A couple of days ago my computer became infected with a trojan, i tried doing a scan with Norton, but it didnt come up with anything. Anyway i looked for a solution and found a software called SUPERAntispyware. After doing a scan using that program i discovered i had a trojan and a vundo variant. Before finding this site, i kept on doing a scan and each time the number of infections would go until it came to one last one which was vundo variant resident. even after deleting and quarintining it, it would come back.
This all started when i tryed downloading a mediacodec from some dodgy site so that could be the problem.
Before all the desktop icons and start menu would appear and disappear. now after all those scans that has been sorted but the computer is extremely slow unless i terminate explorer.exe which now always has a 100% usage.
Sorry for the long story, but after following instruction on the first thread here is my lofile for dss.exe
I have attached a pandascan log and the extra.txt for dss
thanks
Deckard's System Scanner v20071014.68
Run by Sailesh Shah on 2008-04-12 21:23:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-04-12 20:23:31 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Sailesh Shah.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:16, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Khelan\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sailesh Shah.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...VfG1acVOx1kM+0BKfDpR5gP4EPXrgSWyjJZQA3bfyeSiM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {61E3E65F-4150-4CA5-AF55-5A038594758F} - C:\WINDOWS\system32\ljJCvUOe.dll (file missing)
O2 - BHO: (no name) - {63AB48C9-01A8-495C-8194-A715DB8A37A2} - C:\WINDOWS\system32\nnnkHaAT.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: DVA Media - {BA6BD7B1-990F-4D05-8D6C-9CBAFCB3C7ED} - C:\WINDOWS\temlxopqpkd.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: vnbptxlf - {273127BD-6681-45C8-A0FB-205BE4AEFBF8} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2717.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [INTERNETBIN] C:\DOCUME~1\SAILES~1\APPLIC~1\STARTD~1\2 amok.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnkHaAT - C:\WINDOWS\SYSTEM32\nnnkHaAT.dll
O21 - SSODL: qdnkewfa - {A56A7A9B-8516-4303-8A3C-0A49819D4018} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: mgsvflkw - {DF8FDAEE-477D-4F31-AE6A-63D282E1CCF4} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 14925 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DynCal (Dynamic Calibration Service) - c:\windows\system32\drivers\dyncal.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 cdrmkaun - c:\docume~1\sailes~1\locals~1\temp\cdrmkaun.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 SABProcEnum - c:\progra~1\yahoo!\browser\sabprocenum.sys (file missing)
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe (file missing)
S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-12 21:00:00 282 --ah----- C:\WINDOWS\Tasks\AAAB0C2291848866.job
2008-04-11 20:00:00 578 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sailesh Shah.job
2008-03-20 19:03:46 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-12 and 2008-04-12 -----------------------------
2008-04-12 21:11:48 0 d-------- C:\ie-spyad_zo
2008-04-12 21:05:02 0 d-------- C:\Program Files\SpywareBlaster
2008-04-12 19:05:20 0 d-------- C:\WINDOWS\LastGood
2008-04-12 19:01:05 0 d-------- C:\Program Files\Panda Security
2008-04-12 18:44:41 272384 --a------ C:\WINDOWS\system32\ssqQheDU.dll
2008-04-12 02:40:18 0 d-------- C:\Program Files\Trend Micro
2008-04-11 23:45:36 162829 --ahs---- C:\WINDOWS\system32\eOUvCJjl.ini2
2008-04-11 19:28:32 163658 --ahs---- C:\WINDOWS\system32\FehRtBeg.ini2
2008-04-11 17:35:44 0 d-------- C:\WINDOWS\pss
2008-04-11 13:58:03 165170 --ahs---- C:\WINDOWS\system32\GOWvCfhk.ini2
2008-04-11 07:31:40 160296 --ahs---- C:\WINDOWS\system32\ttEKlnpo.ini2
2008-04-11 02:40:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-11 02:39:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-11 02:39:57 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\SUPERAntiSpyware.com
2008-04-11 02:39:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 19:43:08 191420 --ahs---- C:\WINDOWS\system32\CLkmonpo.ini2
2008-04-10 14:57:01 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\TmpRecentIcons
2008-04-10 13:12:21 37888 --a------ C:\WINDOWS\system32\vtUmKDut.dll
2008-04-10 13:10:28 184320 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-10 13:10:28 217088 --a------ C:\WINDOWS\temlxopqpkd.dll
2008-04-10 13:10:28 229376 --a------ C:\WINDOWS\qdnkewfa.dll
2008-04-10 13:10:28 262144 --a------ C:\WINDOWS\mgsvflkw.dll
2008-04-10 13:10:28 81920 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-10 13:09:44 37888 --a------ C:\WINDOWS\system32\nnnkHaAT.dll
2008-04-06 12:38:12 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\PowerChallenge
2008-03-20 03:05:43 0 d-------- C:\Documents and Settings\Khelan\Application Data\Apple Computer
2008-03-16 23:46:58 0 d-------- C:\Documents and Settings\Khelan\Application Data\Yahoo!
2008-03-16 23:41:45 0 d-------- C:\Documents and Settings\Khelan\Contacts
2008-03-15 21:00:52 0 d-------- C:\Program Files\Cedelia
-- Find3M Report ---------------------------------------------------------------
2008-04-12 21:25:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 19:03:53 3319 --a------ C:\WINDOWS\mozver.dat
2008-04-12 18:01:53 0 d-------- C:\Program Files\Fotoinsight
2008-04-12 13:38:19 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\BitTorrent
2008-04-11 19:58:30 0 d-------- C:\Program Files\Norton Internet Security
2008-04-11 03:00:16 0 d-------- C:\Program Files\Helper
2008-04-11 02:39:32 0 d-------- C:\Program Files\Common Files
2008-04-10 20:49:42 0 d-------- C:\Program Files\Symantec
2008-04-06 19:23:35 34222 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-21 12:42:13 0 d-------- C:\Program Files\TVUPlayer
2008-02-05 15:37:38 2581 --a------ C:\Program Files\tmp878563.exe
2008-01-25 14:36:50 825 --ahs---- C:\WINDOWS\system32\mmf.sys
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61E3E65F-4150-4CA5-AF55-5A038594758F}]
C:\WINDOWS\system32\ljJCvUOe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63AB48C9-01A8-495C-8194-A715DB8A37A2}]
10/04/2008 13:09 37888 --a------ C:\WINDOWS\system32\nnnkHaAT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA6BD7B1-990F-4D05-8D6C-9CBAFCB3C7ED}]
10/04/2008 12:43 217088 --a------ C:\WINDOWS\temlxopqpkd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/06/2003 00:07]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/10/2003 22:11]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 12:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/08/2003 02:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [13/02/2003 02:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [06/09/2006 02:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [26/10/2004 13:01]
"nwiz"="nwiz.exe" [26/10/2004 13:01 C:\WINDOWS\system32\nwiz.exe]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [02/06/2003 19:25]
"BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 05:59 C:\WINDOWS\BCMSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 04:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/12/2006 19:37]
"RemoteControl"="C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe" [27/10/2003 03:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/11/2006 11:48]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [09/12/2003 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [16/01/2003 11:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [12/08/2004 14:33]
"avp"="C:\WINDOWS\TEMP\win2717.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [12/08/2004 14:18]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"INTERNETBIN"="C:\DOCUME~1\SAILES~1\APPLIC~1\STARTD~1\2 amok.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [08/09/2007 00:01]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [31/08/2005 18:11]
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" [31/07/2006 21:00]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [13/11/2007 16:48]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]
C:\Documents and Settings\Sailesh Shah\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [07/09/2007 22:18:17]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [20/07/2007 18:57:16]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15/05/2003 02:19:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{63AB48C9-01A8-495C-8194-A715DB8A37A2}"= C:\WINDOWS\system32\nnnkHaAT.dll [10/04/2008 13:09 37888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qdnkewfa"= {A56A7A9B-8516-4303-8A3C-0A49819D4018} - C:\WINDOWS\qdnkewfa.dll [10/04/2008 12:43 229376]
"mgsvflkw"= {DF8FDAEE-477D-4F31-AE6A-63D282E1CCF4} - C:\WINDOWS\mgsvflkw.dll [10/04/2008 12:43 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHaAT]
nnnkHaAT.dll 10/04/2008 13:09 37888 C:\WINDOWS\system32\nnnkHaAT.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXQghGv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Madden08.exe
*Newly Created Service* - COMHOST
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2008-04-12 21:31:19 ------------
This all started when i tryed downloading a mediacodec from some dodgy site so that could be the problem.
Before all the desktop icons and start menu would appear and disappear. now after all those scans that has been sorted but the computer is extremely slow unless i terminate explorer.exe which now always has a 100% usage.
Sorry for the long story, but after following instruction on the first thread here is my lofile for dss.exe
I have attached a pandascan log and the extra.txt for dss
thanks
Deckard's System Scanner v20071014.68
Run by Sailesh Shah on 2008-04-12 21:23:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-04-12 20:23:31 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Sailesh Shah.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:16, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Khelan\My Documents\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sailesh Shah.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=...VfG1acVOx1kM+0BKfDpR5gP4EPXrgSWyjJZQA3bfyeSiM
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {61E3E65F-4150-4CA5-AF55-5A038594758F} - C:\WINDOWS\system32\ljJCvUOe.dll (file missing)
O2 - BHO: (no name) - {63AB48C9-01A8-495C-8194-A715DB8A37A2} - C:\WINDOWS\system32\nnnkHaAT.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: DVA Media - {BA6BD7B1-990F-4D05-8D6C-9CBAFCB3C7ED} - C:\WINDOWS\temlxopqpkd.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: vnbptxlf - {273127BD-6681-45C8-A0FB-205BE4AEFBF8} - C:\WINDOWS\vnbptxlf.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win2717.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [INTERNETBIN] C:\DOCUME~1\SAILES~1\APPLIC~1\STARTD~1\2 amok.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Poker - http://download2.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://downloads.broadbandassist.com/BTYahoo!Help//PreQual/files/MotivePreQual.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: nnnkHaAT - C:\WINDOWS\SYSTEM32\nnnkHaAT.dll
O21 - SSODL: qdnkewfa - {A56A7A9B-8516-4303-8A3C-0A49819D4018} - C:\WINDOWS\qdnkewfa.dll
O21 - SSODL: mgsvflkw - {DF8FDAEE-477D-4F31-AE6A-63D282E1CCF4} - C:\WINDOWS\mgsvflkw.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 14925 bytes
-- File Associations -----------------------------------------------------------
.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 OMCI (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R3 DynCal (Dynamic Calibration Service) - c:\windows\system32\drivers\dyncal.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
S3 cdrmkaun - c:\docume~1\sailes~1\locals~1\temp\cdrmkaun.sys (file missing)
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\progra~1\common~1\motive\mrendis5.sys (file missing)
S3 SABProcEnum - c:\progra~1\yahoo!\browser\sabprocenum.sys (file missing)
S3 ss_bus (Samsung Mobile USB Device 1.0 driver (WDM)) - c:\windows\system32\drivers\ss_bus.sys <Not Verified; MCCI; Samsung Mobile USB Device 1.0>
S3 ss_mdfl (SAMSUNG Mobile USB Modem 1.0 Filter) - c:\windows\system32\drivers\ss_mdfl.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0 Filter>
S3 ss_mdm (SAMSUNG Mobile USB Modem 1.0 Drivers) - c:\windows\system32\drivers\ss_mdm.sys <Not Verified; MCCI; SAMSUNG Mobile USB Modem 1.0>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S2 LicCtrlService (LicCtrl Service) - c:\windows\runservice.exe (file missing)
S2 WLTRYSVC - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-04-12 21:00:00 282 --ah----- C:\WINDOWS\Tasks\AAAB0C2291848866.job
2008-04-11 20:00:00 578 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Sailesh Shah.job
2008-03-20 19:03:46 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-03-12 and 2008-04-12 -----------------------------
2008-04-12 21:11:48 0 d-------- C:\ie-spyad_zo
2008-04-12 21:05:02 0 d-------- C:\Program Files\SpywareBlaster
2008-04-12 19:05:20 0 d-------- C:\WINDOWS\LastGood
2008-04-12 19:01:05 0 d-------- C:\Program Files\Panda Security
2008-04-12 18:44:41 272384 --a------ C:\WINDOWS\system32\ssqQheDU.dll
2008-04-12 02:40:18 0 d-------- C:\Program Files\Trend Micro
2008-04-11 23:45:36 162829 --ahs---- C:\WINDOWS\system32\eOUvCJjl.ini2
2008-04-11 19:28:32 163658 --ahs---- C:\WINDOWS\system32\FehRtBeg.ini2
2008-04-11 17:35:44 0 d-------- C:\WINDOWS\pss
2008-04-11 13:58:03 165170 --ahs---- C:\WINDOWS\system32\GOWvCfhk.ini2
2008-04-11 07:31:40 160296 --ahs---- C:\WINDOWS\system32\ttEKlnpo.ini2
2008-04-11 02:40:13 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-11 02:39:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-11 02:39:57 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\SUPERAntiSpyware.com
2008-04-11 02:39:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 19:43:08 191420 --ahs---- C:\WINDOWS\system32\CLkmonpo.ini2
2008-04-10 14:57:01 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\TmpRecentIcons
2008-04-10 13:12:21 37888 --a------ C:\WINDOWS\system32\vtUmKDut.dll
2008-04-10 13:10:28 184320 --a------ C:\WINDOWS\vnbptxlf.dll
2008-04-10 13:10:28 217088 --a------ C:\WINDOWS\temlxopqpkd.dll
2008-04-10 13:10:28 229376 --a------ C:\WINDOWS\qdnkewfa.dll
2008-04-10 13:10:28 262144 --a------ C:\WINDOWS\mgsvflkw.dll
2008-04-10 13:10:28 81920 --a------ C:\WINDOWS\apoxqwfv.exe
2008-04-10 13:09:44 37888 --a------ C:\WINDOWS\system32\nnnkHaAT.dll
2008-04-06 12:38:12 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\PowerChallenge
2008-03-20 03:05:43 0 d-------- C:\Documents and Settings\Khelan\Application Data\Apple Computer
2008-03-16 23:46:58 0 d-------- C:\Documents and Settings\Khelan\Application Data\Yahoo!
2008-03-16 23:41:45 0 d-------- C:\Documents and Settings\Khelan\Contacts
2008-03-15 21:00:52 0 d-------- C:\Program Files\Cedelia
-- Find3M Report ---------------------------------------------------------------
2008-04-12 21:25:59 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-12 19:03:53 3319 --a------ C:\WINDOWS\mozver.dat
2008-04-12 18:01:53 0 d-------- C:\Program Files\Fotoinsight
2008-04-12 13:38:19 0 d-------- C:\Documents and Settings\Sailesh Shah\Application Data\BitTorrent
2008-04-11 19:58:30 0 d-------- C:\Program Files\Norton Internet Security
2008-04-11 03:00:16 0 d-------- C:\Program Files\Helper
2008-04-11 02:39:32 0 d-------- C:\Program Files\Common Files
2008-04-10 20:49:42 0 d-------- C:\Program Files\Symantec
2008-04-06 19:23:35 34222 --a------ C:\WINDOWS\system32\nvModes.dat
2008-02-21 12:42:13 0 d-------- C:\Program Files\TVUPlayer
2008-02-05 15:37:38 2581 --a------ C:\Program Files\tmp878563.exe
2008-01-25 14:36:50 825 --ahs---- C:\WINDOWS\system32\mmf.sys
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61E3E65F-4150-4CA5-AF55-5A038594758F}]
C:\WINDOWS\system32\ljJCvUOe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63AB48C9-01A8-495C-8194-A715DB8A37A2}]
10/04/2008 13:09 37888 --a------ C:\WINDOWS\system32\nnnkHaAT.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA6BD7B1-990F-4D05-8D6C-9CBAFCB3C7ED}]
10/04/2008 12:43 217088 --a------ C:\WINDOWS\temlxopqpkd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [11/06/2003 00:07]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [05/10/2003 22:11]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [11/04/2004 12:43]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/08/2003 02:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [13/02/2003 02:01]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/01/2007 22:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [06/09/2006 02:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [26/10/2004 13:01]
"nwiz"="nwiz.exe" [26/10/2004 13:01 C:\WINDOWS\system32\nwiz.exe]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [02/06/2003 19:25]
"BCMSMMSG"="BCMSMMSG.exe" [29/08/2003 05:59 C:\WINDOWS\BCMSMMSG.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [12/10/2006 04:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/12/2006 19:37]
"RemoteControl"="C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe" [27/10/2003 03:04]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/11/2006 11:48]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [09/12/2003 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24]
"RTBatteryMeter"="C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe" [16/01/2003 11:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [26/09/2007 14:42]
"ctfmona"="C:\WINDOWS\system32\ctfmona.exe" [12/08/2004 14:33]
"avp"="C:\WINDOWS\TEMP\win2717.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [29/01/2008 17:38]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [12/08/2004 14:18]
"Sonic RecordNow!"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"INTERNETBIN"="C:\DOCUME~1\SAILES~1\APPLIC~1\STARTD~1\2 amok.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [08/09/2007 00:01]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [31/08/2005 18:11]
"eyeBeam SIP Client"="C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe" [31/07/2006 21:00]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [13/11/2007 16:48]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [29/02/2008 16:03]
C:\Documents and Settings\Sailesh Shah\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [07/09/2007 22:18:17]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [20/07/2007 18:57:16]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15/05/2003 02:19:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{63AB48C9-01A8-495C-8194-A715DB8A37A2}"= C:\WINDOWS\system32\nnnkHaAT.dll [10/04/2008 13:09 37888]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qdnkewfa"= {A56A7A9B-8516-4303-8A3C-0A49819D4018} - C:\WINDOWS\qdnkewfa.dll [10/04/2008 12:43 229376]
"mgsvflkw"= {DF8FDAEE-477D-4F31-AE6A-63D282E1CCF4} - C:\WINDOWS\mgsvflkw.dll [10/04/2008 12:43 262144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkHaAT]
nnnkHaAT.dll 10/04/2008 13:09 37888 C:\WINDOWS\system32\nnnkHaAT.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\cbXQghGv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\Madden08.exe
*Newly Created Service* - COMHOST
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2008-04-12 21:31:19 ------------