33

Continued part of DSS log:
– Files created between 2007-10-18 and 2007-11-18 -----------------------------

2007-11-17 17:57:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-17 17:57:18 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-17 17:57:17 0 d-------- C:\Documents and Settings\apichat\Application Data\SUPERAntiSpyware.com
2007-11-17 13:57:45 0 dr-h----- C:\Documents and Settings\apichat\Recent
2007-11-17 11:26:17 58284 --ahs---- C:\WINDOWS\system32\hjllm.ini2
2007-11-08 10:52:46 0 d–hs–c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-08 10:52:22 0 d-------- C:\Program Files\Windows Live
2007-11-08 10:45:42 0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-11-08 10:11:03 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-27 14:51:43 0 d-------- C:\Documents and Settings\apichat.gimp-2.4

– Find3M Report ---------------------------------------------------------------

2007-11-18 13:49:22 0 d-------- C:\Documents and Settings\apichat\Application Data\Free Download Manager
2007-11-18 13:48:17 0 d-------- C:\Documents and Settings\apichat\Application Data\StarDict
2007-11-18 11:58:36 0 d-------- C:\Program Files\Free Download Manager
2007-11-17 17:56:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 11:43:12 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-11-16 17:08:25 0 d-------- C:\Program Files\StarDict
2007-11-16 17:08:05 0 d-------- C:\Program Files\Common Files\GTK
2007-11-14 20:12:45 836 --a------ C:\WINDOWS\winbdtok.dat
2007-11-09 13:43:42 0 d-------- C:\Program Files\Java
2007-11-08 11:08:42 0 d-------- C:\Program Files\MSN Messenger
2007-11-08 10:52:46 0 d-------- C:\Program Files\Common Files
2007-11-08 10:46:57 0 d-------- C:\Program Files\SmartFTP Client
2007-11-02 16:12:50 0 d-------- C:\Documents and Settings\apichat\Application Data\uTorrent
2007-10-27 14:48:58 0 d-------- C:\Program Files\GIMP-2.0
2007-10-16 15:08:13 0 d-------- C:\Program Files\uTorrent
2007-10-15 15:05:27 0 d-------- C:\Documents and Settings\apichat\Application Data\OpenOffice.org2
2007-10-09 15:57:50 0 d-------- C:\Program Files\Microsoft Works
2007-10-06 09:24:44 0 d-------- C:\Program Files\CCleaner
2007-09-29 09:40:00 0 d-------- C:\Program Files\TTPlayer
2007-09-28 20:30:10 0 d-------- C:\Program Files\ReciteWord
2007-09-28 20:27:25 0 d-------- C:\Program Files\Common Files\Adobe
2007-09-27 16:23:18 0 d-------- C:\Documents and Settings\apichat\Application Data\gtk-2.0
2007-09-22 19:54:09 106384 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-09-21 22:13:47 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-09-21 22:12:48 0 d-------- C:\Program Files\OpenOffice.org 2.2

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [06/21/2005 04:48 PM]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [06/21/2005 04:44 PM]
“Protect”=“SHVRTF.EXE” [12/02/2003 03:21 PM C:\WINDOWS\system32\SHVRTF.EXE]
“SoundMan”=“SOUNDMAN.EXE” [08/15/2003 08:34 AM C:\WINDOWS\SOUNDMAN.EXE]
“Microsoft Works Update Detection”=“C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe” [06/10/2003 01:11 AM]
“IMJPMIG8.1”=“C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe” [08/03/2004 10:32 PM]
“MSPY2002”=“C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe” [03/31/2003 01:00 PM]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [09/25/2007 01:11 AM]
“9xadiras”=“9xadiras.exe”
“2kadiras”=“2kadiras.exe” [07/18/2003 05:53 PM C:\WINDOWS\2kadiras.exe]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [09/06/2007 06:06 PM]
“Dewan Eja Pro Config”=“C:\PROGRA~1\THENAM~1\DEWANE~1\deconfig.exe” [03/25/2007 02:31 PM]
“DEProWotd”=“C:\Program Files\The Name Technology\Dewan Eja Pro\DEProWotd.exe” [04/09/2007 05:39 PM]
“Dewan Eja Pro”=“C:\Program Files\The Name Technology\Dewan Eja Pro\DewanEjaPro.exe” [04/10/2007 11:30 AM]
“Google IME Autoupdater”=“C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe” [08/16/2007 12:09 PM]
“IMSCMIG40W”=“C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.exe” [12/05/2003 03:39 PM]
“lxczbmgr.exe”=“C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe” [02/09/2007 06:52 AM]
“FaxCenterServer”=“C:\Program Files\Lexmark Fax Solutions\fm3032.exe” [02/09/2007 06:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MoneyAgent”=“C:\Program Files\Microsoft Money\System\mnyexpr.exe” [06/18/2003 05:00 AM]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/04/2004 12:56 AM]
“msnmsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.exe” [10/18/2007 11:34 AM]
“Free Uploader Oe Integration”=“C:\Program Files\Free Download Manager\FUM\fumoei.exe” [06/10/2007 07:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DSLMON.lnk - C:\Program Files\ADSL\ADSL USB MODEM\dslmon.exe [8/26/2005 5:28:39 PM]
蓝牙控制盘.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [10/9/2005 1:16:54 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”

– End of Deckard’s System Scanner: finished at 2007-11-18 14:01:57 ------------