Solved Error Message: Specified Authentication Package is Unknown

Calypso · 2011/04/01

[Resolved] Error Message: Specified Authentication Package is Unknown

First up, specifications of my laptop:
Del Latitude E6400
Microsoft Windows XP Professional Ver. 2002, Service Pack 3.

Description of problem:
Couple of weeks back, the laptop starting slowing down significantly and it had some fake anti-virus program popping up all the time. I downloaded a spyware removal program and got that resolved.

After some time, the laptop slowed again. This time I simply ran Combofix. However, after running Combofix, I wasn't able to login to Windows via the normal mode or the Safe mode with networking. If I choose either option, when I get to the login screen and hit Ctl+Atl+Del, I'll get an error message stating: A Specified Authentication Package is Unknown. After I click OK, I was directed to the BSOD with an error of "Stop: C000021A ".

I searched online and found a forum which got me to create an Authentication Packages registry entry by using Registry Editor. I went in and found the file there and hence didn't have to do anything at all. But the problem still won't go away.

I went through the instructions on the Malware and Virus Removal Forum as requested by Admin and here are the 5 logs:

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6238

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/2/2011 12:51:22 AM
mbam-log-2011-04-02 (00-51-22).txt

Scan type: Quick scan
Objects scanned: 191632
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-02 10:44:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925042 rev.DE13
Running: qowxqqhi.exe; Driver: C:\DOCUME~1\YINCHA~1\LOCALS~1\Temp\uwrdrpoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA0529620]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device 9B8FBD20
Device 9B9028C1

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\Help\Tours\htmlTour\best_fr.htm 384 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_road.htm 8359 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_road.jpg 7951 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_road_big.jpg 21352 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_road_ghost.jpg 6253 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_robust.htm 8350 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_robust.jpg 6452 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_robust_big.jpg 13667 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_robust_ghost.jpg 5065 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_secure.jpg 6645 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_secure_big.jpg 17777 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_secure_ghost.jpg 5249 bytes
File C:\WINDOWS\Help\Tours\htmlTour\bluearrow.gif 166 bytes
File C:\WINDOWS\Help\Tours\htmlTour\bot_bar.gif 53 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_data.htm 7969 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_data.jpg 6222 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_data_big.jpg 14433 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_data_ghost.jpg 4967 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_multiple.htm 9211 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_multiple.jpg 7192 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_multiple_big.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_multiple_ghost.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_networks.htm 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_networks.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_networks_big.jpg 18137 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_networks_ghost.jpg 5628 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_wizard.htm 8796 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_wizard.jpg 6778 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_wizard_big.jpg 17214 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_wizard_ghost.jpg 5314 bytes
File C:\WINDOWS\Help\Tours\htmlTour\control_up.jpg 4407 bytes
File C:\WINDOWS\Help\Tours\htmlTour\default.htm 4423 bytes
File C:\WINDOWS\Help\Tours\htmlTour\desktop_screen_shot.jpg 22890 bytes
File C:\WINDOWS\Help\Tours\htmlTour\desktop_up.jpg 4232 bytes
File C:\WINDOWS\Help\Tours\htmlTour\end_up.jpg 4399 bytes
File C:\WINDOWS\Help\Tours\htmlTour\folder_up.jpg 4326 bytes
File C:\WINDOWS\Help\Tours\htmlTour\footer.htm 1777 bytes
File C:\WINDOWS\Help\Tours\htmlTour\gradient.jpg 644 bytes
File C:\WINDOWS\Help\Tours\htmlTour\icon_up.jpg 4322 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img004b.jpg 63270 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img033.jpg 66232 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img033a.jpg 67797 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img034.jpg 31079 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img040.jpg 37207 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img046.jpg 108111 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img060.jpg 44618 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img068.jpg 24137 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img072.jpg 41453 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img074a.jpg 42914 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img089.jpg 87264 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img100.jpg 43292 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img109.jpg 43667 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img110.jpg 16257 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img116.jpg 21987 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img121.jpg 31637 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img123.jpg 20762 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img126.jpg 18782 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img136.jpg 77688 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img149.jpg 100686 bytes
File C:\WINDOWS\Help\Tours\htmlTour\logo.jpg 4651 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_best.gif 1221 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_best_down.gif 1161 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_blank.gif 855 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_connected.gif 1211 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_connected_down.gif 1179 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_gray.gif 1496 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_safe_easy.gif 1237 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_safe_easy_down.gif 1176 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_start_here.gif 1130 bytes
File C:\WINDOWS\Help\Tours\htmlTour\best_secure.htm 8362 bytes
File C:\WINDOWS\Help\Tours\htmlTour\connected_fr.htm 401 bytes
File C:\WINDOWS\Help\Tours\htmlTour\img014.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\intro_logo.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_start_here_down.gif 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_fr.htm 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_unlock.gif 1237 bytes
File C:\WINDOWS\Help\Tours\htmlTour\nav_unlock_down.gif 1131 bytes
File C:\WINDOWS\Help\Tours\htmlTour\pen_icon.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\question_icon.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\read_icon.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_better.htm 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easier.htm 7690 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_better.jpg 6416 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_better_big.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_better_ghost.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_easier.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_easier_big.jpg 0 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_easier_ghost.jpg 5040 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_faster.jpg 6782 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_faster_big.jpg 18151 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_easy_faster_ghost.jpg 5330 bytes
File C:\WINDOWS\Help\Tours\htmlTour\safe_faster.htm 7568 bytes
File C:\WINDOWS\Help\Tours\htmlTour\scripts.js 1135 bytes
File C:\WINDOWS\Help\Tours\htmlTour\spacer.gif 43 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_control.htm 9372 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_desktop.htm 8506 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_ending.htm 8760 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_files.htm 8612 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_fr.htm 396 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_icons.htm 9220 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_menu.htm 9230 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_taskbar.htm 9099 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_up.jpg 4337 bytes
File C:\WINDOWS\Help\Tours\htmlTour\start_windows.htm 9921 bytes
File C:\WINDOWS\Help\Tours\htmlTour\style.css 2595 bytes
File C:\WINDOWS\Help\Tours\htmlTour\taskbar_up.jpg 4222 bytes
File C:\WINDOWS\Help\Tours\htmlTour\ul_logo.jpg 6566 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_built.htm 7233 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_built.jpg 6514 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_built_big.jpg 14770 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_built_ghost.jpg 5063 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_fr.htm 399 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized.htm 7041 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized.jpg 6290 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized_big.jpg 14093 bytes
File C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized_ghost.jpg 5135 bytes
File C:\WINDOWS\Help\Tours\htmlTour\window_up.jpg 4366 bytes
File C:\WINDOWS\Help\Tours\mmTour\intro.swf 757717 bytes
File C:\WINDOWS\Help\Tours\mmTour\intro.txt 807 bytes
File C:\WINDOWS\Help\Tours\mmTour\nav.swf 175759 bytes
File C:\WINDOWS\Help\Tours\mmTour\nav.txt 407 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment1.swf 2103945 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment1.txt 747 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment2.swf 1637375 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment2.txt 772 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment3.swf 1635503 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment3.txt 717 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment4.swf 2794421 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment4.txt 633 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment5.swf 7679963 bytes
File C:\WINDOWS\Help\Tours\mmTour\segment5.txt 799 bytes
File C:\WINDOWS\Help\Tours\mmTour\tour.exe 3374640 bytes executable
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\snd.htm 1148 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud1.wav 354468 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud2.wav 86180 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud3.wav 172196 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud4.wav 86180 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud5.wav 86196 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud6.wav 343204 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud7.wav 343204 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud8.wav 172196 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav\wmpaud9.wav 172196 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm 8298 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\wmploc.js 420 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\controls.css 9585 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Css\wmptour.css 1771 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\bktr.gif 1005 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\bktrh.gif 999 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapp.gif 717 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cloapph.gif 760 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cnt.gif 773 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cntd.gif 772 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\cnth.gif 773 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taoff.gif 1380 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taoffh.gif 1367 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taon.gif 1398 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\taonh.gif 1380 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tpause.gif 2450 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tpauseh.gif 2371 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tplay.gif 2469 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\Btn\tplayh.gif 2375 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\mplogo.gif 2545 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\mplogoh.gif 2778 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\tourbg.gif 23829 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\videobg.gif 17489 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\vidsamp.gif 5290 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm1.gif 5789 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm2.gif 7636 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm3.gif 6241 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm4.gif 7369 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm5.gif 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm6.gif 6060 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm7.gif 8677 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm8.gif 4193 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Img\WMarks\wm9.gif 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\controls.js 6878 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\events.js 5971 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Scr\tour.js 3187 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video 0 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\copycd.wmv 381425 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\mdlib.wmv 457607 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\nuskin.wmv 375519 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\rtuner.wmv 572557 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Video\viz.wmv 300969 bytes
File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\wmptour.hta 10457 bytes
File C:\WINDOWS\ie7\reg00369 0 bytes

---- EOF - GMER 1.0.15 ----

broni · 2011/04/01

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================

First of all, it's never a good idea to run Combofix on your own.

Is the computer bootable right now?

I still need other logs.

Calypso · 2011/04/01

Hi broni,

Yea, I kinda figured after I ran the Combofix...

The computer is bootable now and I can login to Windows without any issues. I managed to achieve this after doing a Windows system restore.

Once I could login again, I ran spybot search and destroy which removed some entries. However, I still got the same problem (computer slows down suddenly after some usage - could be 20 mins or could be 2 hours). I have also download process monitor. The process monitor is identifying services.exe as the process that spikes the CPU usage.

Anyhow, after which, I decided to post on this forum, and have done the five steps mentioned. Please see the remaining logs below. Thank you!

MBRCheck

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 161):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xB9F23000 dmio.sys
0xBA328000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA670000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9E53000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E33000 fltMgr.sys
0xB9E21000 sr.sys
0xBA5AC000 DLACDBHM.SYS
0xB9E0A000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DF3000 KSecDD.sys
0xB9D66000 Ntfs.sys
0xB9D39000 NDIS.sys
0xBA108000 PBADRV.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D1F000 Mup.sys
0xBA298000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9504000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA490000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB81D7000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB81C3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8185000 \SystemRoot\system32\DRIVERS\e1y5132.sys
0xBA458000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8161000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA460000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8139000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7DC2000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB7DAE000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA288000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB7D81000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB7D05000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB96D9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB96D5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB7C14000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xBA682000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB96D1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7BFD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA308000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA338000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7BEC000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA318000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA348000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA350000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA578000 \SystemRoot\system32\DRIVERS\pnetmdm.sys
0xBA358000 \SystemRoot\System32\Drivers\Modem.SYS
0xB7BBC000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA178000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA606000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7B5E000 \SystemRoot\system32\DRIVERS\update.sys
0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA488000 \SystemRoot\system32\DRIVERS\btport.sys
0xA6DBD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA6D9D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA64C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA2B81000 \SystemRoot\system32\DRIVERS\ctxusbf.sys
0xA09F5000 \SystemRoot\system32\drivers\sthda.sys
0xA09D1000 \SystemRoot\system32\drivers\portcls.sys
0xB9611000 \SystemRoot\system32\drivers\drmk.sys
0xA09B6000 \SystemRoot\system32\drivers\AESTAud.sys
0xA0982000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA0891000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA07DE000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xA07BE000 \SystemRoot\system32\drivers\IntcHdmi.sys
0xA19D5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA0797000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xBA610000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6A6000 \SystemRoot\System32\Drivers\Null.SYS
0xBA612000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA480000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xA118B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA1183000 \SystemRoot\System32\drivers\vga.sys
0xBA614000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA616000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA117B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA1173000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA1404000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA0764000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA070B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA06E3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA06BD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA069B000 \SystemRoot\System32\drivers\afd.sys
0xB95B1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB95A1000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB9591000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA268000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA0666000 \SystemRoot\System32\drivers\truecrypt.sys
0xA0644000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA498000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA0619000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA05A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA3E8000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl68861390.sys
0xA1133000 \SystemRoot\System32\Drivers\Fips.SYS
0xA0CC7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA1123000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA10F3000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA10E3000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0xA10D3000 \SystemRoot\system32\DRIVERS\usbccid.sys
0xB7B3A000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xB7B36000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA04D9000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA6DD5000 \SystemRoot\System32\drivers\Dxapi.sys
0xA5DEF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6DD000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF2E8000 \SystemRoot\System32\igxpdx32.DLL
0xBF691000 \SystemRoot\System32\ATMFD.DLL
0x9ED08000 \SystemRoot\system32\DRIVERS\WavxDMgr.sys
0xBA218000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA7FD000 \SystemRoot\System32\Drivers\DLADResM.SYS
0x9ECEF000 \SystemRoot\System32\Drivers\DLAIFS_M.SYS
0xBA468000 \SystemRoot\System32\Drivers\DLAOPIOM.SYS
0xB96F1000 \SystemRoot\System32\Drivers\DLAPoolM.SYS
0xBA478000 \SystemRoot\System32\Drivers\DLABMFSM.SYS
0xA116B000 \SystemRoot\System32\Drivers\DLABOIOM.SYS
0x9ECB1000 \SystemRoot\System32\Drivers\DLAUDFAM.SYS
0x9EC9A000 \SystemRoot\System32\Drivers\DLAUDF_M.SYS
0xA6D5D000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0x9ECE7000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9ECE3000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x9EB6D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA6D6D000 \SystemRoot\system32\drivers\sysaudio.sys
0x9EA2A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9E4D6000 \SystemRoot\System32\Drivers\HTTP.sys
0x9E316000 \SystemRoot\system32\DRIVERS\srv.sys
0x9E3D6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9D89B000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9D93B000 \SystemRoot\System32\Drivers\btwusb.sys
0xBA3D8000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl6f4979e0.sys
0xBA3F8000 \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
840 C:\WINDOWS\system32\smss.exe
908 csrss.exe
936 C:\WINDOWS\system32\winlogon.exe
980 C:\WINDOWS\system32\services.exe
992 C:\WINDOWS\system32\lsass.exe
1188 C:\WINDOWS\system32\svchost.exe
1256 svchost.exe
1296 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1332 C:\WINDOWS\system32\svchost.exe
1456 svchost.exe
1488 svchost.exe
1784 C:\WINDOWS\system32\spoolsv.exe
1816 C:\drivers\audio\R190031\stacsv.exe
1932 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
1944 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
1964 scardsvr.exe
200 svchost.exe
436 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
516 wmiprvse.exe
1388 wmiprvse.exe
340 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
420 C:\Program Files\Intel\ASF Agent\ASFAgent.exe
592 C:\Program Files\Bonjour\mDNSResponder.exe
608 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
628 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
736 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
1564 C:\WINDOWS\system32\svchost.exe
548 C:\Program Files\Google\Update\GoogleUpdate.exe
1644 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1888 C:\Program Files\Java\jre6\bin\jqs.exe
2256 C:\Program Files\Common Files\Motive\McciCMService.exe
2296 C:\Program Files\Common Files\Motive\McciServiceHost.exe
2316 sqlservr.exe
2704 C:\Program Files2\MacroData Inc\NetDrive\ndsvc.exe
2720 C:\WINDOWS\system32\svchost.exe
2732 C:\WINDOWS\system32\svchost.exe
2768 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2828 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2848 C:\WINDOWS\system32\svchost.exe
2940 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
3136 C:\Program Files\Canon\CAL\CALMAIN.exe
3312 C:\WINDOWS\system32\wuauclt.exe
3852 C:\WINDOWS\explorer.exe
1804 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2492 C:\Program Files\DellTPad\Apoint.exe
2504 C:\Program Files\IDT\WDM\sttray.exe
2512 C:\WINDOWS\system32\AESTFltr.exe
2584 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2660 C:\Program Files\DellTPad\ApMsgFwd.exe
2664 C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
2908 C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
972 C:\Program Files\DellTPad\hidfind.exe
1348 C:\Program Files\DellTPad\ApntEx.exe
3228 C:\WINDOWS\system32\igfxpers.exe
3340 C:\WINDOWS\system32\igfxsrvc.exe
3352 C:\Program Files2\Adobe\Reader 9.0\Reader\reader_sl.exe
3424 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3580 C:\Program Files2\iTunes\iTunesHelper.exe
3588 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3640 C:\Program Files\Microsoft Security Client\msseces.exe
3656 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
3728 C:\Program Files2\Calibrize\CalibrizeResume.exe
3792 C:\WINDOWS\system32\ctfmon.exe
3900 C:\Program Files2\Yahoo!\Widgets\YahooWidgets.exe
4052 C:\Program Files2\Yahoo!\Widgets\YahooWidgets.exe
1208 C:\Program Files\iPod\bin\iPodService.exe
192 alg.exe
5520 C:\Documents and Settings\Yin Chao\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`075a9e00 (NTFS)

PhysicalDrive0 Model Number: ST9250421ASG, Rev: DE13

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

DDS

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Yin Chao at 10:53:06.09 on Sat 04/02/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2721 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Program Files2\MacroData Inc\NetDrive\ndsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files2\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files2\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files2\Calibrize\CalibrizeResume.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files2\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files2\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Yin Chao\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://chalk.uchicago.edu/
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [CGFLoader] c:\program files2\calibrize\CalibrizeLoader.exe
uRun: [CalibrizeResume] c:\program files2\calibrize\CalibrizeResume.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe "
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files2\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MFARestart] "c:\documents and settings\all users\application data\mfadata\pack\avgrunasx.exe" /usereg
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files2\itunes\iTunesHelper.exe "
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [<NO NAME>]
mExplorerRun: [<NO NAME>] 1 (0x1)
StartupFolder: c:\docume~1\yincha~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files2\yahoo!\widgets\YahooWidgets.exe
IE: Add to Evernote - c:\program files2\evernote\evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: $talisma_url$
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} - hxxp://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {25A62CCB-3467-4AA6-AB5E-92C2E0C4B19D} - hxxp://eng.krx.co.kr/anyadmin/common/activex/WebPonentGrid.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {D8D53DE7-35C2-4759-8D0A-C91407CB559E} - hxxp://eng.krx.co.kr/anyadmin/common/activex/WebPonentChart.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://creditsuisse.webex.com/client/T26L10NSP49EP24-creditsuisse/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\yincha~1\applic~1\mozilla\firefox\profiles\sy1v9xfv.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?ui=1
FF - plugin: c:\documents and settings\yin chao\application data\mozilla\firefox\profiles\sy1v9xfv.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\program files2\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files2\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files2\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files2\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files2\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files2\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files2\veetle\player\npvlc.dll
FF - plugin: c:\program files2\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files2\veetle\vlcbroadcast\npvbp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files2\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files2\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files2\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files2\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files2\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files2\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files2\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl68861390;MpKsl68861390;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\MpKsl68861390.sys [2011-4-2 28752]
R1 MpKsl6f4979e0;MpKsl6f4979e0;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\MpKsl6f4979e0.sys [2011-4-2 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-6-3 386328]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-7-31 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-7-31 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-8-18 455960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-13 54752]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-1-4 315392]
R2 ndsvc;NetDrive Service;c:\program files2\macrodata inc\netdrive\ndsvc.exe [2011-1-5 2113536]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-9-9 69632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-10-19 108160]
R3 ctxusbf;Citrix USB Filter Driver;c:\windows\system32\drivers\ctxusbf.sys [2009-2-2 56632]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-10-19 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-10-19 244368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-19 109568]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-4-8 9472]
S1 MpKsl7a0a0095;MpKsl7a0a0095;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\MpKsl7a0a0095.sys [2011-4-1 28752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c97466470723ca;Google Update Service (gupdate1c97466470723ca);c:\program files\google\update\GoogleUpdate.exe [2009-1-12 133104]
S2 WifiService;WifiService;c:\program files2\parrot audio suite\psm\wifiservice.exe --> c:\program files2\parrot audio suite\psm\WifiService.exe [?]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 Ctxusbr;Citrix USB Redirection Driver;c:\windows\system32\drivers\ctxusbr.sys [2011-2-26 44344]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2008-12-24 20504]
S3 ndfs;ndfs;c:\program files2\macrodata inc\netdrive\NDFS.sys [2010-10-7 47680]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-9-17 17408]
S3 ParrotSAVirtualAudioCableWdm_Ver100;Parrot High Quality Audio (WDM);c:\windows\system32\drivers\parrotvad.sys --> c:\windows\system32\drivers\ParrotVad.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-23 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2015-06-08 07:11:20 -------- d-----w- c:\program files\StreamingStar
2011-04-02 02:48:40 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\MpKsl6f4979e0.sys
2011-04-01 16:36:06 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\MpKsl68861390.sys
2011-04-01 06:08:33 -------- d-----w- c:\docume~1\yincha~1\applic~1\SUPERAntiSpyware.com
2011-04-01 06:08:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-01 06:08:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-01 03:58:57 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\MpKsl7a0a0095.sys
2011-04-01 01:02:01 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{63b99521-f74b-428b-8996-fc8e608fab22}\mpengine.dll
2011-03-31 21:46:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-31 21:46:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-31 21:09:19 -------- d-----w- c:\docume~1\yincha~1\locals~1\applic~1\Citrix
2011-03-31 19:24:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-03-31 19:24:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 04:28:40 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-03-09 04:50:16 -------- d-----w- c:\documents and settings\yin chao\primetrade
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 10:54:34.85 ===============

Calypso · 2011/04/01

2nd DDS log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/24/2008 4:50:47 PM
System Uptime: 4/2/2011 10:48:04 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 0HT027
Processor: Intel Pentium III Xeon processor | Microprocessor | 2394/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 120.541 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP596: 1/4/2011 5:48:36 AM - System Checkpoint
RP597: 1/4/2011 6:15:28 PM - Software Distribution Service 3.0
RP598: 1/5/2011 12:50:40 AM - Software Distribution Service 3.0
RP599: 1/6/2011 3:00:17 AM - Software Distribution Service 3.0
RP600: 1/6/2011 3:42:00 AM - Software Distribution Service 3.0
RP601: 1/6/2011 10:51:08 PM - Software Distribution Service 3.0
RP602: 1/7/2011 10:53:39 PM - Software Distribution Service 3.0
RP603: 1/9/2011 2:29:38 AM - Software Distribution Service 3.0
RP604: 1/10/2011 12:36:42 PM - Software Distribution Service 3.0
RP605: 1/12/2011 12:20:04 AM - Software Distribution Service 3.0
RP606: 1/12/2011 10:42:47 AM - Installed RIT Client
RP607: 1/12/2011 2:09:48 PM - Software Distribution Service 3.0
RP608: 1/13/2011 11:51:11 PM - Software Distribution Service 3.0
RP609: 1/14/2011 11:51:16 PM - Software Distribution Service 3.0
RP610: 1/16/2011 1:34:31 AM - Software Distribution Service 3.0
RP611: 1/17/2011 11:31:41 AM - Software Distribution Service 3.0
RP612: 1/17/2011 11:51:15 PM - Software Distribution Service 3.0
RP613: 1/19/2011 12:33:45 AM - Software Distribution Service 3.0
RP614: 1/20/2011 12:28:43 AM - Software Distribution Service 3.0
RP615: 1/21/2011 12:29:12 AM - Software Distribution Service 3.0
RP616: 1/22/2011 12:29:27 AM - Software Distribution Service 3.0
RP617: 1/23/2011 12:28:31 AM - Software Distribution Service 3.0
RP618: 1/24/2011 12:28:03 AM - Software Distribution Service 3.0
RP619: 1/25/2011 12:28:33 AM - Software Distribution Service 3.0
RP620: 1/26/2011 12:28:42 AM - Software Distribution Service 3.0
RP621: 1/27/2011 12:28:43 AM - Software Distribution Service 3.0
RP622: 1/28/2011 12:29:06 AM - Software Distribution Service 3.0
RP623: 1/29/2011 1:57:16 AM - System Checkpoint
RP624: 1/29/2011 9:41:37 PM - Software Distribution Service 3.0
RP625: 1/30/2011 2:31:16 PM - Software Distribution Service 3.0
RP626: 1/31/2011 2:31:17 PM - Software Distribution Service 3.0
RP627: 2/1/2011 11:34:05 AM - Removed RIT Client
RP628: 2/1/2011 11:35:21 AM - Installed Rotman Interactive Trader Client
RP629: 2/1/2011 11:59:27 AM - Removed Rotman Interactive Trader Client
RP630: 2/1/2011 11:59:49 AM - Installed RIT Client
RP631: 2/1/2011 2:31:39 PM - Software Distribution Service 3.0
RP632: 2/2/2011 10:59:49 AM - Removed RIT Client
RP633: 2/2/2011 11:00:07 AM - Installed Rotman Interactive Trader Client
RP634: 2/2/2011 2:31:44 PM - Software Distribution Service 3.0
RP635: 2/3/2011 3:57:01 PM - Software Distribution Service 3.0
RP636: 2/4/2011 3:51:44 PM - Software Distribution Service 3.0
RP637: 2/5/2011 3:51:22 PM - Software Distribution Service 3.0
RP638: 2/6/2011 1:41:35 AM - Software Distribution Service 3.0
RP639: 2/6/2011 3:51:42 PM - Software Distribution Service 3.0
RP640: 2/8/2011 12:25:32 PM - Software Distribution Service 3.0
RP641: 2/9/2011 6:16:13 AM - Software Distribution Service 3.0
RP642: 2/9/2011 6:28:51 AM - Software Distribution Service 3.0
RP643: 2/10/2011 3:27:19 PM - Software Distribution Service 3.0
RP644: 2/11/2011 4:40:11 PM - Software Distribution Service 3.0
RP645: 2/12/2011 4:39:38 PM - Software Distribution Service 3.0
RP646: 2/13/2011 2:26:21 AM - Software Distribution Service 3.0
RP647: 2/13/2011 4:39:29 PM - Software Distribution Service 3.0
RP648: 2/15/2011 12:38:00 AM - Software Distribution Service 3.0
RP649: 2/16/2011 12:18:35 PM - Software Distribution Service 3.0
RP650: 2/17/2011 1:22:28 PM - Software Distribution Service 3.0
RP651: 2/19/2011 12:15:13 PM - Software Distribution Service 3.0
RP652: 2/19/2011 12:25:40 PM - Software Distribution Service 3.0
RP653: 2/23/2011 11:33:40 AM - Software Distribution Service 3.0
RP654: 2/25/2011 1:00:29 AM - Software Distribution Service 3.0
RP655: 2/26/2011 12:53:16 AM - Software Distribution Service 3.0
RP656: 2/26/2011 12:58:20 PM - Installed Citrix Desktop Receiver
RP657: 2/27/2011 1:42:43 AM - Software Distribution Service 3.0
RP658: 2/27/2011 9:41:07 PM - Software Distribution Service 3.0
RP659: 2/28/2011 9:41:50 PM - Software Distribution Service 3.0
RP660: 3/1/2011 9:41:39 PM - Software Distribution Service 3.0
RP661: 3/2/2011 9:41:45 PM - Software Distribution Service 3.0
RP662: 3/3/2011 3:00:16 AM - Software Distribution Service 3.0
RP663: 3/4/2011 1:19:37 AM - Software Distribution Service 3.0
RP664: 3/5/2011 1:14:13 AM - Software Distribution Service 3.0
RP665: 3/6/2011 1:14:14 AM - Software Distribution Service 3.0
RP666: 3/7/2011 1:14:09 AM - Software Distribution Service 3.0
RP667: 3/8/2011 11:49:07 AM - Software Distribution Service 3.0
RP668: 3/9/2011 3:00:18 AM - Software Distribution Service 3.0
RP669: 3/9/2011 12:36:23 PM - Software Distribution Service 3.0
RP670: 3/10/2011 12:09:52 AM - Installed FortiClient SSL VPN CacheCleaner Plug-In for FireFox3 v4.0.2073
RP671: 3/10/2011 12:14:12 AM - Installed FortiClient SSL VPN v4.0.2073
RP672: 3/10/2011 3:00:16 AM - Software Distribution Service 3.0
RP673: 3/10/2011 1:11:51 PM - Software Distribution Service 3.0
RP674: 3/11/2011 2:34:43 PM - Software Distribution Service 3.0
RP675: 3/12/2011 2:30:01 PM - Software Distribution Service 3.0
RP676: 3/13/2011 1:35:37 AM - Software Distribution Service 3.0
RP677: 3/13/2011 2:29:07 PM - Software Distribution Service 3.0
RP678: 3/14/2011 2:29:10 PM - Software Distribution Service 3.0
RP679: 3/16/2011 2:02:07 AM - Software Distribution Service 3.0
RP680: 3/17/2011 12:05:01 PM - Software Distribution Service 3.0
RP681: 3/18/2011 4:10:09 PM - Software Distribution Service 3.0
RP682: 3/19/2011 4:09:47 PM - Software Distribution Service 3.0
RP683: 3/20/2011 1:59:28 AM - Software Distribution Service 3.0
RP684: 3/20/2011 4:09:35 PM - Software Distribution Service 3.0
RP685: 3/21/2011 4:09:37 PM - Software Distribution Service 3.0
RP686: 3/22/2011 4:09:41 PM - Software Distribution Service 3.0
RP687: 3/23/2011 4:09:42 PM - Software Distribution Service 3.0
RP688: 3/24/2011 4:10:18 PM - Software Distribution Service 3.0
RP689: 3/25/2011 3:00:16 AM - Software Distribution Service 3.0
RP690: 3/26/2011 3:08:07 AM - System Checkpoint
RP691: 3/27/2011 4:08:07 AM - System Checkpoint
RP692: 3/28/2011 4:45:35 AM - System Checkpoint
RP693: 3/28/2011 4:12:43 PM - Software Distribution Service 3.0
RP694: 3/30/2011 2:39:09 AM - Software Distribution Service 3.0
RP695: 3/31/2011 6:21:03 AM - Software Distribution Service 3.0
RP696: 4/1/2011 3:12:09 AM - Restore Operation
RP697: 4/1/2011 4:38:53 AM - Restore Operation
RP698: 4/1/2011 4:42:29 AM - Restore Operation
RP699: 4/1/2011 9:01:43 AM - Software Distribution Service 3.0
RP700: 4/1/2011 11:55:59 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
32 Bit HP BiDi Channel Components Installer
Acrobat.com
ActivePerl 5.10.0 Build 1004
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Lightroom 2.4
Adobe Reader 9.4.3
Adobe Shockwave Player
All Day Battery Life Configuration
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Service & Support Tool
Audacity 1.2.6
AxCrypt (Remove Only)
BioAPI Framework
biolsp patch
Bonjour
Broadcom USH Host Components
BufferChm
Calibrize 2.0
CamStudio OSS Desktop Recorder
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Easy-WebPrint EX
Canon EOS 5D WIA Driver
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon MP450
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.6
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chinese Traditional Fonts Support For Adobe Reader 9
Citrix Desktop Receiver
Conexant HDA D330 MDC V.92 Modem
CRB PowerSystem
Critical Update for Windows Media Player 11 (KB959772)
Crystal Reports for Visual Studio
CustomerResearchQFolder
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Driver Download Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Dell Touchpad
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DivX Setup
DocMgr
DocProc
Document Manager Lite
Dotfuscator Software Services - Community Edition
Dropbox
EasyCleaner
EasyReader
EasyThumb
ebook BanyanTreeMaldivesFT
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
eSupportQFolder
Evernote
FBL Gameplay Demo build 100126.2882)
FIFA 08
Gemalto
Google Email Uploader 1.1.0808.1801
Google Update Helper
GPBaseService
gretl version 1.8.0
HiDownload
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945436)
Hotfix for Windows XP (KB946554)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Color LaserJet CM1312 MFP Series 3.0
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP LaserJet P4010_P4510 Series
HP Solution Center 10.0
HP Update
hppCLJCM1312
hppFaxDrvCM1312
hppFaxUtilityCM1312
hppFonts
hppManualsCM1312
hppPQVideoCM1312
hppQFolderCM1312
HPProductAssistant
hppscan3390
hppscanCM1312
hppScanToCM1312
hppSendFaxCM1312
hppTLBXFXCM1312
hppusgCM1312
HPSSupply
hpzTLBXFX
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel(R) PROSet/Wireless WiFi Software
IntelÃ† Matrix Storage Manager
iPhone Configuration Utility
iPhone Tunnel Suite (v1)
iPhoneBrowser
iTunes
J@CK TV
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Malwarebytes' Anti-Malware
MarketMap version 6.3
MarketResearch
MATLAB Student R2010a
MF Global-Futures STAS
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Live Meeting 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Mighty Minds DIGImap 8
Mighty Minds Digital Street Directory 4.2
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.6.11)
Mozilla Thunderbird (2.0.0.19)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
My Photo Books
NetDrive
NetWaiting
Notepad++
NTRU TCG Software Stack
Nvu 1.0
OpenAL
Parrot Audio Suite
PdaNet Desktop for iPhone 1.50 (beta)
PDFCreator
PDFCreator Toolbar
PowerDVD
Preboot Manager
Private Information Manager
QuickTime
RiskAMP Excel Add-In 2.97 - Personal Edition
Rotman Interactive Trader Client
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
SDP Downloader
Secure Update
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Segoe UI
Service Pack 1 for SQL Server 2008 (KB968369)
Shop for HP Supplies
SkypeÃ´ 5.0
SolutionCenter
Sonic CinePlayer Decoder Pack
SopCast 3.0.3
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Stream Torrent 1.0
SUPERAntiSpyware
SyncToy 2.0 (x86)
System Requirements Lab
TBS WMP Plug-in
TrayApp
TrueCrypt
Trusted Drive Manager
tsp patch
TVAnts 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 1.0.3
Wave Infrastructure Installer
Wave Support Software
Web Deployment Tool
WebEx
WebFldrs XP
WebICE
WebReg
WIDCOMM Bluetooth Software
WinDjView 1.0.3
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
Wireless@SG SingTel (1.0.0.0)
xGPS Manager 1.0
XML Paper Specification Shared Components Pack 1.0
XPS Viewer
XY Chart Labeler 7.0
Yahoo! Install Manager
Yahoo! Widgets
.
==== End Of File ===========================

Calypso · 2011/04/01

the other logs and my reply will come later; it didn't come under "quick reply ". sorry!

broni · 2011/04/02

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

Calypso · 2011/04/02

Hi Broni, here are the contents of the report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB81D7000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 6279168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF2E8000 C:\WINDOWS\System32\igxpdx32.DLL 3837952 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xB7DC2000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0xBF058000 C:\WINDOWS\System32\igxpdv32.DLL 2686976 bytes (Intel Corporation, Component GHAL Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA09F5000 C:\WINDOWS\system32\drivers\sthda.sys 1323008 bytes (IDT, Inc., IDT PC Audio)
0xB7C14000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xA0891000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 987136 bytes (Conexant Systems, Inc., HSF_DP driver)
0xA04D9000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 851968 bytes
0xB9E53000 iaStor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xA07DE000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D66000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB7D05000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xA05A9000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB7B5E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA070B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9E316000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF691000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9E4D6000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8185000 C:\WINDOWS\system32\DRIVERS\e1y5132.sys 253952 bytes (Intel Corporation, Intel(R) Gigabit Network Connection NDIS 5.1 deserialized driver)
0xA0666000 C:\WINDOWS\System32\drivers\truecrypt.sys 217088 bytes (TrueCrypt Foundation, TrueCrypt Driver)
0xA0982000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 212992 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB7BBC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB7D81000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 184320 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x9EA2A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D39000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA0619000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x9ED08000 C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys 167936 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0xB8139000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA06E3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xA0797000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA06BD000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9D160000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA09D1000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8161000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB9504000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA069B000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA0644000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E33000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xA07BE000 C:\WINDOWS\system32\drivers\IntcHdmi.sys 131072 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA09B6000 C:\WINDOWS\system32\drivers\AESTAud.sys 110592 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xB9D1F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x9ECEF000 C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS 102400 bytes (Roxio, Drive Letter Access Component)
0x9EC9A000 C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)
0xB9E0A000 DRVMCDB.SYS 94208 bytes (Sonic Solutions, Device Driver)
0xB9DF3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7BFD000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9ECB1000 C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)
0x9EB6D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB7DAE000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB81C3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA0764000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xA2B81000 C:\WINDOWS\system32\DRIVERS\ctxusbf.sys 73728 bytes (Citrix Systems, Inc., Citrix USB Filter Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9E21000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB7BEC000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA10F3000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA118000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9591000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9611000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBA168000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA288000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0xA6D6D000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA6D9D000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA128000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2B8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA6D5D000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xBA308000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA10D3000 C:\WINDOWS\system32\DRIVERS\usbccid.sys 49152 bytes (Microsoft Corporation, USB CCID Driver)
0xA10E3000 C:\WINDOWS\System32\Drivers\cvusbdrv.sys 45056 bytes (Broadcom Corporation, Broadcom Credential Vault USB Driver)
0xBA218000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)
0xA1133000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA148000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA108000 PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9D93B000 C:\WINDOWS\System32\Drivers\btwusb.sys 40960 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xA6DBD000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA178000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA1123000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB95A1000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9DC83000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xB95B1000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA488000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xBA478000 C:\WINDOWS\System32\Drivers\DLABMFSM.SYS 32768 bytes (Roxio, Drive Letter Access Component)
0xBA358000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA1173000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA470000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xA116B000 C:\WINDOWS\System32\Drivers\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)
0xA118B000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xA1143000 C:\DOCUME~1\YINCHA~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xBA468000 C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS 24576 bytes (Roxio, Drive Letter Access Component)
0xBA480000 C:\WINDOWS\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)
0xBA490000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA430000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA057416-B833-491F-B512-FFE19D0B36CE}\MpKsl59df8322.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xBA3E8000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl68861390.sys 24576 bytes
0xBA498000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA458000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA1183000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3F8000 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 20480 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 SPR Protocol Driver)
0xA117B000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA328000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA348000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA350000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA338000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA5DEF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0x9EBC6000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB96D9000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9D89B000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x9E3D6000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9ECE7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB7B3A000 C:\WINDOWS\system32\DRIVERS\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB96F1000 C:\WINDOWS\System32\Drivers\DLAPoolM.SYS 12288 bytes (Roxio, Drive Letter Access Component)
0xA6DD5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA0CC7000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA19D5000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB7B36000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB96D1000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA578000 C:\WINDOWS\system32\DRIVERS\pnetmdm.sys 12288 bytes (June Fabrics Technology, PdaNet Driver)
0xA1404000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9ECE3000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB96D5000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA612000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)
0xBA610000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA614000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA616000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA606000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA64C000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA682000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA7FD000 C:\WINDOWS\System32\Drivers\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)
0xBA6DD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA6A6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
==============================================
>Stealth
==============================================
0x04440000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8A02A570 ] PID: 936, 507904 bytes
0x049B0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x863115F0 ] PID: 992, 507904 bytes
0x03390000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8AFE7530 ] PID: 516, 507904 bytes
0x00BF0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x860BA818 ] PID: 2940, 507904 bytes
0x03860000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86085588 ] PID: 2908, 507904 bytes
0x040F0000 Hidden Image-->TdmAutoLogon.dll [ EPROCESS 0x8A02A570 ] PID: 936, 512000 bytes
0x04870000 Hidden Image-->TdmAutoLogon.dll [ EPROCESS 0x863115F0 ] PID: 992, 512000 bytes
0x03250000 Hidden Image-->TdmWmiProvider.dll [ EPROCESS 0x8AFE7530 ] PID: 516, 581632 bytes
0x03800000 Hidden Image-->TdmUserInterface.dll [ EPROCESS 0x89C52DA0 ] PID: 3852, 602112 bytes

broni · 2011/04/02

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Calypso · 2011/04/02

Hi Broni,

I ran Combofix as you requested. When Combofix restarted the computer, after logging into Windows, I got the BSOD:

STOP: c000021A (Fatal System Error)
The Windows log on process system process terminated unexpectedly with a status of 0x00000000(0x00000000 0x00000000).

What should I do next?
Thanks!

Calypso · 2011/04/02

After the BSOD, I booted up the computer in safe mode, logged in and Combofix started generating the report which I've copied into this post below:

ComboFix 11-04-02.03 - Yin Chao 04/03/2011 11:22:21.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2844 [GMT 8:00]
Running from: c:\documents and settings\Yin Chao\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\2739282159__4_32_16.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2015-06-08 07:11 . 2015-06-08 07:11 -------- d-----w- c:\program files\StreamingStar
2011-04-02 17:32 . 2011-03-14 13:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA057416-B833-491F-B512-FFE19D0B36CE}\mpengine.dll
2011-04-02 04:03 . 2011-04-02 04:03 -------- d-----w- c:\program files\R
2011-04-01 06:08 . 2011-04-01 06:08 -------- d-----w- c:\documents and settings\Yin Chao\Application Data\SUPERAntiSpyware.com
2011-04-01 06:08 . 2011-04-01 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 06:08 . 2011-04-01 06:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-01 02:41 . 2011-04-01 02:41 -------- d-----w- c:\documents and settings\Yin Chao\Application Data\Leadertech
2011-03-31 21:46 . 2011-04-01 03:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-31 21:46 . 2011-03-31 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-31 21:09 . 2011-03-31 21:09 -------- d-----w- c:\documents and settings\Yin Chao\Local Settings\Application Data\Citrix
2011-03-31 19:24 . 2011-03-31 19:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 04:28 . 2011-03-12 04:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 04:50 . 2011-03-31 21:02 -------- d-----w- c:\documents and settings\Yin Chao\primetrade
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 20:39 . 2008-10-24 08:51 0 ----a-w- c:\documents and settings\Yin Chao\Local Settings\Application Data\WavXMapDrive.bat
2011-03-14 13:05 . 2010-12-06 12:25 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2008-04-25 16:16 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-25 16:16 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-04-25 21:26 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-04-25 21:26 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-25 16:16 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-02-08 22:17 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-07 14:09 . 2008-04-25 16:16 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
------- Sigcheck -------
.
[-] 2009-12-08 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@= "{022F2F51-CDDA-4873-8A29-72C66C808A3F} "
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2010-03-18 02:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@= "{661963C1-99A1-44e7-A671-1CF3768AE9D4} "
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2010-03-18 02:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"CGFLoader "= "c:\program files2\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
"CalibrizeResume "= "c:\program files2\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"SysTrayApp "= "%ProgramFiles%\IDT\WDM\sttray.exe" [BU]
"AESTFltr "= "c:\windows\system32\AESTFltr.exe" [2008-06-30 466944]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-14 178712]
"ChangeTPMAuth "= "c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]
"WavXMgr "= "c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade "= "c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-23 243000]
"EmbassySecurityCheck "= "c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-23 79160]
"DCPstrApp "= "c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-12 47392]
"Adobe Reader Speed Launcher "= "c:\program files2\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"MFARestart "= "c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" [2010-11-08 238432]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files2\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Yin Chao\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files2\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Documents and Settings\\Yin Chao\\Application Data\\Dropbox\\bin\\Dropbox.exe "=
"c:\\Program Files2\\SopCast\\SopCast.exe "=
"c:\\Program Files2\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files2\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe "=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files2\\iTunes\\iTunes.exe "=
"c:\\Program Files2\\MacroData Inc\\NetDrive\\ndsvc.exe "=
.
R3 ctxusbf;Citrix USB Filter Driver;c:\windows\system32\drivers\ctxusbf.sys [2/2/2009 11:17 AM 56632]
S1 MpKsl7a0a0095;MpKsl7a0a0095;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl7a0a0095.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl7a0a0095.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 5:56 AM 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [6/3/2008 3:28 PM 386328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 9:41 PM 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 9:41 PM 21352]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [8/18/2008 10:39 AM 455960]
S2 gupdate1c97466470723ca;Google Update Service (gupdate1c97466470723ca);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2009 11:33 AM 133104]
S2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [1/4/2011 2:45 PM 315392]
S2 ndsvc;NetDrive Service;c:\program files2\MacroData Inc\NetDrive\ndsvc.exe [1/5/2011 4:49 PM 2113536]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [9/9/2008 2:21 PM 69632]
S2 WifiService;WifiService;c:\program files2\Parrot Audio Suite\PSM\WifiService.exe --> c:\program files2\Parrot Audio Suite\PSM\WifiService.exe [?]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/19/2008 4:43 PM 108160]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 5:28 AM 42832]
S3 Ctxusbr;Citrix USB Redirection Driver;c:\windows\system32\drivers\ctxusbr.sys [2/26/2011 12:58 PM 44344]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10/19/2008 4:44 PM 32808]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/19/2008 4:43 PM 244368]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [12/24/2008 2:25 PM 20504]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/19/2008 4:43 PM 109568]
S3 ndfs;ndfs;c:\program files2\MacroData Inc\NetDrive\NDFS.sys [10/7/2010 3:25 PM 47680]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/17/2009 5:54 PM 17408]
S3 ParrotSAVirtualAudioCableWdm_Ver100;Parrot High Quality Audio (WDM);c:\windows\system32\DRIVERS\ParrotVad.sys --> c:\windows\system32\DRIVERS\ParrotVad.sys [?]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [4/8/2009 4:27 PM 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 11:08 AM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 13:29]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 13:29]
.
2011-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 04:26]
.
2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{38A27774-56AE-43DC-9E9B-3433A63C89A8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://chalk.uchicago.edu/
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote - c:\program files2\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: $talisma_url$
DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} - hxxp://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
DPF: {25A62CCB-3467-4AA6-AB5E-92C2E0C4B19D} - hxxp://eng.krx.co.kr/anyadmin/common/activex/WebPonentGrid.CAB
DPF: {D8D53DE7-35C2-4759-8D0A-C91407CB559E} - hxxp://eng.krx.co.kr/anyadmin/common/activex/WebPonentChart.CAB
FF - ProfilePath - c:\documents and settings\Yin Chao\Application Data\Mozilla\Firefox\Profiles\sy1v9xfv.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?ui=1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files2\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 11:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value "= "?\0a\04\08\06? "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(296)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(972)
c:\windows\system32\WININET.dll
c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmUserInterface.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
c:\windows\system32\MSVCR100_CLR0400.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
.
**************************************************************************
.
Completion time: 2011-04-03 11:53:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-03 03:53
ComboFix2.txt 2011-03-31 18:45
.
Pre-Run: 129,285,746,688 bytes free
Post-Run: 132,900,134,912 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug= "do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0F4C2BD68B871BCA62C61CC97BF32912

Calypso · 2011/04/02

After the Combofix report was generated, I tried to restart the laptop in normal mode. Upon logging in, I encountered a similar problem as the initial posted above - an error message about not being able to find the authentication package and then the BSOD follows.

broni · 2011/04/02

If the computer is still bootable....

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
 "DisableMonitoring "=-

DDS::
uInternet Settings,ProxyOverride = <local>
Trusted Zone: $talisma_url$
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

Calypso · 2011/04/02

Yes it is still bootable in safe mode.

When it reboots, should I try to reboot in safe mode again, or let it reboot by the normal way?

Calypso · 2011/04/03

Hi Broni, Please see report below:

ComboFix 11-04-02.03 - Yin Chao 04/03/2011 12:29:43.2.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.3176 [GMT 8:00]
Running from: c:\documents and settings\Yin Chao\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Yin Chao\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( Files Created from 2011-03-03 to 2011-04-03 )))))))))))))))))))))))))))))))
.
.
2015-06-08 07:11 . 2015-06-08 07:11 -------- d-----w- c:\program files\StreamingStar
2011-04-02 17:32 . 2011-03-14 13:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AA057416-B833-491F-B512-FFE19D0B36CE}\mpengine.dll
2011-04-02 04:03 . 2011-04-02 04:03 -------- d-----w- c:\program files\R
2011-04-01 06:08 . 2011-04-01 06:08 -------- d-----w- c:\documents and settings\Yin Chao\Application Data\SUPERAntiSpyware.com
2011-04-01 06:08 . 2011-04-01 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 06:08 . 2011-04-01 06:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-01 02:41 . 2011-04-01 02:41 -------- d-----w- c:\documents and settings\Yin Chao\Application Data\Leadertech
2011-03-31 21:46 . 2011-04-01 03:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-31 21:46 . 2011-03-31 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-31 21:09 . 2011-03-31 21:09 -------- d-----w- c:\documents and settings\Yin Chao\Local Settings\Application Data\Citrix
2011-03-31 19:24 . 2011-03-31 19:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 04:28 . 2011-03-12 04:28 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-03-09 04:50 . 2011-03-31 21:02 -------- d-----w- c:\documents and settings\Yin Chao\primetrade
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 20:39 . 2008-10-24 08:51 0 ----a-w- c:\documents and settings\Yin Chao\Local Settings\Application Data\WavXMapDrive.bat
2011-03-14 13:05 . 2010-12-06 12:25 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-09 13:53 . 2008-04-25 16:16 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-25 16:16 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2008-04-25 21:26 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-04-25 21:26 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2008-04-25 16:16 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 09:41 . 2011-02-08 22:17 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-07 14:09 . 2008-04-25 16:16 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-03_03.38.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 08:44 . 2011-04-03 03:59 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-10-24 08:44 . 2011-04-03 03:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-04-03 03:59 . 2011-04-03 03:59 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-03-31 18:52 . 2011-04-03 03:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@= "{022F2F51-CDDA-4873-8A29-72C66C808A3F} "
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2010-03-18 02:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@= "{661963C1-99A1-44e7-A671-1CF3768AE9D4} "
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2010-03-18 02:09 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"CGFLoader "= "c:\program files2\Calibrize\CalibrizeLoader.exe" [2007-11-26 1961984]
"CalibrizeResume "= "c:\program files2\Calibrize\CalibrizeResume.exe" [2007-11-26 413696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint "= "c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"SysTrayApp "= "%ProgramFiles%\IDT\WDM\sttray.exe" [BU]
"AESTFltr "= "c:\windows\system32\AESTFltr.exe" [2008-06-30 466944]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-14 178712]
"ChangeTPMAuth "= "c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2008-05-30 180224]
"WavXMgr "= "c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade "= "c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-23 243000]
"EmbassySecurityCheck "= "c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-23 79160]
"DCPstrApp "= "c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-01-21 134656]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-01-21 134656]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-12 47392]
"Adobe Reader Speed Launcher "= "c:\program files2\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"DivXUpdate "= "c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"MFARestart "= "c:\documents and settings\All Users\Application Data\MFAData\pack\avgrunasx.exe" [2010-11-08 238432]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files2\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]
.
c:\documents and settings\Yin Chao\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files2\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfsu_cm1312.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Documents and Settings\\Yin Chao\\Application Data\\Dropbox\\bin\\Dropbox.exe "=
"c:\\Program Files2\\SopCast\\SopCast.exe "=
"c:\\Program Files2\\SopCast\\adv\\SopAdver.exe "=
"c:\\Program Files2\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe "=
"c:\\Program Files\\Common Files\\Motive\\McciServiceHost.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files2\\iTunes\\iTunes.exe "=
"c:\\Program Files2\\MacroData Inc\\NetDrive\\ndsvc.exe "=
.
R3 ctxusbf;Citrix USB Filter Driver;c:\windows\system32\drivers\ctxusbf.sys [2/2/2009 11:17 AM 56632]
S1 MpKsl7a0a0095;MpKsl7a0a0095;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl7a0a0095.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{63B99521-F74B-428B-8996-FC8E608FAB22}\MpKsl7a0a0095.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
S2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 5:56 AM 133968]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [6/3/2008 3:28 PM 386328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [7/31/2008 9:41 PM 808296]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [7/31/2008 9:41 PM 21352]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [8/18/2008 10:39 AM 455960]
S2 gupdate1c97466470723ca;Google Update Service (gupdate1c97466470723ca);c:\program files\Google\Update\GoogleUpdate.exe [1/12/2009 11:33 AM 133104]
S2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [1/4/2011 2:45 PM 315392]
S2 ndsvc;NetDrive Service;c:\program files2\MacroData Inc\NetDrive\ndsvc.exe [1/5/2011 4:49 PM 2113536]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [9/9/2008 2:21 PM 69632]
S2 WifiService;WifiService;c:\program files2\Parrot Audio Suite\PSM\WifiService.exe --> c:\program files2\Parrot Audio Suite\PSM\WifiService.exe [?]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/19/2008 4:43 PM 108160]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [4/19/2007 5:28 AM 42832]
S3 Ctxusbr;Citrix USB Redirection Driver;c:\windows\system32\drivers\ctxusbr.sys [2/26/2011 12:58 PM 44344]
S3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [10/19/2008 4:44 PM 32808]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [10/19/2008 4:43 PM 244368]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [12/24/2008 2:25 PM 20504]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/19/2008 4:43 PM 109568]
S3 ndfs;ndfs;c:\program files2\MacroData Inc\NetDrive\NDFS.sys [10/7/2010 3:25 PM 47680]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/17/2009 5:54 PM 17408]
S3 ParrotSAVirtualAudioCableWdm_Ver100;Parrot High Quality Audio (WDM);c:\windows\system32\DRIVERS\ParrotVad.sys --> c:\windows\system32\DRIVERS\ParrotVad.sys [?]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [4/8/2009 4:27 PM 9472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/23/2009 11:08 AM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 13:29]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-12 13:29]
.
2011-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 04:26]
.
2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{38A27774-56AE-43DC-9E9B-3433A63C89A8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 10:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://chalk.uchicago.edu/
IE: Add to Evernote - c:\program files2\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {0FEDC96E-2954-4860-8E70-42D065FB8544} - hxxp://eng.krx.co.kr/inc/cabs/WebPri_KRX.cab
DPF: {25A62CCB-3467-4AA6-AB5E-92C2E0C4B19D} - hxxp://eng.krx.co.kr/anyadmin/common/activex/WebPonentGrid.CAB
DPF: {D8D53DE7-35C2-4759-8D0A-C91407CB559E} - hxxp://eng.krx.co.kr/anyadmin/common/activex/WebPonentChart.CAB
FF - ProfilePath - c:\documents and settings\Yin Chao\Application Data\Mozilla\Firefox\Profiles\sy1v9xfv.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?ui=1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files2\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files2\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-03 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value "= "?\0a\04\08\06? "
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(296)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1012)
c:\windows\system32\WININET.dll
c:\documents and settings\Yin Chao\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmUserInterface.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\netprovcredman.dll
c:\windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
c:\windows\system32\MSVCR100_CLR0400.dll
c:\windows\system32\msi.dll
.
Completion time: 2011-04-03 13:00:16
ComboFix-quarantined-files.txt 2011-04-03 05:00
ComboFix2.txt 2011-04-03 03:53
ComboFix3.txt 2011-03-31 18:45
.
Pre-Run: 132,916,903,936 bytes free
Post-Run: 132,912,283,648 bytes free
.
- - End Of File - - 7BE324170BAB4F53D0CE8D6D285EB96C

Calypso · 2011/04/03

I tried logging on again using normal bootup and I got the error message: A Specified Authentication Package is Unknown.

I click ok and BSOD shows.

broni · 2011/04/03

A Specified Authentication Package is Unknown
Click to expand...

Is that entire message?

What does BSOD say?

Try this, while in Safe Mode....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Can you restart in normal mode now?

Going to bed......

Calypso · 2011/04/03

The heading of the error message is "Authentication Manager Error ". Error message is "A specified authentication package is unknown ". And then a "OK" button.

BSOD: STOP: c000021A (Fatal System Error)
The Windows log on process system process terminated unexpectedly with a status of 0x00000000(0x00000000 0x00000000).

Ok will try that now.

If you could give some conditional next steps, that would be greatly appreciated.

Good night! And thanks for all the help thus far!

Calypso · 2011/04/03

Hey broni, I received the same error; cannot restart in normal mode...

Calypso · 2011/04/03

Also,the error pops up when I press the ctrl-alt-del at startup, even before I can key in my password to login...

Calypso · 2011/04/03

Tried using the Windows System Restore via safe mode (which is what I used before posting my problem and it worked then), but this time it doesn't...

Log in or Sign up

Solved Error Message: Specified Authentication Package is Unknown

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Error Message: Specified Authentication Package is Unknown

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

broni Moderator Malware Analyst

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Calypso Inactive Thread Starter

Share This Page

Useful Searches