
2008-04-26 17:54:35 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Mozilla
2008-04-26 17:53:52 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Ulead Systems
2008-04-26 17:53:52 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Juniper Networks
2008-04-26 17:53:51 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\SiteAdvisor
2008-04-26 17:53:49 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sony Ericsson
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Templates
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\Start Menu
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\SendTo
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\Recent
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\PrintHood
2008-04-26 17:52:55 1835008 --ah----- C:\Documents and Settings\Ali.SH\ntuser.dat
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\NetHood
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\My Documents
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Local Settings
2008-04-26 17:52:55 0 dr------- C:\Documents and Settings\Ali.SH\Favorites
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Desktop
2008-04-26 17:52:55 0 d--hs---- C:\Documents and Settings\Ali.SH\Cookies
2008-04-26 17:52:55 0 dr-h----- C:\Documents and Settings\Ali.SH\Application Data
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\You've Got Pictures Screensaver
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Sun
2008-04-26 17:52:55 0 d---s---- C:\Documents and Settings\Ali.SH\Application Data\Microsoft
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Identities
2008-04-26 17:52:55 0 d--h----- C:\Documents and Settings\Ali.SH\Application Data\Gtek
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Google
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Creative
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\Corel
2008-04-26 17:52:55 0 d-------- C:\Documents and Settings\Ali.SH\Application Data\AOL
2008-04-26 16:46:42 0 d-------- C:\Documents and Settings\ALI\Application Data\SiteAdvisor
2008-04-26 15:41:57 0 d-------- C:\Documents and Settings\NetworkService\Desktop
2008-04-26 15:41:57 0 d-------- C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor
2008-04-26 02:15:50 0 d-------- C:\Documents and Settings\Project\Application Data\SiteAdvisor
2008-04-26 01:16:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-04-26 01:16:36 0 d-------- C:\Program Files\O2
2008-04-26 01:14:40 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-26 01:14:40 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Program Files\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\SiteAdvisor
2008-04-26 01:14:31 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-26 01:13:44 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-04-26 01:00:35 0 d-------- C:\Program Files\Common Files\SupportSoft


-- Find3M Report ---------------------------------------------------------------

2008-05-26 12:10:53 0 d-------- C:\Program Files\McAfee
2008-05-25 19:04:33 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\uTorrent
2008-05-24 14:51:10 0 d-------- C:\Program Files\DAP
2008-05-24 14:49:40 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-22 18:02:24 0 d-------- C:\Program Files\Lexmark X1100 Series
2008-05-20 21:39:55 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 03:16:39 0 d-------- C:\Program Files\LowRateVoip
2008-05-13 20:55:35 0 d-------- C:\Program Files\Messenger
2008-05-13 20:55:15 0 d-------- C:\Program Files\Movie Maker
2008-05-13 20:51:55 0 d-------- C:\Program Files\Windows NT
2008-05-13 19:47:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-04 18:40:54 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\FreeCall
2008-04-28 22:54:17 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\U3
2008-04-28 12:41:52 0 d-------- C:\Program Files\Microsoft Works
2008-04-26 21:59:49 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-26 21:01:36 1998 --a------ C:\WINDOWS\mozver.dat
2008-04-26 18:43:33 0 d-------- C:\Program Files\Common Files\GTK
2008-04-26 18:34:50 0 d-------- C:\Program Files\Google
2008-04-26 01:13:41 0 d-------- C:\Program Files\Common Files\McAfee
2008-04-26 01:00:35 0 d-------- C:\Program Files\Common Files
2008-04-21 19:22:57 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\Move Networks
2008-04-20 20:50:10 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\.purple
2008-04-20 20:28:41 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\.gaim
2008-04-20 20:28:26 0 d-------- C:\Program Files\Aspell
2008-04-20 20:22:41 0 d-------- C:\Program Files\Pidgin
2008-04-20 20:22:08 0 d-------- C:\Program Files\Gaim
2008-04-16 21:10:54 0 d-------- C:\Program Files\DBFView
2008-04-13 20:23:29 0 d-------- C:\Program Files\The Logo Creator v5
2008-04-07 19:56:58 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\dvdcss
2008-04-06 14:55:16 0 d-------- C:\Documents and Settings\msherazshafiq\Application Data\IEPro
2008-03-22 03:11:44 340967 --a------ C:\Program Files\UNINSTAL.EXE


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [14/10/2005 11:01]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"PC Suite for Smartphones"="C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [28/05/2007 11:14]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 14:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [10/06/2005 10:44]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [17/01/2007 17:30]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [09/02/2007 05:37]
"O2"="C:\Program Files\O2\bin\sprtcmd.exe" [28/03/2008 22:47]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [16/01/2007 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [08/01/2007 11:22]
"NvMediaCenter"="RUNDLL32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"BluetoothAuthenticationAgent"="rundll32.exe" [14/04/2008 05:42 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [05/12/2007 02:41 C:\WINDOWS\system32\nwiz.exe]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [04/01/2008 20:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 05:42]
"Systweak Wallpaper Changer"="wallpaper.exe" []
"AccountLogon"="C:\Program Files\AccountLogon\AccountLogon.exe" [24/11/2007 01:47]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideRunAsVerb"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= :\WINDOWS\syste scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-26 15:01:04 ------------

[Tal]

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

You should also have a good firewall. Here are 3 free ones available for personal use:

• Sygate Personal Firewall
• Kerio Personal Firewall
• ZoneAlarm

and a good antivirus (these are also free for personal use):

• AVG Anti-Virus
• Avast Home Edition

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• AdAware SE Personal
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

Tal

[mgr_classmates]

Thanks Tal.

I am sure that most of the problem is sorted. I will go to windows section to sort out two other problem e.g. Corrupt Icons and Can not do Windows update.

but thank you very much for your help all the way. If I will have any other issue, I will post any feedback in here.

Regards,

mgr

Edited by mgr_classmates, 26 May 2008 - 08:11 AM.

[Tal]

You're welcome