1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PSD Runtime Error

Discussion in 'Virus & Other Malware Removal' started by jaggy, Apr 25, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    Hello

    My laptop was infected with a viruses a few days ago (various trojan horse) I have finally removed all of them, but keep getting a PSD Runtime Error when my machine starts up. I am running AVG AV software (I had Symantec but it would't remove the viruses) also Malawarebytes Anti-Malware, SuperAnitSpyware & Microsoft Security Essentials.

    My Hijackthis log is below, can you please have a look at it & advise of any changes I need to make

    Rgds
    Derek

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:19:14 AM, on 4/25/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\ifxspmgt.exe
    C:\WINDOWS\system32\ifxtcs.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\mnmsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\lotus\notes\ntmulti.exe
    C:\WINDOWS\system32\IfxPsdSv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\system32\AccelerometerSt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
    C:\WINDOWS\PixArt\PAP7501\PACTray.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?ppud=0&wa=wsignin1.0
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nawras.om/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
    O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
    O4 - HKLM\..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [syncman] c:\documents and settings\derek\wuaucldt.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\NetworkService\reader_s.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [syncman] c:\documents and settings\derek\wuaucldt.exe (User 'Default user')
    O4 - Startup: DskMgr.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll/cmsidewiki.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O15 - Trusted Zone: *.skillport.com
    O15 - Trusted Zone: *.skillwsa.com
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: APSHook.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
    O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    --
    End of file - 18508 bytes
     
  2. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    can anybody help with this?
     
  3. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hello, jaggy
    Welcome to the TechSupportGuy Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



    Please take note of some guidelines for this fix:

    • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
    • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
    • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
    • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
    • Please set your system to show all files.
      Click Start, open My Computer, select the Tools menu and click Folder Options.
      Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
      Uncheck: Hide file extensions for known file types
      Uncheck the Hide protected operating system files (recommended) option.
      Click Yes to confirm.



    Sorry for the delay in response. If you still need help, please do the following.



    1. Please download OTL from one of the following mirrors:
    2. Save it to your desktop.
    3. Double click on the [​IMG] icon on your desktop.
    4. Under the Custom Scan box paste this in
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
     
  4. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    Hi Tom, thanks for helping. My name is Derek. Files are below, OTL is first

    OTL logfile created on: 5/9/2010 6:54:36 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Derek\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 32.12 Gb Free Space | 21.55% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 11.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DEREKSITA
    Current User Name: Derek
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/05/09 18:52:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    PRC - [2010/05/09 10:05:02 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2010/04/22 22:11:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010/04/22 22:11:44 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/04/22 22:11:44 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/04/22 22:11:39 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/04/22 22:11:39 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/04/22 22:11:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/23 16:39:18 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2010/03/23 16:39:18 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2010/03/23 14:20:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2009/12/09 18:02:36 | 000,202,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
    PRC - [2009/11/11 16:33:04 | 003,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
    PRC - [2009/10/15 13:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
    PRC - [2009/09/10 17:14:52 | 000,107,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/09/10 17:14:18 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2009/06/15 22:57:29 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband Internet\Broadband Internet.exe
    PRC - [2009/06/15 22:42:57 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/03/05 19:36:00 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
    PRC - [2008/11/14 14:50:46 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\PACTray.exe
    PRC - [2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
    PRC - [2007/04/22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2007/02/15 16:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
    PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    PRC - [2007/01/24 14:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
    PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2007/01/05 20:36:48 | 000,872,448 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2006/01/18 08:04:46 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe
    PRC - [2003/12/02 10:27:08 | 001,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/09 18:52:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    MOD - [2010/02/17 11:44:18 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
    MOD - [2009/03/26 19:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
    MOD - [2009/03/05 19:35:32 | 000,023,864 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
    MOD - [2008/04/14 04:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/02/26 07:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
    MOD - [2006/07/11 18:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\SweetIM\Messenger\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/22 22:11:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/23 16:39:18 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/09/10 17:14:18 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/08/09 11:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/04/22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2007/02/15 16:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
    SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
    SRV - [2006/06/22 09:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2006/01/18 08:04:46 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2003/12/02 10:27:08 | 001,417,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/09 10:05:02 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/04/22 22:12:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/04/22 22:12:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/04/22 22:11:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/03/23 16:39:26 | 000,125,160 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2010/03/23 16:39:26 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
    DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2009/11/25 17:29:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/08/31 09:23:28 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/19 13:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2009/03/19 13:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/12/05 17:42:02 | 000,580,992 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
    DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/09/05 18:15:50 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2008/09/05 18:15:34 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2008/09/05 18:15:34 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/13 22:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 20:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/05/16 15:14:58 | 005,707,744 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/04/22 16:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2007/04/22 16:24:58 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/03/29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2007/03/01 13:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/02/27 14:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
    DRV - [2007/02/14 18:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2007/01/24 00:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
    DRV - [2007/01/23 23:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2007/01/12 17:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/01/09 19:50:24 | 000,288,768 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007/01/02 15:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/10/19 01:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
    DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2006/07/24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2006/07/24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2005/04/15 13:45:14 | 001,916,317 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cpmt.sys -- (Cpmt)
    DRV - [2005/04/15 13:45:12 | 000,035,693 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdpPacket.sys -- (CdpPacket)
    DRV - [2003/12/02 10:26:22 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2003/08/28 21:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?ppud=0&wa=wsignin1.0
    IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://mail.live.com/default.aspx?ppud=0&wa=wsignin1.0"
    FF - prefs.js..extensions.enabledItems: [email protected]:6.7
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
    FF - prefs.js..network.proxy.no_proxies_on: "local"

    FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/06/15 22:43:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/23 14:21:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 22:11:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 18:14:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/18 10:08:11 | 000,000,000 | ---D | M]

    [2009/09/10 10:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Mozilla\Extensions
    [2010/02/07 23:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\x99lmpch.default\extensions
    [2009/09/10 11:17:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\x99lmpch.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/08 13:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/18 10:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/04/18 10:07:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2008/09/28 14:17:04 | 000,000,806 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
    O4 - HKLM..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\Derek\Start Menu\Programs\Startup\DskMgr.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll (Google Inc.)
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (APSHook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Derek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Derek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/26 20:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/06/02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{02eaf0a6-a4b6-11dd-ad2b-001f3c3ddf14}\Shell - "" = AutoRun
    O33 - MountPoints2\{02eaf0a6-a4b6-11dd-ad2b-001f3c3ddf14}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{02eaf0a6-a4b6-11dd-ad2b-001f3c3ddf14}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{45b2de42-5957-11df-b212-444553544200}\Shell - "" = AutoRun
    O33 - MountPoints2\{45b2de42-5957-11df-b212-444553544200}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{45b2de42-5957-11df-b212-444553544200}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{45b2de43-5957-11df-b212-444553544200}\Shell - "" = AutoRun
    O33 - MountPoints2\{45b2de43-5957-11df-b212-444553544200}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{45b2de43-5957-11df-b212-444553544200}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{5e410fea-72fa-11de-af4a-444553544200}\Shell\AutoRun\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
    O33 - MountPoints2\{5e410fea-72fa-11de-af4a-444553544200}\Shell\open\command - "" = RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
    O33 - MountPoints2\{6f619a0f-08ac-11df-b11f-444553544200}\Shell\AutoRun\command - "" = F:\Toshiba\Launcher\start.exe -- File not found
    O33 - MountPoints2\{82c80a62-59c3-11de-aef4-444553544200}\Shell - "" = AutoRun
    O33 - MountPoints2\{82c80a62-59c3-11de-aef4-444553544200}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{82c80a62-59c3-11de-aef4-444553544200}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{8ae27e89-eeb7-11de-b0d6-444553544200}\Shell\AutoRun\command - "" = o9bxu.exe
    O33 - MountPoints2\{8ae27e89-eeb7-11de-b0d6-444553544200}\Shell\open\Command - "" = o9bxu.exe
    O33 - MountPoints2\{abd1068a-6183-11de-af12-444553544200}\Shell - "" = AutoRun
    O33 - MountPoints2\{abd1068a-6183-11de-af12-444553544200}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{abd1068a-6183-11de-af12-444553544200}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/26 20:56:41 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Error starting restore point: System Restore is disabled.
    Error closing restore point: System Restore is disabled.

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/05/09 18:52:14 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    [2010/05/06 10:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Help
    [2010/05/06 10:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Help
    [2010/04/28 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVIConverter
    [2010/04/26 23:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/04/25 09:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/23 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\PCHealth
    [2010/04/23 11:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2010/04/23 11:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/04/23 11:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
    [2010/04/23 11:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/04/23 11:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/04/23 10:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Malwarebytes
    [2010/04/23 10:50:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/23 10:50:26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/23 10:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/04/23 10:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/04/23 10:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/04/23 02:38:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/04/22 22:27:01 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2010/04/22 22:12:16 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/04/22 22:12:10 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/04/22 22:12:06 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/04/22 22:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2010/04/22 22:11:44 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/04/22 22:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/04/22 22:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/04/21 11:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trusteer
    [2010/04/19 18:51:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2010/04/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/04/17 02:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
    [2010/04/17 01:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Opera
    [2010/04/17 01:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Opera
    [2010/04/17 01:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2010/04/11 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\Change Requests
    [2010/04/09 21:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2010/04/08 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/08 18:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/04/08 18:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/08 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/04/08 18:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/04/06 11:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\WSUS
    [2010/04/06 10:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\Cute Repairs
    [2010/03/23 14:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Real
    [2010/03/23 14:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/03/19 15:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
    [2010/03/19 15:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
    [2010/03/11 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2010/03/09 12:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\My Albums
    [2010/03/01 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\Expenses
    [2010/02/25 14:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Temp
    [2010/02/24 15:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver
    [2010/02/23 21:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\Apps
    [2010/02/20 22:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
    [2010/02/20 11:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Trusteer
    [2010/02/20 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
    [2010/02/20 11:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2010/02/13 23:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/05/09 18:56:04 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2010/05/09 18:55:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E4DEE17-D57D-414A-B269-DB4C63DE0E8A}.job
    [2010/05/09 18:53:43 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Derek\ntuser.dat
    [2010/05/09 18:52:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    [2010/05/09 18:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/09 18:14:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/05/09 18:10:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010/05/09 18:10:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/09 18:10:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/09 18:09:58 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/05/09 18:09:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/09 18:08:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/09 17:03:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Derek\ntuser.ini
    [2010/05/09 12:24:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{125C693A-40A5-4567-8A7E-5A37DACF0061}.job
    [2010/05/09 10:07:34 | 059,752,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/05/08 19:36:16 | 000,238,080 | ---- | M] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/08 13:13:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/05/05 09:23:40 | 000,072,987 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\pool problem logs.zip
    [2010/05/03 11:38:09 | 000,014,014 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Repairs.xlsx
    [2010/04/28 23:31:47 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\AVIConverter.lnk
    [2010/04/24 19:09:49 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
    [2010/04/23 10:33:32 | 000,011,648 | ---- | M] () -- C:\Documents and Settings\Derek\My Documents\cc_20100423_103310.reg
    [2010/04/22 22:12:16 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/04/22 22:12:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/04/22 22:12:06 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/04/22 22:12:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/04/22 22:11:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/04/22 21:48:20 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/22 21:48:20 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/22 21:48:20 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/18 10:09:55 | 000,345,942 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Sita_Lotus_Notes_Working_Locally_1_7.pdf
    [2010/04/18 09:23:24 | 000,307,839 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Newsletter Vol.9.pdf
    [2010/04/17 02:50:33 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
    [2010/04/16 22:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/04/14 22:41:14 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Derek\PUTTY.RND
    [2010/04/14 18:15:20 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ASL.xls
    [2010/04/14 16:44:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ESL.xls
    [2010/04/09 22:57:06 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
    [2010/04/09 21:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
    [2010/04/09 11:57:28 | 000,001,026 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/08 18:28:59 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/07 00:05:38 | 000,002,994 | ---- | M] () -- C:\Documents and Settings\Derek\My Documents\cc_20100407_000533.reg
    [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/24 12:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/23 14:20:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/03/15 13:31:48 | 000,165,376 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
    [2010/03/11 09:17:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\while i am away.doc
    [2010/03/10 16:18:21 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Derek\My Documents\Default.rdp
    [2010/03/08 21:53:13 | 000,115,275 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\WY Sinbad.pdf
    [2010/03/01 20:35:15 | 000,010,012 | ---- | M] () -- C:\Documents and Settings\Derek\My Documents\cc_20100301_203510.reg
    [2010/02/28 15:00:32 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Software Update in progress.doc
    [2010/02/25 22:40:16 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SC Site Info 11-17-09.xls
    [2010/02/25 13:08:57 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Image 30 Instructions.doc
    [2010/02/24 15:39:15 | 100,640,566 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver.zip
    [2010/02/23 20:38:50 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\deck for Ops Review - MCT.ppt
    [2010/02/21 10:59:27 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Image 30 workstations.xls
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/09 13:50:18 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Nortel VPN Client.lnk
    [2010/05/05 09:23:38 | 000,072,987 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\pool problem logs.zip
    [2010/04/28 23:31:47 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\AVIConverter.lnk
    [2010/04/23 18:22:06 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2010/04/23 10:50:26 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/04/23 10:33:13 | 000,011,648 | ---- | C] () -- C:\Documents and Settings\Derek\My Documents\cc_20100423_103310.reg
    [2010/04/22 22:12:06 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/04/22 22:11:56 | 059,752,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/04/18 10:09:34 | 000,345,942 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Sita_Lotus_Notes_Working_Locally_1_7.pdf
    [2010/04/18 09:23:06 | 000,307,839 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Newsletter Vol.9.pdf
    [2010/04/17 02:50:33 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
    [2010/04/14 18:15:20 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ASL.xls
    [2010/04/14 16:44:08 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ESL.xls
    [2010/04/13 17:52:54 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\Derek\ntuser.dat
    [2010/04/09 21:39:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2010/04/09 21:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
    [2010/04/08 18:20:34 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/07 00:05:36 | 000,002,994 | ---- | C] () -- C:\Documents and Settings\Derek\My Documents\cc_20100407_000533.reg
    [2010/04/05 23:21:41 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/03/23 14:21:44 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/03/08 21:53:11 | 000,115,275 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\WY Sinbad.pdf
    [2010/03/07 09:02:11 | 000,014,014 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Repairs.xlsx
    [2010/03/01 20:35:12 | 000,010,012 | ---- | C] () -- C:\Documents and Settings\Derek\My Documents\cc_20100301_203510.reg
    [2010/02/28 15:00:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Software Update in progress.doc
    [2010/02/25 13:08:56 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Image 30 Instructions.doc
    [2010/02/24 15:25:15 | 100,640,566 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver.zip
    [2010/02/23 13:47:02 | 000,251,392 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\deck for Ops Review - MCT.ppt
    [2010/02/21 10:33:10 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Image 30 workstations.xls
    [2010/02/15 16:17:00 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/02/15 16:17:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/01/01 20:27:55 | 000,002,057 | ---- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
    [2009/12/28 12:39:38 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/12/28 12:39:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/12/28 12:39:36 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/28 12:39:36 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/12/28 12:39:33 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/12/28 12:39:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009/12/20 23:31:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2009/12/20 23:31:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2009/11/25 17:29:47 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2009/09/17 15:26:48 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/06/15 22:31:50 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
    [2009/06/13 20:49:12 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Cqv Converter.INI
    [2008/11/16 22:57:55 | 000,036,943 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2008/11/13 19:23:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2008/11/12 12:12:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2008/11/10 14:50:28 | 000,139,096 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2008/11/02 13:15:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\scjtapi.dll
    [2008/10/27 11:59:10 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
    [2008/10/27 11:59:09 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/05/04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
    [2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/07/30 14:32:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\CoordTransXP.dll
    [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/04/22 16:24:58 | 000,100,095 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
    [2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006/09/28 19:10:30 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP230.dll
    [2006/09/28 19:10:30 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP230.dll
    [2006/09/28 19:10:30 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP230.dll
    [2006/09/28 19:10:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP230.dll
    [2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1998/05/07 06:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
    [1997/06/14 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/04/23 04:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/25 17:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2008/11/05 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2009/02/21 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
    [2009/06/15 20:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/06/15 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2008/10/27 11:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
    [2009/05/01 00:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009/05/01 00:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009/04/03 16:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/03/19 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
    [2010/04/09 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2009/06/15 22:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2009/03/21 17:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
    [2009/12/30 12:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/02/20 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2009/06/17 22:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/08 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/27 11:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/18 15:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/11/25 18:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\DAEMON Tools Lite
    [2010/05/09 18:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\DMCache
    [2010/03/03 21:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Facebook
    [2010/02/07 00:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\FreeCall
    [2009/11/25 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\ICQ
    [2010/04/03 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\IDM
    [2009/06/15 16:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Infineon
    [2010/05/09 18:38:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\MailWasherPro
    [2010/04/17 01:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Opera
    [2009/12/20 23:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\PC Suite
    [2009/12/20 23:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Samsung
    [2009/07/01 09:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\TeamViewer
    [2010/02/20 11:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Trusteer
    [2010/03/14 19:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\uTorrent
    [2010/05/09 18:14:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/05/09 18:56:04 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
    [2010/05/09 18:10:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2010/05/09 12:24:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{125C693A-40A5-4567-8A7E-5A37DACF0061}.job
    [2010/05/09 18:55:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E4DEE17-D57D-414A-B269-DB4C63DE0E8A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2004/07/09 04:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\dxsetup.exe


    < MD5 for: AGP440.SYS >
    [2006/02/28 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 22:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 22:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2006/02/28 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 22:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 22:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2006/02/28 16:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 04:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 04:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2006/02/28 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver\AHCPI SP42232\Deployment\f6flpy64\IaStor.sys
    [2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver\AHCPI SP42232\Deployment\f6flpy32\IaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 04:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 04:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2006/02/28 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2006/02/28 16:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 04:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 04:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
    < End of report >

    OTL Extras logfile created on: 5/9/2010 6:54:36 PM - Run 1
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Derek\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 32.12 Gb Free Space | 21.55% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 11.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DEREKSITA
    Current User Name: Derek
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UacDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
    "C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe" = C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe:*:Enabled:Cisco IP Communicator -- (Cisco Systems, Inc.)
    "C:\Program Files\Nortel Networks\Extranet.exe" = C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client -- File not found
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
    "C:\Program Files\TeamViewer3\TeamViewer.exe" = C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "E:\actvision\iw3mp.exe" = E:\actvision\iw3mp.exe:*:Enabled:iw3mp -- File not found
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- File not found
    "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
    "C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
    "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe:*:Enabled:FreeCall -- (FreeCall)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
    "C:\Documents and Settings\Derek\Desktop\u96c.exe" = C:\Documents and Settings\Derek\Desktop\u96c.exe:*:Enabled:u96c -- File not found
    "C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe" = C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe:*:Enabled:Global Virtual Card Host -- (Cognizance Corporation)
    "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:GoogleToolbarNotifier -- (Google Inc.)
    "C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
    "C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE:*:Enabled:Age of Empires II -- (Microsoft Corporation)
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
    "C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
    "C:\Documents and Settings\Derek\Desktop\U99.exe" = C:\Documents and Settings\Derek\Desktop\U99.exe:*:Enabled:U99 -- File not found
    "C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe" = C:\Program Files\Nortel\Nortel VPN Client\Extranet.exe:*:Enabled:Nortel VPN Client -- (Nortel Networks NA, Inc.)
    "C:\Documents and Settings\Derek\Desktop\Internet Apps\u995.exe" = C:\Documents and Settings\Derek\Desktop\Internet Apps\u995.exe:*:Enabled:u995 -- File not found
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{023EC958-023C-42D1-B2A4-E9E4BEF599FC}" = SweetIM for Messenger 2.6
    "{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
    "{0B222912-C927-47CE-AC67-F34E9F3B7964}" = Franson CoordTrans v2.30
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{0F894917-79EE-4BC3-9C3A-E267BF40F524}" = RSA SecurID Software Token
    "{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
    "{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
    "{1943A043-5C85-4A16-A0D0-D687B2C1A40F}" = VirtualCom driver
    "{1CF925D3-1E33-4447-889B-0751D2CF886D}" = Drive Encryption for HP ProtectTools
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20A1D306-CE83-492A-8525-D6DF50B5944A}" = Embedded Security for HP ProtectTools
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
    "{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}" = HP PCMCIA Smart Card Reader
    "{266C7330-C0F4-49E5-8F20-A56F9F822875}" = SweetIM Toolbar for Internet Explorer 3.3
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
    "{2F4E2C8A-B886-418E-BE49-0B867CBDA959}" = Championship Manager 2008
    "{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
    "{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{40465132-7A8F-4B5D-9A41-E3BCCB93DA6B}" = XLRapidshare
    "{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
    "{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard
    "{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
    "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
    "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
    "{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68249B6E-B714-11D7-88E8-0050DA21757E}" = Oracle JInitiator 1.3.1.18
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7184F382-8A6C-4B85-A3AC-B63734B1E241}" = SAMSUNG Mobile USB Driver
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
    "{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117164797}" = Dream Vacation Solitaire FREE
    "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
    "{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
    "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
    "{8D49D55D-9837-4E0E-AE3B-05C7BEC5CD1F}" = Opera 10.51
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{9E73617F-2F38-4864-BD61-BB2DDFE43323}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{27A9D316-D332-433B-8EB1-1D93EE49F26D}" = Microsoft Office Project 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9676F2EF-9443-4E5F-B4CC-9096C5974798}" = Cisco IP Communicator
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
    "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A40D6757-B145-4FE7-B694-89180A9F3F64}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
    "{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
    "{B64E3DF8-FE6A-4089-93D0-C0829B8D9D99}" = Nortel VPN Client
    "{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
    "{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
    "{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
    "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
    "{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}" = Credential Manager for HP ProtectTools
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
    "{C5C10BD4-49AA-4C25-ACE6-902A37ED51FF}" = Lotus Notes 7.0.1
    "{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = PAP7501
    "{C74D0FA0-1D49-464F-A707-B427EE3385C1}" = HP BIOS Configuration for ProtectTools
    "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
    "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.2
    "{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
    "{D99C322D-C21B-40C7-AE71-EE51AA096B6E}" = Nokia Flashing Cable Driver
    "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
    "{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
    "{E0742446-2B18-4204-8A46-DA70BB003318}" = HP Broadband Wireless Modules
    "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
    "{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
    "{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
    "{EF4F620F-F295-41D7-92C0-6B635709C850}" = Nokia Software Updater
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
    "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Age of Empires 2.0" = Microsoft Age of Empires II
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "AI RoboForm" = AI RoboForm (All Users)
    "AVG9Uninstall" = AVG Free 9.0
    "AVIConverter" = AVIConverter 5.1.6
    "Bejeweled Blitz" = Bejeweled Blitz
    "Broadband Internet" = Broadband Internet
    "Broadband Internet-E220" = Broadband Internet-E220
    "CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
    "CCleaner" = CCleaner
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Cqi Converter" = Cqi Converter
    "Cqv Converter" = Cqv Converter
    "CutePDF Writer Installation" = CutePDF Writer 2.7
    "E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
    "E24870CB6AA1C3511635FF9020A3E9471287FBE7" = Windows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
    "FreeCall_is1" = FreeCall
    "Graboid Video" = Graboid Video 1.4
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Document Viewer" = HP Document Viewer 7.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 7.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
    "HPExtendedCapabilities" = HP Customer Participation Program 7.0
    "HPOCR" = OCR Software by I.R.I.S 7.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IncrediMail" = IncrediMail 2.0
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "Internet Download Manager" = Internet Download Manager
    "IQRA'A USB Driver for Win98" = IQRA'A USB Driver for Win98
    "KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
    "MailWasher Pro_is1" = MailWasher Pro
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Paint Shop Pro 6" = Paint Shop Pro 6.01 ESD
    "PhotoMail" = PhotoMail Maker
    "PRJPRO" = Microsoft Office Project Professional 2007
    "Rapport_msi" = Rapport
    "RealPlayer 12.0" = RealPlayer
    "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
    "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
    "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
    "SAMSUNG Mobile USB Download Driver" = SAMSUNG Mobile USB Download Driver Software
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Samsung Mobile USB Modem Device" = Samsung Mobile USB Modem Device Software
    "SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamViewer 3" = TeamViewer 3
    "Visual CertExam Suite_is1" = Visual CertExam Suite 1.9
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Facebook Plug-In" = Facebook Plug-In
    "uTorrent" = µTorrent

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/6/2010 5:44:10 PM | Computer Name = DEREKSITA | Source = MSSecurityEssentials | ID = 5000
    Description =

    Error - 5/7/2010 3:32:24 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    Error - 5/7/2010 3:33:05 AM | Computer Name = DEREKSITA | Source = Google Update | ID = 20
    Description =

    Error - 5/7/2010 5:40:13 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    Error - 5/8/2010 4:11:47 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    Error - 5/8/2010 9:18:56 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    Error - 5/8/2010 5:21:54 PM | Computer Name = DEREKSITA | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 5/9/2010 2:03:42 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    Error - 5/9/2010 6:07:54 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    Error - 5/9/2010 10:11:24 AM | Computer Name = DEREKSITA | Source = Application Error | ID = 1000
    Description = Faulting application psdrt.exe, version 3.0.1239.0, faulting module
    psd.dll, version 3.0.1239.0, fault address 0x0001df7f.

    [ OSession Events ]
    Error - 2/9/2009 8:42:48 AM | Computer Name = AMURPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 9/2/2009 3:16:05 AM | Computer Name = AMURPC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 273
    seconds with 60 seconds of active time. This session ended with a crash.


    < End of report >
     
  5. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,

    still some work to do, but first lets check for some hidden baddies.


    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.
     
  6. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    Hi Tom, I tried to run GMER, but every time I ran it my laptop crashed with a blue screen. The screen was never there long enough to get details. D
     
  7. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Ok, let's do this:


    Please go here and have a look how you can disable your security software.

    Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

    Link 1
    Link 2



    --------------------------------------------------------------------

    Double click on the renamed Combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    If you need help, see this link:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
     
  8. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    Hi Tom, bad news I'm afraid, I had blue screen problems again.

    I followed instructions, but I got a message saying that combofix had to disable CD emulation drivers. This caused a reboot, but then combofix ran. At 'completed stage 2' I got a windows error, a problem with "PEV.CFXXE". Then scanning continued until 'completed stage 50' then it said 'deleting files' then blue screen. Again it disappeared too quickly for me to get details. There was no log file saved. I tried 3 times with same result each time
     
  9. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Have a look if you can find C:\Combofix.txt, if not, please post back with a fresh OTL logfile.
     
  10. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    no c:\combofix.txt, sorry

    OTL logfile created on: 5/13/2010 8:31:37 PM - Run 2
    OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Derek\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 149.04 Gb Total Space | 29.21 Gb Free Space | 19.60% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 11.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DEREKSITA
    Current User Name: Derek
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/05/09 18:52:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    PRC - [2010/05/09 10:05:02 | 002,017,280 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2010/04/30 21:26:16 | 009,168,176 | ---- | M] (FreeCall) -- C:\Program Files\FreeCall.com\FreeCall\freecall.exe
    PRC - [2010/04/22 22:11:44 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010/04/22 22:11:44 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/04/22 22:11:44 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/04/22 22:11:39 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/04/22 22:11:39 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/04/22 22:11:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/03/23 16:39:18 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2010/03/23 16:39:18 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2010/03/23 14:20:47 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/03/18 18:28:28 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Derek\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
    PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    PRC - [2009/11/11 16:33:04 | 003,171,760 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
    PRC - [2009/10/15 13:51:51 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
    PRC - [2009/09/10 17:14:52 | 000,107,864 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    PRC - [2009/09/10 17:14:18 | 000,238,952 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
    PRC - [2009/06/15 22:57:29 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband Internet\Broadband Internet.exe
    PRC - [2009/06/15 22:42:57 | 000,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    PRC - [2009/03/05 19:36:00 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
    PRC - [2008/11/14 14:50:46 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\PACTray.exe
    PRC - [2008/04/14 04:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
    PRC - [2007/04/22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    PRC - [2007/02/15 16:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
    PRC - [2007/02/07 05:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
    PRC - [2007/01/24 14:28:58 | 000,124,928 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe
    PRC - [2007/01/09 15:52:32 | 000,145,184 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
    PRC - [2007/01/05 20:36:48 | 000,872,448 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    PRC - [2006/02/10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2006/01/18 08:04:46 | 000,053,248 | ---- | M] (IBM Corp) -- C:\Program Files\lotus\notes\ntmulti.exe
    PRC - [2003/12/02 10:27:08 | 001,417,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/05/09 18:52:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    MOD - [2010/03/23 14:21:43 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    MOD - [2010/02/17 11:44:18 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
    MOD - [2009/03/26 19:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
    MOD - [2009/03/05 19:35:32 | 000,023,864 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
    MOD - [2008/04/14 04:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2007/02/26 07:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
    MOD - [2003/03/18 21:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
    MOD - [2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/22 22:11:38 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/03/23 16:39:18 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV - [2009/09/10 17:14:18 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
    SRV - [2009/03/04 11:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/08/09 11:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2007/04/22 16:32:42 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
    SRV - [2007/02/15 16:55:18 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
    SRV - [2007/02/07 05:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
    SRV - [2006/12/04 16:13:16 | 000,292,384 | R--- | M] (Sierra Wireless Inc.) [Auto | Running] -- C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe -- (SWIHPWMI)
    SRV - [2006/06/22 09:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
    SRV - [2006/01/18 08:04:46 | 000,053,248 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
    SRV - [2003/12/02 10:27:08 | 001,417,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/05/09 10:05:02 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/04/22 22:12:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/04/22 22:12:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/04/22 22:11:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/03/23 16:39:26 | 000,125,160 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2010/03/23 16:39:26 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
    DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2009/11/25 17:29:47 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/08/31 09:23:28 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2009/03/19 13:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2009/03/19 13:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2009/02/09 07:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2009/02/09 07:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2009/02/09 07:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2009/02/09 07:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/12/05 17:42:02 | 000,580,992 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GUCI_AVS.sys -- (GUCI_AVS)
    DRV - [2008/09/26 18:01:00 | 000,101,376 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/09/05 18:15:50 | 000,026,137 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
    DRV - [2008/09/05 18:15:34 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
    DRV - [2008/09/05 18:15:34 | 000,157,648 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)
    DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2008/04/13 22:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 20:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2007/05/16 15:14:58 | 005,707,744 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/04/22 16:25:30 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsvlock.sys -- (RsvLock)
    DRV - [2007/04/22 16:24:58 | 000,100,095 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SafeBoot.sys -- (SafeBoot)
    DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
    DRV - [2007/03/29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\SbFsLock.sys -- (SbFsLock)
    DRV - [2007/03/01 13:00:50 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
    DRV - [2007/02/27 14:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
    DRV - [2007/02/14 18:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2007/01/24 00:07:30 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
    DRV - [2007/01/23 23:13:26 | 000,036,608 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
    DRV - [2007/01/12 17:04:44 | 000,201,856 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/01/09 19:50:24 | 000,288,768 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007/01/02 15:01:40 | 001,160,320 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/10/19 01:23:00 | 000,033,024 | R--- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HP24X.sys -- (HP24X)
    DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SbAlg.sys -- (SbAlg)
    DRV - [2006/07/24 00:00:04 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
    DRV - [2006/07/24 00:00:04 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
    DRV - [2005/04/15 13:45:14 | 001,916,317 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cpmt.sys -- (Cpmt)
    DRV - [2005/04/15 13:45:12 | 000,035,693 | ---- | M] (Cisco Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdpPacket.sys -- (CdpPacket)
    DRV - [2003/12/02 10:26:22 | 000,268,872 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2003/08/28 21:40:26 | 000,189,792 | ---- | M] (Zone Labs Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2003/07/24 19:55:50 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.live.com/default.aspx?ppud=0&wa=wsignin1.0
    IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://mail.live.com/default.aspx?ppud=0&wa=wsignin1.0"
    FF - prefs.js..extensions.enabledItems: [email protected]:6.7
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
    FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.2
    FF - prefs.js..network.proxy.no_proxies_on: "local"

    FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/06/15 22:43:13 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/23 14:21:44 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/22 22:11:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/08 18:14:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/18 10:08:11 | 000,000,000 | ---D | M]

    [2009/09/10 10:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Mozilla\Extensions
    [2010/02/07 23:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\x99lmpch.default\extensions
    [2009/09/10 11:17:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Derek\Application Data\Mozilla\Firefox\Profiles\x99lmpch.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/08 13:10:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/18 10:08:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/04/18 10:07:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2008/09/28 14:17:04 | 000,000,806 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
    O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
    O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation)
    O4 - HKLM..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NPSStartup] File not found
    O4 - HKLM..\Run: [PACTray] C:\WINDOWS\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
    O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\Derek\Start Menu\Programs\Startup\DskMgr.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll (Google Inc.)
    O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
    O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
    O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: skillport.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Derek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Derek\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/10/26 20:57:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2008/04/24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - F:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/06/02 18:16:48 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/26 20:56:41 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183528496136192)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/05/13 10:27:06 | 000,000,000 | --SD | C] -- C:\schrauber
    [2010/05/13 10:11:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/05/13 10:06:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/05/13 10:06:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/05/13 10:06:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/05/13 10:06:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/05/13 10:05:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/05/13 09:58:39 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/05/09 18:52:14 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    [2010/05/06 10:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Help
    [2010/05/06 10:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Help
    [2010/04/28 23:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVIConverter
    [2010/04/26 23:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2010/04/25 09:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/04/23 11:25:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\PCHealth
    [2010/04/23 11:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2010/04/23 11:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/04/23 11:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\SUPERAntiSpyware.com
    [2010/04/23 11:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/04/23 11:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2010/04/23 10:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Malwarebytes
    [2010/04/23 10:50:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/23 10:50:26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/23 10:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/04/23 10:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/04/23 10:45:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2010/04/23 02:38:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/04/22 22:27:01 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2010/04/22 22:12:16 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/04/22 22:12:10 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/04/22 22:12:06 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/04/22 22:11:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
    [2010/04/22 22:11:44 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/04/22 22:11:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/04/22 22:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2010/04/21 11:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Trusteer
    [2010/04/19 18:51:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
    [2010/04/18 10:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/04/17 02:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\PopCap Games
    [2010/04/17 01:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Opera
    [2010/04/17 01:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Opera
    [2010/04/17 01:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2010/04/11 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\Change Requests
    [2010/04/09 21:39:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2010/04/08 18:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/04/08 18:19:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/04/08 18:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/08 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/04/08 18:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/04/06 11:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\WSUS
    [2010/04/06 10:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\Cute Repairs
    [2010/03/23 14:22:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Real
    [2010/03/23 14:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
    [2010/03/19 15:11:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
    [2010/03/19 15:11:10 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
    [2010/03/11 22:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2010/03/09 12:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\My Documents\My Albums
    [2010/03/01 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\Expenses
    [2010/02/25 14:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Local Settings\Application Data\Temp
    [2010/02/24 15:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver
    [2010/02/23 21:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Desktop\Apps
    [2010/02/20 22:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
    [2010/02/20 11:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek\Application Data\Trusteer
    [2010/02/20 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
    [2010/02/20 11:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2010/02/13 23:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/05/13 20:35:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3E4DEE17-D57D-414A-B269-DB4C63DE0E8A}.job
    [2010/05/13 20:33:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/13 20:32:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2010/05/13 17:34:32 | 059,932,514 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/05/13 17:17:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{125C693A-40A5-4567-8A7E-5A37DACF0061}.job
    [2010/05/13 16:03:24 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/05/13 15:59:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
    [2010/05/13 15:59:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/05/13 15:59:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/13 15:59:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/05/13 15:58:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/05/13 15:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/05/13 15:09:14 | 007,864,320 | ---- | M] () -- C:\Documents and Settings\Derek\ntuser.dat
    [2010/05/13 15:09:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Derek\ntuser.ini
    [2010/05/13 14:56:00 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-839522115-1006Core.job
    [2010/05/13 14:01:10 | 000,240,640 | ---- | M] () -- C:\Documents and Settings\Derek\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/13 10:11:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/05/13 09:13:07 | 003,687,320 | R--- | M] () -- C:\Documents and Settings\Derek\Desktop\schrauber.exe
    [2010/05/13 09:10:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Derek\Desktop\~$chguys.docx
    [2010/05/13 09:10:31 | 000,031,218 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\techguys.docx
    [2010/05/12 13:05:46 | 003,329,517 | ---- | M] () -- C:\Documents and Settings\Derek\My Documents\SITA Portfolio Roadmap May 2010 (branded).pdf
    [2010/05/10 15:25:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/05/09 18:52:19 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek\Desktop\OTL.exe
    [2010/05/03 11:38:09 | 000,014,014 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Repairs.xlsx
    [2010/04/28 23:31:47 | 000,000,553 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\AVIConverter.lnk
    [2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
    [2010/04/24 19:09:49 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
    [2010/04/23 10:33:32 | 000,011,648 | ---- | M] () -- C:\Documents and Settings\Derek\My Documents\cc_20100423_103310.reg
    [2010/04/22 22:12:16 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/04/22 22:12:10 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/04/22 22:12:06 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/04/22 22:12:06 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/04/22 22:11:44 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/04/22 21:48:20 | 000,525,448 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/04/22 21:48:20 | 000,444,156 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/04/22 21:48:20 | 000,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/04/18 10:09:55 | 000,345,942 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Sita_Lotus_Notes_Working_Locally_1_7.pdf
    [2010/04/18 09:23:24 | 000,307,839 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Newsletter Vol.9.pdf
    [2010/04/17 02:50:33 | 000,000,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
    [2010/04/16 22:00:00 | 000,085,504 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/04/14 22:41:14 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Derek\PUTTY.RND
    [2010/04/14 18:15:20 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ASL.xls
    [2010/04/14 16:44:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ESL.xls
    [2010/04/09 22:57:06 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
    [2010/04/09 21:39:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
    [2010/04/09 11:57:28 | 000,001,026 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/04/08 18:28:59 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/03/24 12:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/03/23 14:20:49 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
    [2010/03/15 13:31:48 | 000,165,376 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
    [2010/03/11 09:17:16 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\while i am away.doc
    [2010/03/10 16:18:21 | 000,001,722 | -H-- | M] () -- C:\Documents and Settings\Derek\My Documents\Default.rdp
    [2010/03/08 21:53:13 | 000,115,275 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\WY Sinbad.pdf
    [2010/02/28 15:00:32 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Software Update in progress.doc
    [2010/02/25 22:40:16 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\SC Site Info 11-17-09.xls
    [2010/02/25 13:08:57 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Image 30 Instructions.doc
    [2010/02/24 15:39:15 | 100,640,566 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver.zip
    [2010/02/23 20:38:50 | 000,251,392 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\deck for Ops Review - MCT.ppt
    [2010/02/21 10:59:27 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Derek\Desktop\Image 30 workstations.xls
    [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/05/13 10:11:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/05/13 10:11:23 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/05/13 10:06:15 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/05/13 10:06:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/05/13 10:06:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/05/13 10:06:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/05/13 10:06:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/05/13 09:12:30 | 003,687,320 | R--- | C] () -- C:\Documents and Settings\Derek\Desktop\schrauber.exe
    [2010/05/13 09:10:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Derek\Desktop\~$chguys.docx
    [2010/05/13 09:10:31 | 000,031,218 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\techguys.docx
    [2010/05/12 13:01:00 | 003,329,517 | ---- | C] () -- C:\Documents and Settings\Derek\My Documents\SITA Portfolio Roadmap May 2010 (branded).pdf
    [2010/05/10 14:51:50 | 000,000,924 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-515967899-1425521274-839522115-1006Core.job
    [2010/05/09 13:50:18 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Nortel VPN Client.lnk
    [2010/04/28 23:31:47 | 000,000,553 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\AVIConverter.lnk
    [2010/04/23 18:22:06 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
    [2010/04/23 10:50:26 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/04/23 10:33:13 | 000,011,648 | ---- | C] () -- C:\Documents and Settings\Derek\My Documents\cc_20100423_103310.reg
    [2010/04/22 22:12:06 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
    [2010/04/22 22:11:56 | 059,932,514 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/04/18 10:09:34 | 000,345,942 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Sita_Lotus_Notes_Working_Locally_1_7.pdf
    [2010/04/18 09:23:06 | 000,307,839 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Newsletter Vol.9.pdf
    [2010/04/17 02:50:33 | 000,000,900 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled Blitz.lnk
    [2010/04/14 18:15:20 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ASL.xls
    [2010/04/14 16:44:08 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\OOB Cost Tracking- ESL.xls
    [2010/04/13 17:52:54 | 007,864,320 | ---- | C] () -- C:\Documents and Settings\Derek\ntuser.dat
    [2010/04/09 21:39:29 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
    [2010/04/09 21:39:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
    [2010/04/08 18:20:34 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/04/05 23:21:41 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/03/23 14:21:44 | 000,000,286 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1425521274-839522115-1006.job
    [2010/03/08 21:53:11 | 000,115,275 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\WY Sinbad.pdf
    [2010/03/07 09:02:11 | 000,014,014 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Repairs.xlsx
    [2010/02/28 15:00:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Software Update in progress.doc
    [2010/02/25 13:08:56 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Image 30 Instructions.doc
    [2010/02/24 15:25:15 | 100,640,566 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver.zip
    [2010/02/23 13:47:02 | 000,251,392 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\deck for Ops Review - MCT.ppt
    [2010/02/21 10:33:10 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Derek\Desktop\Image 30 workstations.xls
    [2010/02/15 16:17:00 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/02/15 16:17:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/01/01 20:27:55 | 000,002,057 | ---- | C] () -- C:\WINDOWS\System32\GUCI_AVS.ini
    [2009/12/28 12:39:38 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2009/12/28 12:39:38 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2009/12/28 12:39:36 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2009/12/28 12:39:36 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/12/28 12:39:33 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2009/12/28 12:39:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2009/12/20 23:31:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
    [2009/12/20 23:31:36 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
    [2009/11/25 17:29:47 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2009/09/17 15:26:48 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/06/15 22:31:50 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
    [2009/06/13 20:49:12 | 000,000,076 | ---- | C] () -- C:\WINDOWS\Cqv Converter.INI
    [2008/11/16 22:57:55 | 000,036,943 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll
    [2008/11/13 19:23:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2008/11/12 12:12:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
    [2008/11/10 14:50:28 | 000,139,096 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2008/11/02 13:15:21 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\scjtapi.dll
    [2008/10/27 11:59:10 | 000,204,800 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
    [2008/10/27 11:59:09 | 000,910,304 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/05/04 17:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll
    [2008/03/04 18:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2007/10/31 09:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
    [2007/07/30 14:32:24 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\CoordTransXP.dll
    [2007/05/17 13:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/04/22 16:24:58 | 000,100,095 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
    [2007/02/06 15:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/02/06 14:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2006/09/28 19:10:30 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP230.dll
    [2006/09/28 19:10:30 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP230.dll
    [2006/09/28 19:10:30 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP230.dll
    [2006/09/28 19:10:30 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP230.dll
    [2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1998/05/07 06:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
    [1997/06/14 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

    ========== LOP Check ==========

    [2010/04/23 04:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/25 17:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2008/11/05 11:23:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2009/02/21 21:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
    [2009/06/15 20:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2009/06/15 20:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2008/10/27 11:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
    [2009/05/01 00:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009/05/01 00:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009/04/03 16:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2010/03/19 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
    [2010/04/09 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
    [2009/06/15 22:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2009/03/21 17:40:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
    [2009/12/30 12:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/02/20 11:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
    [2009/06/17 22:23:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2010/04/08 18:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/09/27 11:09:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/06/18 15:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/11/25 18:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\DAEMON Tools Lite
    [2010/05/13 16:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\DMCache
    [2010/03/03 21:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Facebook
    [2010/02/07 00:49:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\FreeCall
    [2009/11/25 13:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\ICQ
    [2010/04/03 17:02:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\IDM
    [2009/06/15 16:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Infineon
    [2010/05/13 20:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\MailWasherPro
    [2010/04/17 01:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Opera
    [2009/12/20 23:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\PC Suite
    [2009/12/20 23:30:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Samsung
    [2009/07/01 09:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\TeamViewer
    [2010/02/20 11:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\Trusteer
    [2010/05/11 09:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek\Application Data\uTorrent
    [2010/05/13 16:03:24 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/05/13 20:32:31 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
    [2010/05/13 15:59:52 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
    [2010/05/13 17:17:23 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{125C693A-40A5-4567-8A7E-5A37DACF0061}.job
    [2010/05/13 20:35:00 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{3E4DEE17-D57D-414A-B269-DB4C63DE0E8A}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2004/07/09 04:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\dxsetup.exe


    < MD5 for: AGP440.SYS >
    [2006/02/28 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 22:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 22:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2006/02/28 16:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2008/11/01 13:43:46 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 22:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 22:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2006/02/28 16:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/14 04:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/14 04:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2006/02/28 16:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: IASTOR.SYS >
    [2008/12/04 12:48:52 | 000,407,064 | ---- | M] (Intel Corporation) MD5=8EACF469269FB1509561961A3188F670 -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver\AHCPI SP42232\Deployment\f6flpy64\IaStor.sys
    [2008/12/04 12:34:52 | 000,328,728 | ---- | M] (Intel Corporation) MD5=BAABB0301949774A66B955C65319635A -- C:\Documents and Settings\Derek\Desktop\Dc7900_2003_Server_Driver\AHCPI SP42232\Deployment\f6flpy32\IaStor.sys

    < MD5 for: NETLOGON.DLL >
    [2008/04/14 04:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/14 04:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2006/02/28 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2006/02/28 16:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/14 04:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/14 04:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
    < End of report >
     
  11. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,

    RootRepeal - Rootkit Detector


    Download RootRepeal.zip and unzip it to your Desktop.


    • Double click RootRepeal.exe to start the program
    • Click on the Report tab at the bottom of the program window
    • Clickthe Scan button
    • In the Select Scan dialog, check:
      • Drivers
      • Files
      • Processes
      • SSDT
      • Stealth Objects
      • Hidden Services

    • Click the OK button
    • In the next dialog, select all drives showing
    • Click OK to start the scan

      The scan can take some time. DO NOT run any other programs while the scan is running

    • When the scan is complete, the Save Report button will become available
    • Click this and save the report to your Desktop as RootRepeal.txt
    • Go to File, then Exit to close the program
     
  12. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    Hi Tom, here is the report

    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2010/05/15 20:09
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================
    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xA12AE000 Size: 98304 File Visible: No Signed: -
    Status: -
    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF7A07000 Size: 8192 File Visible: No Signed: -
    Status: -
    Name: PCI_PNP3632
    Image Path: \Driver\PCI_PNP3632
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -
    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0x9E36C000 Size: 49152 File Visible: No Signed: -
    Status: -
    Name: spsi.sys
    Image Path: spsi.sys
    Address: 0xF7293000 Size: 995328 File Visible: No Signed: -
    Status: -
    Name: sptd
    Image Path: \Driver\sptd
    Address: 0x00000000 Size: 0 File Visible: No Signed: -
    Status: -
    Hidden/Locked Files
    -------------------
    Path: c:\windows\modemlog_huawei mobile connect - 3g modem #3.txt
    Status: Size mismatch (API: 16978, Raw: 16770)
    SSDT
    -------------------
    #: 019 Function Name: NtAssignProcessToJobObject
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1383d92
    #: 037 Function Name: NtCreateFile
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa138449e
    #: 041 Function Name: NtCreateKey
    Status: Hooked by "spsi.sys" at address 0xf72940e0
    #: 062 Function Name: NtDeleteFile
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa13845ea
    #: 063 Function Name: NtDeleteKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387d58
    #: 065 Function Name: NtDeleteValueKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387d8a
    #: 071 Function Name: NtEnumerateKey
    Status: Hooked by "spsi.sys" at address 0xf72acda4
    #: 073 Function Name: NtEnumerateValueKey
    Status: Hooked by "spsi.sys" at address 0xf72ad132
    #: 116 Function Name: NtOpenFile
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa138454e
    #: 119 Function Name: NtOpenKey
    Status: Hooked by "spsi.sys" at address 0xf72940c0
    #: 122 Function Name: NtOpenProcess
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1383ed6
    #: 128 Function Name: NtOpenThread
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa13840c8
    #: 137 Function Name: NtProtectVirtualMemory
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa13841fa
    #: 160 Function Name: NtQueryKey
    Status: Hooked by "spsi.sys" at address 0xf72ad20a
    #: 177 Function Name: NtQueryValueKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387e62
    #: 192 Function Name: NtRenameKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387dcc
    #: 193 Function Name: NtReplaceKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387dfe
    #: 204 Function Name: NtRestoreKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387e30
    #: 213 Function Name: NtSetContextThread
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1383d40
    #: 224 Function Name: NtSetInformationFile
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa138464a
    #: 247 Function Name: NtSetValueKey
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1387cf0
    #: 254 Function Name: NtSuspendThread
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1383ce4
    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS" at address 0xa13d6950
    #: 258 Function Name: NtTerminateThread
    Status: Hooked by "C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys" at address 0xa1383c88
    Stealth Objects
    -------------------
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
    Process: System Address: 0x8adeb1f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_CREATE]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_CLOSE]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_POWER]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: awcwo36l&#1541;&#25167;&#29011;&#29176;&#57752;&#51592;&#57751;&#1538;&#3077;&#29774;&#29510;&#44808;&#57773;, IRP_MJ_PNP]
    Process: System Address: 0x8aac11f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
    Process: System Address: 0x8aacd1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
    Process: System Address: 0x87e7a1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
    Process: System Address: 0x8ae5e1f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
    Process: System Address: 0x8abd31f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
    Process: System Address: 0x8aded1f8 Size: 121
    Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
    Process: System Address: 0x87e91500 Size: 121
    Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
    Process: System Address: 0x87e91500 Size: 121
    Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x87e91500 Size: 121
    Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x87e91500 Size: 121
    Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
    Process: System Address: 0x87e91500 Size: 121
    Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
    Process: System Address: 0x87e91500 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
    Process: System Address: 0x8abc71f8 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
    Process: System Address: 0x87e55500 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_CREATE]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_CLOSE]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_READ]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_QUERY_INFORMATION]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_SET_INFORMATION]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_QUERY_VOLUME_INFORMATION]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_DIRECTORY_CONTROL]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_FILE_SYSTEM_CONTROL]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_DEVICE_CONTROL]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_SHUTDOWN]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_LOCK_CONTROL]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_CLEANUP]
    Process: System Address: 0x8965f438 Size: 121
    Object: Hidden Code [Driver: Cdfs&#517;&#3080;&#29557;&#28770;&#25970;&#17255;&#51192;&#35514;&#46228;&#57782;, IRP_MJ_PNP]
    Process: System Address: 0x8965f438 Size: 121
    ==EOF==
     
  13. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,

    You must first verify that you can logon to the Windows Recovery Console.
    To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

    How to install and use the Windows XP Recovery Console


    Next, please download maxlook, saving the file to your desktop.
    Double click maxlook.exe to run it. Note - you must run it only once!
    As instructed when the tool runs, restart the computer and logon to the Recovery Console.
    Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

    batch look.bat

    You will see many files copied then return to the x:\windows> prompt.
    Type Exit then restart your computer and logon in normal mode.
    Please run maxlook.exe again now. Note - you must run it only once!
    It will produce looklog.txt on the desktop and open it.
    Please post the results here.

    NEXT:

    Once back in Windows, go to Start > Run, and copy/paste the following then press Enter.

    maxlook -sig


    Post the log in your next reply
     
  14. jaggy

    jaggy Thread Starter

    Joined:
    Apr 25, 2010
    Messages:
    23
    Hi Tom

    Run from C:\Documents and Settings\Derek\Desktop\maxlook.exe on Sun 05/16/2010 at 19:02:45.04
    No infected file found

    then

    Code:
    Run from C:\Documents and Settings\Derek\Desktop\maxlook.exe on Sun 05/16/2010 at 19:04:11.46
    --------- maxlook unsigned files ---------
    c:\windows\maxdriver\CdpPacket.sys:
     Verified: Unsigned
     File date: 1:45 PM 4/15/2005
     Publisher: Cisco Systems
     Description: CdpPacket.sys
     Product: Cisco IP Communicator
     Version: 1,1,4,0
     File version: 1.01
    c:\windows\maxdriver\cdr4_xp.sys:
     Verified: Unsigned
     File date: 3:00 AM 8/19/2005
     Publisher: Sonic Solutions
     Description: CDR4 CD and DVD Place Holder Driver (see PxHelp)
     Product: Drag-to-Disc
     Version: 8.0.0.212 
     File version: 8.0.0.212 
    c:\windows\maxdriver\cdralw2k.sys:
     Verified: Unsigned
     File date: 3:00 AM 8/19/2005
     Publisher: Sonic Solutions
     Description: CDRAL Place Holder Driver (see PxHelp)
     Product: Drag-to-Disc
     Version: 8.0.0.212 
     File version: 8.0.0.212 
    c:\windows\maxdriver\Cpmt.sys:
     Verified: Unsigned
     File date: 1:45 PM 4/15/2005
     Publisher: Cisco Systems, Inc.
     Description: Cpmt.sys
     Product: Cisco IP Communicator
     Version: 1,1,4,0
     File version: 1.0.0.96
    c:\windows\maxdriver\CVPNDRVA.sys:
     Verified: Unsigned
     File date: 10:26 AM 12/2/2003
     Publisher: Cisco Systems, Inc.
     Description: Cisco Systems VPN Client IPSec Driver
     Product: Cisco Systems VPN Client
     Version: 4.0.3 (C)
     File version: 4.0.3 (C)
    c:\windows\maxdriver\eacfilt.sys:
     Verified: Unsigned
     File date: 6:15 PM 9/5/2008
     Publisher: Nortel Networks
     Description: NDIS Filter Intermediate Driver
     Product: Filter Driver for CVC
     Version: 07,01,0,330
     File version: 07,01,0,330
    c:\windows\maxdriver\GUCI_AVS.sys:
     Verified: Unsigned
     File date: 5:42 PM 12/5/2008
     Publisher: PixArt Imaging Incorporation
     Description: Generic USB Controller Interface (AVS)
     Product: Generic USB Controller Interface (AVS)
     Version: 0000.0000.0000.0000
     File version: 0001.0033.2008.1204
    c:\windows\maxdriver\ipsecw2k.sys:
     Verified: Unsigned
     File date: 6:15 PM 9/5/2008
     Publisher: Nortel Networks NA, Inc.
     Description: Contivity VPN Client Adapter
     Product: Contivity VPN Client
     Version: 07,01,0,330
     File version: 07,01,0,330
    c:\windows\maxdriver\NX58xx98.sys:
     Verified: Unsigned
     File date: 12:05 PM 6/17/2006
     Publisher: NEXIA DEVICE     
     Description: USB Mass Storage Driver
     Product: USB Mass Storage Driver
     Version: 5.00.1868.1
     File version: 5.00.1868.1
    c:\windows\maxdriver\pxhelp20.sys:
     Verified: Unsigned
     File date: 3:00 AM 8/19/2005
     Publisher: Sonic Solutions
     Description: Px Engine Device Driver for Windows 2000/XP
     Product: PxHelp20
     Version: n/a
     File version: 3.00.09a
    c:\windows\maxdriver\rsvlock.sys:
     Verified: Unsigned
     File date: 4:25 PM 4/22/2007
     Publisher: SafeBoot International
     Description: SafeBoot Reserved Files Lock Driver
     Product: SafeBoot Security System
     Version: 5, 0, 4, 0
     File version: 5, 0, 4, 0
    c:\windows\maxdriver\SafeBoot.sys:
     Verified: Unsigned
     File date: 4:24 PM 4/22/2007
     Publisher: SafeBoot International
     Description: SafeBoot Encryption Driver
     Product: SafeBoot Security System
     Version: 5, 0, 4, 0
     File version: 5, 0, 4, 0
    c:\windows\maxdriver\SbAlg.sys:
     Verified: Unsigned
     File date: 1:31 PM 10/9/2006
     Publisher: SafeBoot N.V.
     Description: SafeBoot FIPS AES Algorithm (256 bit)
     Product: SafeBoot Security System
     Version: 4, 2, 9, 0
     File version: 4, 2, 9, 0
    c:\windows\maxdriver\SbHiber.sys:
     Verified: Unsigned
     File date: 1:25 PM 12/18/2006
     Publisher: SafeBoot International
     Description: SafeBoot Hibernation Filter
     Product: SafeBoot Security System
     Version: 5, 0, 1, 0
     File version: 5, 0, 1, 0
    c:\windows\maxdriver\StarOpen.sys:
     Verified: Unsigned
     File date: 5:26 PM 10/25/2007
     Publisher: n/a
     Description: n/a
     Product: n/a
     Version: n/a
     File version: n/a
    --------- system32\drivers unsigned files ---------
    c:\windows\system32\drivers\CdpPacket.sys:
     Verified: Unsigned
     File date: 1:45 PM 4/15/2005
     Publisher: Cisco Systems
     Description: CdpPacket.sys
     Product: Cisco IP Communicator
     Version: 1,1,4,0
     File version: 1.01
    c:\windows\system32\drivers\cdr4_xp.sys:
     Verified: Unsigned
     File date: 3:00 AM 8/19/2005
     Publisher: Sonic Solutions
     Description: CDR4 CD and DVD Place Holder Driver (see PxHelp)
     Product: Drag-to-Disc
     Version: 8.0.0.212 
     File version: 8.0.0.212 
    c:\windows\system32\drivers\cdralw2k.sys:
     Verified: Unsigned
     File date: 3:00 AM 8/19/2005
     Publisher: Sonic Solutions
     Description: CDRAL Place Holder Driver (see PxHelp)
     Product: Drag-to-Disc
     Version: 8.0.0.212 
     File version: 8.0.0.212 
    c:\windows\system32\drivers\Cpmt.sys:
     Verified: Unsigned
     File date: 1:45 PM 4/15/2005
     Publisher: Cisco Systems, Inc.
     Description: Cpmt.sys
     Product: Cisco IP Communicator
     Version: 1,1,4,0
     File version: 1.0.0.96
    c:\windows\system32\drivers\CVPNDRVA.sys:
     Verified: Unsigned
     File date: 10:26 AM 12/2/2003
     Publisher: Cisco Systems, Inc.
     Description: Cisco Systems VPN Client IPSec Driver
     Product: Cisco Systems VPN Client
     Version: 4.0.3 (C)
     File version: 4.0.3 (C)
    c:\windows\system32\drivers\eacfilt.sys:
     Verified: Unsigned
     File date: 6:15 PM 9/5/2008
     Publisher: Nortel Networks
     Description: NDIS Filter Intermediate Driver
     Product: Filter Driver for CVC
     Version: 07,01,0,330
     File version: 07,01,0,330
    c:\windows\system32\drivers\GUCI_AVS.sys:
     Verified: Unsigned
     File date: 5:42 PM 12/5/2008
     Publisher: PixArt Imaging Incorporation
     Description: Generic USB Controller Interface (AVS)
     Product: Generic USB Controller Interface (AVS)
     Version: 0000.0000.0000.0000
     File version: 0001.0033.2008.1204
    c:\windows\system32\drivers\ipsecw2k.sys:
     Verified: Unsigned
     File date: 6:15 PM 9/5/2008
     Publisher: Nortel Networks NA, Inc.
     Description: Contivity VPN Client Adapter
     Product: Contivity VPN Client
     Version: 07,01,0,330
     File version: 07,01,0,330
    c:\windows\system32\drivers\NX58xx98.sys:
     Verified: Unsigned
     File date: 12:05 PM 6/17/2006
     Publisher: NEXIA DEVICE     
     Description: USB Mass Storage Driver
     Product: USB Mass Storage Driver
     Version: 5.00.1868.1
     File version: 5.00.1868.1
    c:\windows\system32\drivers\pxhelp20.sys:
     Verified: Unsigned
     File date: 3:00 AM 8/19/2005
     Publisher: Sonic Solutions
     Description: Px Engine Device Driver for Windows 2000/XP
     Product: PxHelp20
     Version: n/a
     File version: 3.00.09a
    c:\windows\system32\drivers\rsvlock.sys:
     Verified: Unsigned
     File date: 4:25 PM 4/22/2007
     Publisher: SafeBoot International
     Description: SafeBoot Reserved Files Lock Driver
     Product: SafeBoot Security System
     Version: 5, 0, 4, 0
     File version: 5, 0, 4, 0
    c:\windows\system32\drivers\SafeBoot.sys:
     Verified: Error accessing file
     Publisher: n/a
     Description: n/a
     Product: n/a
     Version: n/a
     File version: n/a
    c:\windows\system32\drivers\SbAlg.sys:
     Verified: Unsigned
     File date: 1:31 PM 10/9/2006
     Publisher: SafeBoot N.V.
     Description: SafeBoot FIPS AES Algorithm (256 bit)
     Product: SafeBoot Security System
     Version: 4, 2, 9, 0
     File version: 4, 2, 9, 0
    c:\windows\system32\drivers\SbHiber.sys:
     Verified: Unsigned
     File date: 1:25 PM 12/18/2006
     Publisher: SafeBoot International
     Description: SafeBoot Hibernation Filter
     Product: SafeBoot Security System
     Version: 5, 0, 1, 0
     File version: 5, 0, 1, 0
    c:\windows\system32\drivers\sptd.sys:
     Verified: Error accessing file
     Publisher: n/a
     Description: n/a
     Product: n/a
     Version: n/a
     File version: n/a
    c:\windows\system32\drivers\StarOpen.sys:
     Verified: Unsigned
     File date: 5:26 PM 10/25/2007
     Publisher: n/a
     Description: n/a
     Product: n/a
     Version: n/a
     File version: n/a
    
     
  15. schrauber

    schrauber

    Joined:
    Apr 25, 2010
    Messages:
    77
    Hi,

    Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

    How to see hidden files in Windows

    Please click this link-->Jotti

    When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

    c:\windows\maxdriver\StarOpen.sys

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919106

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice