fake windows security alert....control panel is gone

General Topics
21

Ok first things first. Log from SAS:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2007 at 05:06 PM

Application Version : 3.9.1008

Core Rules Database Version : 3360
Trace Rules Database Version: 1359

Scan type : Complete Scan
Total Scan Time : 00:43:41

Memory items scanned : 537
Memory threats detected : 0
Registry items scanned : 5865
Registry threats detected : 24
File items scanned : 37110
File threats detected : 43

Trojan.Bronto
HKLM\Software\Classes\CLSID{D27987B8-7244-4DE0-AE10-39B826B492F1}
HKCR\CLSID{D27987B8-7244-4DE0-AE10-39B826B492F1}
HKCR\CLSID{D27987B8-7244-4DE0-AE10-39B826B492F1}\InprocServer32
HKCR\CLSID{D27987B8-7244-4DE0-AE10-39B826B492F1}\InprocServer32#ThreadingModel
HKCR\CLSID{D27987B8-7244-4DE0-AE10-39B826B492F1}\InprocServer32#Enable Browser Extensions
C:\WINDOWS\SYSTEM32\BRONTO.DLL

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com#*
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com#*
HKU\S-1-5-21-3807167736-3886603645-2624093547-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com
HKU\S-1-5-21-3807167736-3886603645-2624093547-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com#*
HKU\S-1-5-21-3807167736-3886603645-2624093547-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com
HKU\S-1-5-21-3807167736-3886603645-2624093547-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\awmdabest.com#*

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@gomyhit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
C:\Documents and Settings\Owner\Cookies\owner@keywordmax[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.revsci[1].txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@collective-media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anat.tacoda[2].txt
C:\Documents and Settings\Owner\Cookies\owner@toplist[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bizrate[1].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[2].txt

Trojan.SmartFinder
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW#UninstallString

Adware.IST/YourSiteBar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\ysbactivex.dll [  ]

Adware.IST/ISTBar (Slotch Bar)
HKU\S-1-5-21-3807167736-3886603645-2624093547-1003\Software\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Trojan.Unclassified/WN852
C:\DOCUMENTS AND SETTINGS\OWNER\WN852.EXE
C:\WINDOWS\TRAYICONS.EXE

Trojan.Agent-Gen/XLaff
C:\WINDOWS\DDEXXZ.EXE

Trojan.Agent-Gen/Tooze
C:\WINDOWS\KSACRE.EXE

Trojan.VXGame-Gen
C:\WINDOWS\SYSTEM32\VEDXGA4M1ET4.EXE
C:\WINDOWS\SYSTEM32\VEDXGA4ME1.EXE
C:\WINDOWS\SYSTEM32\VEDXGA8ME6.EXE

Trojan.Unclassified/WinDisk
C:\WINDOWS\WINDISK.DLL

I will have to post in increments as the allowed number of characters are exceeded…

22

This is the main.txt
Deckard’s System Scanner v20071014.68
Run by Owner on 2007-12-13 21:07:15
Computer is in Normal Mode.

– System Restore --------------------------------------------------------------

Successfully created a Deckard’s System Scanner Restore Point.

– Last 5 Restore Point(s) –
106: 2007-12-14 03:07:36 UTC - RP1073 - Deckard’s System Scanner Restore Point
105: 2007-12-13 22:19:41 UTC - RP1072 - Installed SUPERAntiSpyware Free Edition
104: 2007-12-13 18:08:57 UTC - RP1071 - Windows Defender Checkpoint
103: 2007-12-12 20:55:03 UTC - RP1070 - Software Distribution Service 3.0
102: 2007-12-12 14:49:20 UTC - RP1069 - System Checkpoint

– First Restore Point –
1: 2007-09-15 17:23:50 UTC - RP968 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-13 21:10:14
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IC Media Corp\ICM532\launchpad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X4KN3HSA\dss[1].exe
C:\Program Files\Messenger\msmsgs.exe

23

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B4F9A677-88EE-C19A-29C7-4D0EFD6F3B81} - C:\WINDOWS\sdktj32.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVSHEXT.DLL
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [1F.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp.exe 4 10001
O4 - HKLM..\Run: [netod32.exe] C:\WINDOWS\system32\netod32.exe
O4 - HKLM..\Run: [winxf.exe] C:\WINDOWS\system32\winxf.exe
O4 - HKLM..\Run: [javaee32.exe] C:\WINDOWS\javaee32.exe
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM..\Run: [msnappau] “C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe”
O4 - HKLM..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Undefined] C:\WINDOWS\system32\winter.exe
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchpad.lnk = C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Display All Images with Full Quality - “res://C:\Program Files\NetZero\qsacc\appres.dll/228”
O8 - Extra context menu item: Display Image with Full Quality - “res://C:\Program Files\NetZero\qsacc\appres.dll/227”
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKCU)
O15 - Trusted Zone: *.scoobidoo.com (HKCU)
O15 - Trusted Zone: *.static.topconverting.com (HKCU)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab

24

O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103922804920
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} () - http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


End of file - 15600 bytes

– File Associations -----------------------------------------------------------

All associations okay.

– Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>

S3 PciTest (WinMTA PCI Service) - c:\windows\system32\drivers\pcitest.sys <Not Verified; Intel Corporation; Intel® Modular Test Architecture>
S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

– Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - “c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe” <Not Verified; Apple, Inc.; Apple Mobile Device Service>

25

– Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

– Scheduled Tasks -------------------------------------------------------------

2007-12-13 20:55:20 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-13 16:00:01 396 --ah----- C:\WINDOWS\Tasks{D22A47F0-59CD-4C90-A057-9C939463113B}_COMPUTER1_Owner.job
2007-12-13 11:09:15 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-13 09:00:02 396 --ah----- C:\WINDOWS\Tasks{5A386A30-96C4-439E-B962-EAF263DBCAE1}_COMPUTER1_Owner.job
2007-12-09 08:49:51 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job
2007-12-07 16:00:07 396 --ah----- C:\WINDOWS\Tasks{C8E919EC-A77E-4639-BA6A-C06652AE23CD}_COMPUTER1_Owner.job
2004-12-26 12:15:00 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job

– Files created between 2007-11-13 and 2007-12-13 -----------------------------

2007-12-13 20:04:41 0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-13 20:04:06 0 d–h—c- C:\Documents and Settings\Administrator\NetHood
2007-12-13 20:04:06 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2007-12-13 20:04:06 0 d–h—c- C:\Documents and Settings\Administrator\Local Settings
2007-12-13 20:04:06 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Desktop
2007-12-13 20:04:06 0 d–hs–c- C:\Documents and Settings\Administrator\Cookies
2007-12-13 20:04:06 0 dr-h—c- C:\Documents and Settings\Administrator\Application Data
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\You’ve Got Pictures Screensaver
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-13 20:04:06 0 d—s–c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-13 20:04:05 0 d–h—c- C:\Documents and Settings\Administrator\Templates
2007-12-13 20:04:05 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2007-12-13 20:04:05 0 dr-h—c- C:\Documents and Settings\Administrator\SendTo
2007-12-13 20:04:05 0 dr-h—c- C:\Documents and Settings\Administrator\Recent
2007-12-13 20:04:05 0 d–h—c- C:\Documents and Settings\Administrator\PrintHood
2007-12-13 20:04:05 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-13 16:20:59 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 16:19:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-13 16:19:45 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-13 16:18:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 20:13:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-12 20:10:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-12-10 20:28:02 0 d-------- C:\WINDOWS\pss
2007-12-10 19:58:09 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-10 19:34:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-10 19:34:33 0 d-------- C:\Program Files\Uniblue
2007-12-10 13:52:26 0 d-------- C:\Program Files\Windows Defender
2007-12-10 13:42:34 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-10 09:30:12 0 d-------- C:\Program Files\Alwil Software
2007-12-09 23:33:38 0 --a------ C:\WINDOWS\wsystmp_usl.exe
2007-12-09 23:33:06 87552 --a------ C:\WINDOWS\system32\spoolc.exe
2007-12-09 23:33:04 291328 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
2007-12-09 23:33:02 59392 --a------ C:\WINDOWS\derc32xz.exe
2007-12-09 23:32:39 138240 --a------ C:\WINDOWS\xnnnav.exe
2007-12-09 23:32:35 1162732 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat
2007-12-09 23:32:32 14 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
2007-12-09 23:30:36 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2007-12-08 18:36:29 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-12-06 17:57:41 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-12-06 17:57:16 0 d-------- C:\Program Files\CHARTER
2007-11-13 01:28:17 0 d-------- C:\Program Files\iPod

26

– Find3M Report ---------------------------------------------------------------

2007-12-13 20:53:50 0 d-------- C:\Program Files\Common Files
2007-12-13 16:51:13 2514 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-12-13 15:47:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-12-12 20:13:38 0 d-------- C:\Program Files\Common Files\Real
2007-12-12 08:16:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-10 13:52:06 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-12-06 17:50:09 0 d–h----- C:\Program Files\InstallShield Installation Information
2007-11-13 09:57:06 0 d-------- C:\Program Files\Apple Software Update
2007-11-13 01:28:47 0 d-------- C:\Program Files\iTunes
2007-11-13 01:25:30 0 d-------- C:\Program Files\QuickTime
2007-11-06 10:40:20 0 d-------- C:\Program Files\MMKids

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{B4F9A677-88EE-C19A-29C7-4D0EFD6F3B81}]
C:\WINDOWS\sdktj32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [10/31/2003 08:42 PM]
“SunKistEM”=“C:\Program Files\Digital Media Reader\shwiconem.exe” [03/11/2004 04:18 PM]
“@”=“”
“HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [01/29/2004 08:13 PM]
“1F.tmp”=“C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp.exe”
“netod32.exe”=“C:\WINDOWS\system32\netod32.exe”
“winxf.exe”=“C:\WINDOWS\system32\winxf.exe”
“javaee32.exe”=“C:\WINDOWS\javaee32.exe”
“Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [05/05/2005 07:40 PM]
“msnappau”=“C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe” [06/09/2005 01:56 PM]
“ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [02/17/2006 10:05 AM]
“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u”
“SoundMan”=“SOUNDMAN.EXE” [04/15/2005 10:01 AM C:\WINDOWS\SOUNDMAN.EXE]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [02/16/2005 10:11 PM]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [10/10/2007 07:51 PM]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [10/19/2007 08:16 PM]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [11/02/2007 06:36 PM]
“Undefined”=“C:\WINDOWS\system32\winter.exe”
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [12/04/2007 07:00 AM]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [11/03/2006 07:20 PM]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [12/12/2007 08:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [01/19/2007 12:54 PM]
“NetZero_uoltray”=“C:\Program Files\NetZero\exec.exe” [03/06/2007 06:00 PM]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE” [01/04/2005 11:50 AM]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [08/04/2004 12:56 AM]
“Undefined”=“C:\WINDOWS\system32\winter.exe”
“Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe” [12/05/2007 03:51 PM]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [06/21/2007 02:06 PM]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [8/9/2004 4:03:42 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Launchpad.lnk - C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe [12/26/2004 12:12:08 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableRegistryTools”=1 (0x1)
“DisableTaskMgr”=1 (0x1)

27

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
“NoControlPanel”=1 (0x1)
“NoWindowsUpdate”=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Shell”=“Explorer.exe C:\WINDOWS\system32\proper.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”

– End of Deckard’s System Scanner: finished at 2007-12-13 21:12:52 ------------

This is the extra.txt
Deckard’s System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

– System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.66GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 246.8 MiB / 72.74 MiB
Pagefile Memory (total/avail): 605.96 MiB / 160.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.05 MiB

C: is Fixed (NTFS) - 57.26 GiB total, 38.88 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\.\PHYSICALDRIVE0 - HDS722580VLAT20 - 57.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 57.26 GiB - C:

\.\PHYSICALDRIVE1 - IOMEGA ZIP 100

\.\PHYSICALDRIVE2 - eM Bay Reader USB Device

\.\PHYSICALDRIVE3 - eM Bay Reader USB Device

\.\PHYSICALDRIVE4 - eM Bay Reader USB Device

\.\PHYSICALDRIVE5 - eM Bay Reader USB Device

\.\PHYSICALDRIVE6 - HP PSC 1610xi USB Device

– Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) Outdated
AV: avast! antivirus 4.7.1098 [VPS 071213-0] v4.7.1098 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\America Online 9.0\waol.exe”="C:\Program Files\America Online 9.0\waol.exe::Enabled:America Online 9.0”
“%windir%\Network Diagnostic\xpnetdiag.exe”=“%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000"
“C:\Program Files\MSN Messenger\msnmsgr.exe”="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1”
“C:\Program Files\MSN Messenger\livecall.exe”=“C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)"
“%windir%\system32\winav.exe”="%windir%\system32\winav.exe::Enabled:@xpsp2res.dll,-22019”

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=“%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019"
“C:\Program Files\America Online 9.0\waol.exe”="C:\Program Files\America Online 9.0\waol.exe::Disabled:America Online 9.0”
“C:\Program Files\Microsoft ActiveSync\wcescomm.exe”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe::Enabled:Connection Manager"
“C:\Program Files\Microsoft ActiveSync\WCESMgr.exe”="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe::Enabled:ActiveSync Application”
“C:\Program Files\Messenger\msmsgs.exe”=“C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger"
“%windir%\Network Diagnostic\xpnetdiag.exe”="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000”
“C:\Program Files\MSN Messenger\msnmsgr.exe”=“C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1"
“C:\Program Files\MSN Messenger\livecall.exe”="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)”
“C:\Program Files\iTunes\iTunes.exe”=“C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes"
“C:\Program Files\Real\RealPlayer\realplay.exe”="C:\Program Files\Real\RealPlayer\realplay.exe::Enabled:RealPlayer”
“%windir%\system32\winav.exe”=“%windir%\system32\winav.exe:*:Enabled:@xpsp2res.dll,-22019”

28

– Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
ICM_532_INF_PATH=C:\WINDOWS\INF\oem29.inf
ICM_532_INSTALL_DIR=C:\Program Files\IC Media Corp.\ICM532\Driver
ICM_532_PNF_PATH=C:\WINDOWS\INF\oem29.pnf
ICM_532_PRODUCT_VER=1.4.0.0
LOGONSERVER=\COMPUTER1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\MSN Messenger;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=COMPUTER1
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS

– User Profiles ---------------------------------------------------------------

Owner I[/I]
Administrator (new local, admin)

– Add/Remove Programs ---------------------------------------------------------

→ C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
→ rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX → C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_” -l0x9
Adobe Reader 8.1.1 → MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player → C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support → MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update → MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

29

avast! Antivirus → rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BigFix → C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
ccCommon → MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Charter High Speed Internet Self-Installation Wizard → MsiExec.exe /I{5AF8C46D-A141-4E69-9EB5-76A43ED29281}
Digital Media Reader → C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
Ezonics Greeting Cam Deluxe → C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ezonics\Ezonics Greeting Cam Deluxe\Uninst.isu"
EZPhoto Browser → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{7A393E43-9F1B-4B4D-AFC3-E4B6663F6DD3}\Setup.exe”
EZPhoto Tools → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{ED8F2441-E5B9-4F48-82AD-759C17A68ADB}\Setup.exe”
EZShowtime MMS → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{5FB2EF0E-0254-4B7E-98C9-7F83E0C5E6C2}\Setup.exe”
EZSuite For EZCam III → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{313AA16E-8C61-410C-A225-917462421659}\Setup.exe” -l0x9
EZVideo Mail 2.0 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{2E8D4B52-52E5-41EF-9C43-8CDF1527DDFD}\Setup.exe” -l0x9
GdiplusUpgrade → MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth → MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard → MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HP Extended Capabilities 4.7 → C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 → C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7 → “C:\Program Files\HP\Digital Imaging{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe” -datfile hposcr05.dat
HP Software Update → MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Update → MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
ICM532 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}\setup.exe” -l0x9
Intel(R) Extreme Graphics Driver → RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Network Adapters and Drivers → Prounstl.exe
Intel(R) PROSet → MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
InterActual Player → C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection → MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iTunes → MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java 2 Runtime Environment, SE v1.4.2 → MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Learn2 Player (Uninstall Only) → C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation) → C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) → “C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE” /U
Malwarebytes’ RogueRemover 1.22 → “C:\Program Files\RogueRemover FREE\unins000.exe”
Microsoft ActiveSync 3.8 → “C:\WINDOWS\ISUNINST.EXE” -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Data Access Components KB870669 → C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2004 → MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack → MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Outlook 2000 SR-1 → MsiExec.exe /I{00160409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight → MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Works → MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Minute Menu Kids → “C:\Program Files\MMKids\unins000.exe”
Move Networks Player for Internet Explorer → “C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\unins000.exe”
MSN Music Assistant → rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar → C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\mtbs.exe c
NetZero Internet → “C:\Program Files\NetZero\NetZeroUninstaller.exe”
Norton AntiVirus 2005 → MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) → C:\Program Files\Common Files\Symantec Shared\SymSetup{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help → MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI → MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SCSSDist MSI → MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548}
Norton AntiVirus SYMLT MSI → MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update → MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton WMI Update → MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OLYMPUS CAMEDIA Master 4.1 → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe” CAMEDIA Master 4.1
PowerDVD → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe” -uninstall
QuickTime → MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
RealPlayer → C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC’97 Audio → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe” REMOVE
Rhapsody Player Engine → MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SoftV92 Data Fax Modem with SmartCP → C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SPBBC → MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SUPERAntiSpyware Free Edition → MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec → MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec Script Blocking Installer → MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet → MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Uniblue RegistryBooster 2 → “C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe”
USB Driver → RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C8F7C1E5-0150-11D6-A96C-00D05908F85D}\Setup.exe” -l0x9
Viewpoint Media Player → C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility → MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender → MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Messenger → MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant → MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}

30

– Application Event Log -------------------------------------------------------

Event Record #/Type35791 / Error
Event Submitted/Written: 12/13/2007 09:10:39 PM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type35782 / Success
Event Submitted/Written: 12/13/2007 09:01:41 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type35754 / Warning
Event Submitted/Written: 12/13/2007 07:57:19 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type35746 / Success
Event Submitted/Written: 12/13/2007 06:46:35 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type35730 / Warning
Event Submitted/Written: 12/13/2007 06:37:03 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

– Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

– System Event Log ------------------------------------------------------------

Event Record #/Type47378 / Error
Event Submitted/Written: 12/13/2007 09:00:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Messenger Sharing Folders USN Journal Reader service service failed to start due to the following error:
%%1053

Event Record #/Type47377 / Error
Event Submitted/Written: 12/13/2007 09:00:59 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Messenger Sharing Folders USN Journal Reader service service to connect.

Event Record #/Type47376 / Error
Event Submitted/Written: 12/13/2007 09:00:46 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error “%%1053” attempting to start the service usnjsvc with arguments “”
in order to run the server:
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}

Event Record #/Type47340 / Error
Event Submitted/Written: 12/13/2007 08:51:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error “%%1084” attempting to start the service EventSystem with arguments “”
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type47336 / Error
Event Submitted/Written: 12/13/2007 08:05:15 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Aavmker4
Fips
intelppm
SASDIFSV
SASKUTIL
SAVRTPEL
SPBBCDrv
SYMTDI

– End of Deckard’s System Scanner: finished at 2007-12-13 21:12:52 ------------

A lot of info I hope you can help. When I was in safe mode and logged in under administrater I noticed that the control panel was there. When I logged back in under the normal user it was not there again. I don’t know if that helps you at all. Thanks for the help!

31

You have more than one antivirus program, One is disabled and the other is out of date. Please do not use the internet except to dowmload tools and check this thread, until this is resolved.

There’s a few things we have to turn back on. We’ll start with this

To repair taskmanager
run SuperAntispyware

Start the programme
On the main page select preferences
Next select the repair tab
Left click Enable Task Manager
Left click perform repair

I’ll post the fix for the others, as soon as I can.

Download ComboFix from Here or Here to your Desktop.

[*]Double click combofix.exe and follow the prompts.
[*]When finished, it shall produce a log for you. Post that log and the DSS log along with a new HJT
log in your next reply.

Note: Do not mouseclick combofix’s window while its running. That may cause it to stall

Let the scan run, even if it looks like it isn’t doing anyhting, if you see any HD activity, combo fix is running.

32

Download the following 2 fixes from my site http://cid-32d8666f4048075b.skydrive.live.com/browse.aspx/Malware%20files The files you want are
Regtmcdrrestore.vbs run this first then run controlpanelrestrictionrestore.reg

33

Hi there,
I ran the superantispyware and it worked well. Then I also downloaded the combofix and it wouldn’t complete. First Norton intercepted it. Somehow the control panel came back and so I uninstalled Norton as well as a couple of mistake installs from this week. The combofix made it through 38 steps and then stopped on a screen that says deleting files/folders and proceeded to stay that way for three hours. I finally shut it down and tried it again and the same thing happened. Any ideas as to where I should go from here? Thanks

34

I don’t know why combofix stalled. Can you check in windows explorer in this location

c:\combofix

for a log or a txt file. If you find one please post it.

If control panel is back, you will only have to download one file from essexboy’s post (it’s right above your last one), download and run

Regtmcdrrestore.vbs

then make sure you did this

To repair taskmanager
run SuperAntispyware

Start the programme
On the main page select preferences
Next select the repair tab
Left click Enable Task Manager
Left click perform repair

Also is avast up and running again?

Please post a new DSS log and we will procede.

35

:slight_smile: Hi Lava25 :

 You have to do more than just "uninstall" Norton; should ALSO run THEIR
 "Removal Tool", which is available at 
 www.majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html .
36

Thanks Spiritsongs , I thought I had posted the complete norton removal instructions, including instructions for reinstalling avast. Maybe the post got lost in the strange forum behavior.

@Lava25

Is avast working??

37

Avast seems to be working as far as I know. It is updating and showing in the lower right corner as well. I will follow your instructions for the uninstall of Norton. Then I will continue to try the combofix and previous instructions. The control panel is back though so that helps a lot. There has also been an error that comes up when it reboots. I’ll write it down after the next reboot and post it.

38

;)Alright here is the latest Dss log and the error I keep getting is that this file was typed in incorrectly and to try again:
‘c:\windows\system32\proper\exe’
Thnaks again for all of your help!
Deckard’s System Scanner v20071014.68
Run by Owner on 2007-12-17 10:51:00
Computer is in Normal Mode.

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).

– HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-17 10:51:30
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\IC Media Corp\ICM532\launchpad.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe

39

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B4F9A677-88EE-C19A-29C7-4D0EFD6F3B81} - C:\WINDOWS\sdktj32.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [1F.tmp] C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp.exe 4 10001
O4 - HKLM..\Run: [netod32.exe] C:\WINDOWS\system32\netod32.exe
O4 - HKLM..\Run: [winxf.exe] C:\WINDOWS\system32\winxf.exe
O4 - HKLM..\Run: [javaee32.exe] C:\WINDOWS\javaee32.exe
O4 - HKLM..\Run: [msnappau] “C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe”
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE”
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [DWQueuedReporting] “C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t (User ‘Default user’)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Launchpad.lnk = C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKCU)
O15 - Trusted Zone: *.scoobidoo.com (HKCU)
O15 - Trusted Zone: *.static.topconverting.com (HKCU)
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103922804920
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4053/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} () - http://download.microsoft.com/download/PowerPoint2002/Install/10.0.2609/WIN98MeXP/EN-US/msorun.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/chuzzle/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

40


End of file - 11470 bytes

– Files created between 2007-11-17 and 2007-12-17 -----------------------------

2007-12-14 10:44:46 0 d-------- C:\Program Files\iWin
2007-12-13 20:04:41 0 d------c- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-13 20:04:06 0 d–h—c- C:\Documents and Settings\Administrator\NetHood
2007-12-13 20:04:06 0 dr-----c- C:\Documents and Settings\Administrator\My Documents
2007-12-13 20:04:06 0 d–h—c- C:\Documents and Settings\Administrator\Local Settings
2007-12-13 20:04:06 0 dr-----c- C:\Documents and Settings\Administrator\Favorites
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Desktop
2007-12-13 20:04:06 0 d–hs–c- C:\Documents and Settings\Administrator\Cookies
2007-12-13 20:04:06 0 dr-h—c- C:\Documents and Settings\Administrator\Application Data
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\You’ve Got Pictures Screensaver
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\Sun
2007-12-13 20:04:06 0 d—s–c- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\Identities
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-13 20:04:06 0 d------c- C:\Documents and Settings\Administrator\Application Data\AOL
2007-12-13 20:04:05 0 d–h—c- C:\Documents and Settings\Administrator\Templates
2007-12-13 20:04:05 0 dr-----c- C:\Documents and Settings\Administrator\Start Menu
2007-12-13 20:04:05 0 dr-h—c- C:\Documents and Settings\Administrator\SendTo
2007-12-13 20:04:05 0 dr-h—c- C:\Documents and Settings\Administrator\Recent
2007-12-13 20:04:05 0 d–h—c- C:\Documents and Settings\Administrator\PrintHood
2007-12-13 20:04:05 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-12-13 16:20:59 0 d------c- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-13 16:19:45 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-13 16:19:45 0 d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2007-12-13 16:18:57 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-12 20:13:58 0 d-------- C:\Program Files\Common Files\xing shared
2007-12-12 20:10:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2007-12-10 20:28:02 0 d-------- C:\WINDOWS\pss
2007-12-10 19:58:09 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-10 19:34:52 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2007-12-10 13:52:26 0 d-------- C:\Program Files\Windows Defender
2007-12-10 13:42:34 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-10 09:30:12 0 d-------- C:\Program Files\Alwil Software
2007-12-09 23:33:38 0 --a------ C:\WINDOWS\wsystmp_usl.exe
2007-12-09 23:33:06 87552 --a------ C:\WINDOWS\system32\spoolc.exe
2007-12-09 23:33:04 291328 --a------ C:\WINDOWS\system32\libcurl.dll <Not Verified; The cURL library, http://curl.haxx.se/; The cURL library>
2007-12-09 23:33:02 59392 --a------ C:\WINDOWS\derc32xz.exe
2007-12-09 23:32:39 138240 --a------ C:\WINDOWS\xnnnav.exe
2007-12-09 23:32:35 1162732 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat
2007-12-09 23:32:32 14 --a------ C:\WINDOWS\system32\dllgh8jkd1q8.exe
2007-12-09 23:30:36 18944 --a------ C:\WINDOWS\system32\wowfx.dll
2007-12-08 18:36:29 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-12-06 17:57:41 0 d-------- C:\Program Files\Common Files\SupportSoft
2007-12-06 17:57:16 0 d-------- C:\Program Files\CHARTER

– Find3M Report ---------------------------------------------------------------

2007-12-17 10:26:45 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-15 22:21:46 0 d-------- C:\Program Files\BigFix
2007-12-15 18:24:30 0 d-------- C:\Program Files\Common Files
2007-12-13 16:51:13 2514 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2007-12-13 15:47:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities
2007-12-12 20:13:38 0 d-------- C:\Program Files\Common Files\Real
2007-12-10 13:52:06 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-12-06 17:50:09 0 d–h----- C:\Program Files\InstallShield Installation Information
2007-11-13 09:57:06 0 d-------- C:\Program Files\Apple Software Update
2007-11-13 01:28:47 0 d-------- C:\Program Files\iTunes
2007-11-13 01:28:17 0 d-------- C:\Program Files\iPod
2007-11-13 01:25:30 0 d-------- C:\Program Files\QuickTime
2007-11-06 10:40:20 0 d-------- C:\Program Files\MMKids

– Registry Dump ---------------------------------------------------------------

Note empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{B4F9A677-88EE-C19A-29C7-4D0EFD6F3B81}]
C:\WINDOWS\sdktj32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2003-10-31 20:42]
“SunKistEM”=“C:\Program Files\Digital Media Reader\shwiconem.exe” [2004-03-11 16:18]
“HotKeysCmds”=“C:\WINDOWS\System32\hkcmd.exe” [2004-01-29 20:13]
“1F.tmp”=“C:\DOCUME~1\Owner\LOCALS~1\Temp\1F.tmp.exe”
“netod32.exe”=“C:\WINDOWS\system32\netod32.exe”
“winxf.exe”=“C:\WINDOWS\system32\winxf.exe”
“javaee32.exe”=“C:\WINDOWS\javaee32.exe”
“msnappau”=“C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\msnappau.exe” [2005-06-09 13:56]
“UserFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -u”
“SoundMan”=“SOUNDMAN.EXE” [2005-04-15 10:01 C:\WINDOWS\SOUNDMAN.EXE]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2005-02-16 22:11]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-10-19 20:16]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2007-11-02 18:36]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 07:00]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-12-12 20:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MsnMsgr”=“C:\Program Files\MSN Messenger\MsnMsgr.exe” [2007-01-19 12:54]
“H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE” [2005-01-04 11:50]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:56]
“Uniblue RegistryBooster 2”=“C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06]

[HKEY_USERS.default\software\microsoft\windows\currentversion\run]
“DWQueuedReporting”=“C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe” -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
Launchpad.lnk - C:\Program Files\IC Media Corp.\ICM532\Launchpad.exe [2004-12-26 12:12:08]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Shell”=“Explorer.exe C:\WINDOWS\system32\proper.exe”

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@=“Volume shadow copy”

– End of Deckard’s System Scanner: finished at 2007-12-17 10:52:02 ------------