Member Panel

sam1_r

recently I was in the progress of installing a program when my kaspersky Internet security warned of various Trojans. I cancelled the install and a message popped up saying that the of would restart in 1 minute. After the restart the pc would not reach the login and would stay at a black screen. I could only access the pc through safe mode. I put the pc back 2 last known good configuration and I can now login in normal mode. I carried out various anti virus and anti spyware scans with no results. I still suspect there is a Trojan because when I go to the login for my online bank the page is different requesting more information than usual. I have checked on other pcs and it is definately redirecting me. Please help.

Below are the logs created by the dss.exe program as requested. Hope it helps!

Main.txt

Deckard's System Scanner v20071014.68
Run by User on 2008-06-21 19:40:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as User.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:24, on 21/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
J:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\User\Desktop\dss.exe
C:\Users\User\Desktop\User.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = myAOL | HP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = myAOL | HP
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - J:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Rmn plugin - {D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A} - jzcom32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [MessengerPlus3] "J:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = J:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://J:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - J:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashpoker.ladbrokes.com/ladbrokes/FlashAX.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - J:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROG RA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - J:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - J:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11499 bytes
-- File Associations -----------------------------------------------------------
All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
R2 LkCitadelServer (Lookout Citadel Server) - c:\windows\system32\lkcitdl.exe <Not Verified; National Instruments, Inc.; National Instruments Logos>
R2 lkClassAds (National Instruments PSP Server Locator) - c:\windows\system32\lkads.exe <Not Verified; National Instruments, Inc.; National Instruments Logos>
R2 lkTimeSync (National Instruments Time Synchronization) - c:\windows\system32\lktsrv.exe <Not Verified; National Instruments, Inc.; National Instruments Logos>
R2 niSvcLoc (NI Service Locator) - c:\windows\system32\nisvcloc.exe -s <Not Verified; National Instruments Corp.; National Instruments Service Locator>
S2 NIDomainService (National Instruments Domain Service) - "j:\program files\national instruments\shared\security\nidmsrv.exe" <Not Verified; National Instruments, Inc.; National Instruments Logos>
S3 NILM License Manager - "j:\program files\national instruments\shared\license manager\bin\lmgrd.exe" <Not Verified; Macrovision Corporation; >
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: HP Pavilion Webcam
Device ID: ROOT\IMAGE\0000
Manufacturer: Ricoh
Name: HP Pavilion Webcam
PNP Device ID: ROOT\IMAGE\0000
Service: usbvideo

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------
2008-06-20 23:23:30 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-20 23:23:05 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-20 23:21:43 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 16:57:26 0 d-------- C:\Program Files\PestPatrol
2008-06-20 15:31:53 0 -rahs---- C:\MSDOS.SYS
2008-06-20 15:31:53 0 -rahs---- C:\IO.SYS
2008-06-20 14:24:57 22383 --a------ C:\Windows\system32\sklh.dat
2008-06-20 14:24:57 45056 --a------ C:\Windows\system32\jzcom32.dll <Not Verified; Gorosoft inc.; Asdam>
2008-06-20 14:24:54 66048 --a------ C:\pxny.exe
2008-05-29 22:17:51 0 d-------- C:\Users\All Users\NVIDIA
2008-05-29 14:34:32 0 d-------- C:\eupod
2008-05-28 16:59:41 0 d-------- C:\Program Files\Apple Software Update

-- Find3M Report ---------------------------------------------------------------
2008-06-21 12:42:54 42062 --a------ C:\Users\User\AppData\Roaming\nvModes.001
2008-06-21 12:32:43 1814 --a------ C:\Windows\bthservsdp.dat
2008-06-21 01:22:41 42062 --a------ C:\Users\User\AppData\Roaming\nvModes.dat
2008-06-20 23:24:02 0 d-------- C:\Users\User\AppData\Roaming\uTorrent
2008-06-20 23:23:05 0 d-------- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2008-06-20 23:21:43 0 d-------- C:\Program Files\Common Files
2008-06-12 13:46:36 0 d-------- C:\Program Files\Windows Mail
2008-05-21 19:14:58 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-18 12:27:36 0 d-------- C:\Users\User\AppData\Roaming\LG Electronics
2008-05-18 12:24:16 0 d-------- C:\Program Files\LG Electronics
2008-05-18 12:24:09 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-02 18:39:31 0 d-------- C:\Program Files\HP
2008-04-21 17:15:22 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-10 19:58:50 83 --a------ C:\Windows\system32\'
2008-04-10 19:53:03 675328 --a------ C:\Windows\is-209U4.exe <Not Verified; ; Inno Setup>

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/03/2008 02:47]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [15/09/2007 03:50]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [25/11/2006 00:33]
"NapsterShell"="C:\Program Files\Napster\napster.exe" []
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/11/2006 19:58]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [29/11/2006 00:42]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [18/10/2006 18:56]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [18/10/2006 18:32]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [28/02/2008 03:39]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [28/06/2007 13:51]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [21/09/2007 04:10 C:\Windows\KHALMNPR.Exe]
"GrooveMonitor"="J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 01:47]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 03:29]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 10:36]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [08/05/2007 16:24]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11:26]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11:26]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [27/02/2007 11:26]
"MSConfig"="C:\Windows\system32\msconfig.exe" [02/11/2006 10:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MessengerPlus3"="J:\Program Files\MessengerPlus! 3\MsgPlus.exe" [04/03/2008 01:39]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 13:35]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 13:36]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [21/06/2007 14:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce]
"Launcher"=%WINDIR%\SMINST\launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23/10/2006 10:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23/10/2006 09:01:50]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [03/11/2006 18:55:50]
Logitech SetPoint.lnk - J:\Program Files\Logitech\SetPoint\SetPoint.exe [04/03/2008 01:03:19]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3h ook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dl l
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\AppInfo]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\KeyIso]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\NTDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\ProfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\sacsvr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SWPRV]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TabletInputService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TBS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\TrustedInstaller]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\VDS]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgr.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\volmgrx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
C:\PROGRA~1\PESTPA~1\PPControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPMemCheck]
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ea9d7202-03f5-11dd-a497-001a6b749f1a}]
AutoRun\command- Autorun.exe /run
Shell00\Command- Autorun.exe /run
Shell01\Command- Autorun.exe /action
Shell02\Command- Autorun.exe /uninstall

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-06-21 19:45:46 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English
CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 2046 MiB / 984.2 MiB
Pagefile Memory (total/avail): 4283.78 MiB / 3241.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.18 MiB
C: is Fixed (NTFS) - 77.69 GiB total, 58.41 GiB free.
D: is Fixed (NTFS) - 5.29 GiB total, 1.16 GiB free.
E: is CDROM (No Media)
F: is Fixed (FAT32) - 232.83 GiB total, 111.23 GiB free.
J: is Fixed (NTFS) - 66.07 GiB total, 19.08 GiB free.
\\.\PHYSICALDRIVE0 - ST916082 1AS SCSI Disk Device - 149.05 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 77.69 GiB - C:
\PARTITION1 - Installable File System - 66.07 GiB - J:
\PARTITION2 - Installable File System - 5.29 GiB - D:
\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 232.88 GiB - F:

-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]

-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\User\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\User
KMP_DUPLICATE_LIB_OK=TRUE
LOCALAPPDATA=C:\Users\User\AppData\Local
LOGONSERVER=\\USER-PC
MKL_SERIAL=YES
NUMBER_OF_PROCESSORS=2
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\sys tem32\wbem;c:\program files\common files\roxio shared\dllshared\;c:\program files\common files\roxio shared\dllshared\;c:\program files\common files\roxio shared\9.0\dllshared\;J:\Program Files\MATLAB\R2007a\bin;J:\Program Files\MATLAB\R2007a\bin\win32;J:\Program Files\Flash Magic;C:\Program Files\QuickTime\QTSystem\;;J:\Program Files\RIDE\Bin;;J:\PROGRA~1\FLASHM~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH;.MSC
PCBRAND=Pavilion
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\User\AppData\Local\Temp
TMP=C:\Users\User\AppData\Local\Temp
USERDOMAIN=User-PC
USERNAME=User
USERPROFILE=C:\Users\User
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------
User
Mcx1

-- Add/Remove Programs ---------------------------------------------------------
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activ eX.exe
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASL_HS_Installer32 --> MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
µTorrent --> "J:\Program Files\uTorrent\uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CDDRV_Installer --> MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
DivX --> J:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Flash Magic 4.18 --> "J:\Program Files\Flash Magic\unins000.exe"
GIMP 2.4.5 --> "J:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GSpot Codec Information Appliance --> J:\Program Files\GSpot\Uninstall.exe
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_504 5&SUBSYS_103C30B7\UIU32m.EXE -U -IwqcVenz.inf
Hewlett-Packard Active Check --> MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent --> MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HI-TECH C51-lite V9.60PL0 --> "C:\Program Files\HI-TECH Software\HC51\lite\9.60\resources\setup.exe"
HI-TECH PICC lite V9.60PL0 --> "C:\Program Files\HI-TECH Software\PICC\lite\9.60\resources\setup.exe"
HP Active Support Library --> C:\Program Files\InstallShield Installation Information\{21E62565-8639-457C-B64C-A3FF0A8B4D80}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support --> MsiExec.exe /I{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}
HP Integrated Module with Bluetooth wireless technology 6.0.1.3100 --> MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
HP Pavilion Webcam Driver for Vista v061.001.00005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}\setup.exe" -l0x9 -removeonly
HP Quick Launch Buttons 6.10 B9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 uninst
HP QuickPlay 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guide 0041 --> MsiExec.exe /I{ABFBC596-7EB3-4E4D-A1A3-D2B6806EF1FE}
HP Wireless Assistant --> MsiExec.exe /I{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 3.8.0 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LG PC Suite --> C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
MATLAB R2007a --> J:\Program Files\MATLAB\R2007a\uninstall\uninstall.exe J:\Program Files\MATLAB\R2007a\
Messenger Plus! 3 --> "J:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "J:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upda tes\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Upda tes\M929729\M929729Uninstall.msp"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
National Instruments Software --> "J:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
NI EULA Depot --> MsiExec.exe /I{0BEA337D-71D0-44C7-A575-932612A00908}
NI MDF Support --> MsiExec.exe /I{53FE1175-1B37-4677-924C-62AFFCC83800}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RKit 6.1 --> J:\Program Files\RIDE\RKITRMV.EXE J:\Program Files\RIDE\uninst.ins
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUnin stall
UltraVNC v1.0.2 --> "J:\Program Files\UltraVNC\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver --> J:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.7 --> "J:\Program Files\WinSCP\unins000.exe"

-- Application Event Log -------------------------------------------------------
Event Record #/Type8758 / Success
Event Submitted/Written: 06/21/2008 00:34:51 PM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type8756 / Error
Event Submitted/Written: 06/21/2008 00:34:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application nidmsrv.exe, version 4.7.0.44, time stamp 0x44c69afd, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x736f6700,
process id 0x838, application start time 0xnidmsrv.exe0.
Event Record #/Type8755 / Success
Event Submitted/Written: 06/21/2008 00:34:50 PM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type8750 / Success
Event Submitted/Written: 06/21/2008 00:34:07 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.
Event Record #/Type8739 / Warning
Event Submitted/Written: 06/21/2008 00:32:36 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2726622324-559001077-1263191089-1000_Classes:
Process 996 (\Device\HarddiskVolume1\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-2726622324-559001077-1263191089-1000_CLASSES

-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------
Event Record #/Type44141 / Warning
Event Submitted/Written: 06/21/2008 07:44:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.
For more information please see the following:
%User-PC275
Scan ID: {9FE9D337-6D9E-41AD-8ABA-54F6A703E991}
User: User-PC\User
Name: %User-PC271
ID: %User-PC272
Severity ID: %User-PC273
Category ID: %User-PC274
Path Found: %User-PC276
Alert Type: %User-PC278
Detection Type: 1.1.1505.02
Event Record #/Type44140 / Warning
Event Submitted/Written: 06/21/2008 07:44:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.
For more information please see the following:
%User-PC275
Scan ID: {84878A56-742F-4832-ABBB-3CC9580517B5}
User: User-PC\User
Name: %User-PC271
ID: %User-PC272
Severity ID: %User-PC273
Category ID: %User-PC274
Path Found: %User-PC276
Alert Type: %User-PC278
Detection Type: 1.1.1505.02
Event Record #/Type44139 / Warning
Event Submitted/Written: 06/21/2008 07:44:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.
For more information please see the following:
%User-PC275
Scan ID: {CFB059F3-AD9A-45AC-BD1E-5051FB81C3A0}
User: User-PC\User
Name: %User-PC271
ID: %User-PC272
Severity ID: %User-PC273
Category ID: %User-PC274
Path Found: %User-PC276
Alert Type: %User-PC278
Detection Type: 1.1.1505.02
Event Record #/Type44138 / Warning
Event Submitted/Written: 06/21/2008 07:44:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.
For more information please see the following:
%User-PC275
Scan ID: {A7F3B5B5-4F76-474D-94EF-14B4AD637589}
User: User-PC\User
Name: %User-PC271
ID: %User-PC272
Severity ID: %User-PC273
Category ID: %User-PC274
Path Found: %User-PC276
Alert Type: %User-PC278
Detection Type: 1.1.1505.02
Event Record #/Type44137 / Warning
Event Submitted/Written: 06/21/2008 07:44:37 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%User-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %User-PC27 can't undo changes that you allow.
For more information please see the following:
%User-PC275
Scan ID: {95646384-0A41-4D9F-BB0A-410CF7A1B4C2}
User: User-PC\User
Name: %User-PC271
ID: %User-PC272
Severity ID: %User-PC273
Category ID: %User-PC274
Path Found: %User-PC276
Alert Type: %User-PC278
Detection Type: 1.1.1505.02

-- End of Deckard's System Scanner: finished at 2008-06-21 19:45:46 ------------

Pancake

Start by installing Service Pack 1.
Download details: Windows Vista Service Pack 1 Five Language Standalone (KB936330)

Next.....

Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.

sam1_r

Hi

I have installed the Viste SP1 and ComboFix but I am confused on what to do next. I am using Vista but i do not have the windows CD as my laptop came with it already installed so I cannot get to the Vista Recovery Envoronment. Is it possible to use the XP Recovery Console??

Thanks

Pancake

Just go ahead an use Combofix.Do the scan and post the log..

sam1_r

Here is the ComboFix and hijack logs.ComboFix 08-06-20.4 - User 2008-06-23 12:10:54.1 - NTFSx86Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1212 [GMT 1:00]Running from: C:\Users\User\Desktop\ComboFix.exe.((((((((((((((( (((((((((( Files Created from 2008-05-23 to 2008-06-23 ))))))))))))))))))))))))))))))).2008-06-22 14:03 . 2008-06-22 14:03 d-------- C:\PerfLogs2008-06-22 13:35 . 2008-06-22 13:14 152,576 --a------ C:\Windows\System32\SPWizUI.dll2008-06-22 13:35 . 2008-06-22 13:14 47,560 --a------ C:\Windows\System32\SPReview.exe2008-06-22 13:19 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe2008-06-22 13:19 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll2008-06-22 13:14 . 2008-06-22 13:36 196,608 --a------ C:\Windows\SPInstall.etl2008-06-22 13:14 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe2008-06-21 19:40 . 2008-06-21 19:40 d-------- C:\Deckard2008-06-20 23:23 . 2008-06-20 23:23 d-------- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com 2008-06-20 23:23 . 2008-06-20 23:23 d-------- C:\Users\All Users\SUPERAntiSpyware.com2008-06-20 23:23 . 2008-06-20 23:23 d-------- C:\ProgramData\SUPERAntiSpyware.com2008-06-20 23:23 . 2008-06-21 13:23 d-------- C:\Program Files\SUPERAntiSpyware2008-06-20 23:21 . 2008-06-20 23:21 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-20 16:57 . 2008-06-20 18:11 d-------- C:\Program Files\PestPatrol2008-06-20 16:57 . 2008-06-20 16:59 1,737 --a------ C:\Windows\SetupPestPatrolCorporate.mif2008-06-20 14:24 . 2008-06-20 14:24 66,048 --a------ C:\pxny.exe2008-06-20 14:24 . 2008-06-20 14:24 45,056 --a------ C:\Windows\System32\jzcom32.dll2008-06-20 14:24 . 2008-06-20 14:24 22,383 --a------ C:\Windows\System32\sklh.dat2008-06-14 18:48 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll2008-06-14 18:48 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll2008-06-14 18:48 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax2008-06-14 18:48 . 2008-01-19 08:33 80,896 --a------ C:\Windows\System32\MSNP.ax2008-06-14 18:48 . 2008-01-19 08:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax2008-06-14 18:48 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax2008-05-29 22:17 . 2008-05-29 22:17 d-------- C:\Users\All Users\NVIDIA2008-05-29 22:17 . 2008-05-29 22:17 d-------- C:\ProgramData\NVIDIA2008-05-29 14:34 . 2008-05-29 14:34 d-------- C:\eupod2008-05-28 16:59 . 2008-05-28 16:59 d-------- C:\Program Files\Apple Software Update2008-05-28 12:25 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll2008-05-28 12:25 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll.((((((((((((((((((( ((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )).2008-06-23 11:12 27,328,032 --sha-w C:\Windows\system32\drivers\fidbox.dat2008-06-23 10:50 --------- d-----w C:\ProgramData\Kaspersky Lab2008-06-23 00:24 372,908 --sha-w C:\Windows\system32\drivers\fidbox.idx2008-06-22 13:14 174 --sha-w C:\Program Files\desktop.ini2008-06-22 13:04 --------- d-----w C:\Program Files\Windows Sidebar2008-06-22 13:04 --------- d-----w C:\Program Files\Windows Photo Gallery2008-06-22 13:04 --------- d-----w C:\Program Files\Windows Mail2008-06-22 13:04 --------- d-----w C:\Program Files\Windows Defender2008-06-22 13:04 --------- d-----w C:\Program Files\Windows Collaboration2008-06-22 13:04 --------- d-----w C:\Program Files\Windows Calendar2008-06-22 12:42 101,888 ----a-w C:\Windows\System32\ifxcardm.dll2008-06-22 12:41 82,432 ----a-w C:\Windows\System32\axaltocm.dll2008-06-21 00:22 42,062 ----a-w C:\Users\User\AppData\Roaming\nvModes.dat2008-06-20 22:24 --------- d-----w C:\Users\User\AppData\Roaming\uTorrent2008-06-11 00:46 --------- d-----w C:\ProgramData\Microsoft Help2008-05-29 18:53 88,774 ----a-w C:\Windows\system32\drivers\klick.dat2008-05-28 16:15 96,966 ----a-w C:\Windows\system32\drivers\klin.dat2008-05-28 13:40 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys2008-05-21 18:44 --------- d-----w C:\ProgramData\Messenger Plus!2008-05-21 18:14 --------- d-----w C:\Program Files\Microsoft Silverlight2008-05-18 11:27 --------- d-----w C:\Users\User\AppData\Roaming\LG Electronics2008-05-18 11:24 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-05-18 11:24 --------- d-----w C:\Program Files\LG Electronics2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys2008-05-02 17:39 --------- d-----w C:\Program Files\HP2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe2008-04-29 01:42 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS2008-04-29 01:42 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll2008-04-10 18:53 675,328 ----a-w C:\Windows\is-209U4.exe2008-03-04 16:14 508 ----a-w C:\Users\User\AppData\Roaming\wklnhst.dat2006-01-23 10:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll2006-06-07 14:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll2008-03-12 13:18 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t2008-03-12 13:18 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat2008-03-12 13:18 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat.(((((((( ((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) ..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9A7B3B6-1F8A-4cf9-A20C-BDF427DBDB4A}][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]"MessengerPlus3"="J:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-03-04 01:39 190024]"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952]"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240]"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-25 00:33 167936]"NapsterShell"="C:\Program Files\Napster\napster.exe" [ ]"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 19:58 159744]"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-29 00:42 46704]"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 18:56 317152]"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 18:32 472800]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2008-02-28 03:39 77824]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]"GrooveMonitor"="J:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]"iTunesHelper"="F:\Program Files\iTunes\iTunesHelper.exe" [ ]"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-18 23:33 227840]"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-02-27 11:26 81920][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-08 02:39 44128]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 10:48:20 AM 40048]Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 9:01:50 AM 734872]Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 6:55:50 PM 703280]Logitech SetPoint.lnk - J:\Program Files\Logitech\SetPoint\SetPoint.exe [3/4/2008 1:03:19 AM 784912][HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3h ook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dl l[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig

Member Panel

Sponsors and Ads

Join the Team

Live Tag Cloud