PDA

View Full Version : First post - Extremely Slow PC - Slow too boot


jinxie
2011-10-08, 06:24
Thank in advance

PC is well over 5 minutes to boot and access a webpage.
Very slow when surfing and accessing programs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Derek Smith at 22:16:26 on 2011-10-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.73 [GMT -5:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 8\cbService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.weatheroffice.gc.ca/city/pages/mb-38_metric_e.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SuperPoke Pets Toolbar: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - c:\program files\superpoke_pets\prxtbSup0.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: SuperPoke Pets Toolbar: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - c:\program files\superpoke_pets\prxtbSup0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SuperPoke Pets Toolbar: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - c:\program files\superpoke_pets\prxtbSup0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Cobian Backup 8 interface] "c:\program files\cobian backup 8\cbInterface.exe" -service
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WUSB54Gv2] c:\program files\linksys wireless-g usb wireless network monitor\InvokeSvc3.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.100.254 142.161.130.154
TCP: Interfaces\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD} : DhcpNameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{39F81828-0E93-4D57-B509-713BFB34BF34} : DhcpNameServer = 192.168.100.254 142.161.130.154
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2011-7-26 51144]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-5 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 74480]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-5 66616]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2011-7-21 392224]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-26 08:41:09 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-21 16:33:54 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 22:19:02.73 ===============


8627
ken545
2011-10-09, 20:13
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.



Nothing jumping out at me on your log, do you download programs or music via the torrents ?


Looks like you dont have a whole lot of free space left on your hard drive, this can slow you down
C: is FIXED (NTFS) - 49 GiB total, 4.545 GiB free.



Lets run a few scans
Download CKScanner by askey127 from Here (http://downloads.malwareremoval.com/CKScanner.exe) & save it to your Desktop.
Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply





Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please


Post the logs from the above scanners, if they all wont fit in one reply than take as many replies as you need

1. CKScanner log
2. aswMBR log
3. Malwarebytes log
jinxie
2011-10-10, 20:38
Ok.....here we go......

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\zhu zhu pets\sounds\crack.ogg
scanner sequence 3.AP.11.BANAJF
----- EOF -----


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-10 10:38:43
-----------------------------
10:38:43.778 OS Version: Windows 5.1.2600 Service Pack 3
10:38:43.778 Number of processors: 1 586 0x401
10:38:43.778 ComputerName: DEREK-FC4F55BE8 UserName: Derek Smith
10:38:46.262 Initialize success
10:38:57.575 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
10:38:57.575 Disk 0 Vendor: WDC_WD2500JB-55REA0 20.00K20 Size: 238475MB BusType: 3
10:38:57.606 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
10:38:57.606 Disk 1 Vendor: WDC_WD2500JB-55REA0 20.00K20 Size: 238475MB BusType: 3
10:38:59.606 Disk 0 MBR read successfully
10:38:59.606 Disk 0 MBR scan
10:38:59.606 Disk 0 Windows XP default MBR code
10:38:59.606 Disk 0 scanning sectors +488392065
10:38:59.637 Disk 0 malicious Win32:MBRoot code @ sector 488392068 !
10:38:59.637 Disk 0 PE file @ sector 488392090 !
10:38:59.700 Disk 0 scanning C:\WINDOWS\system32\drivers
10:39:19.528 Service scanning
10:39:20.887 Modules scanning
10:39:29.372 Disk 0 trace - called modules:
10:39:29.903 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
10:39:29.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd19c0]
10:39:29.903 3 CLASSPNP.SYS[f8702fd7] -> nt!IofCallDriver -> \Device\00000060[0x82f72f18]
10:39:29.903 5 ACPI.sys[f8679620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f71030]
10:39:29.919 Scan finished successfully
10:39:37.825 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Derek Smith\Desktop\MBR.dat"
10:39:37.825 The log file has been saved successfully to "C:\Documents and Settings\Derek Smith\Desktop\aswMBR.txt"


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7917

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2011 11:31:30 AM
mbam-log-2011-10-10 (11-31-29).txt

Scan type: Quick scan
Objects scanned: 194380
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
ken545
2011-10-10, 20:55
Lets try this, thanks for the logs by the way :)

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
jinxie
2011-10-11, 07:34
ComboFix 11-10-10.04 - Derek Smith 10/10/2011 23:11:10.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.206 [GMT -5:00]
Running from: c:\documents and settings\Derek Smith\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\GuffinsEI
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-10 15:44 . 2011-10-10 15:44 -------- d-----w- c:\documents and settings\Derek Smith\Application Data\Sammsoft
2011-10-10 15:44 . 2011-10-10 15:44 -------- d-----w- c:\program files\ARO 2011
2011-10-08 03:06 . 2011-10-08 03:06 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2004-08-03 23:56 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 22:00 . 2010-12-05 03:35 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-26 08:41 . 2010-12-05 23:30 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-26 08:41 . 2010-12-05 23:30 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-21 16:33 . 2011-07-27 01:02 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2011-07-15 13:29 . 2004-08-03 22:15 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}"= "c:\program files\SuperPoke_Pets\prxtbSup0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
2011-01-17 14:54 175912 ----a-w- c:\program files\SuperPoke_Pets\prxtbSup0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}"= "c:\program files\SuperPoke_Pets\prxtbSup0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{84E53B2B-B8F6-4B9A-AB0C-FC293D0F7A45}"= "c:\program files\SuperPoke_Pets\prxtbSup0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"AROReminder"="c:\program files\ARO 2011\aro.exe" [2011-01-25 2312048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-12-14 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-12-14 118784]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Cobian Backup 8 interface"="c:\program files\Cobian Backup 8\cbInterface.exe" [2007-09-27 2425856]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"WUSB54Gv2"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-05 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-10-11 16:00 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdeletesprestrt
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqimzone.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERANTISPYWARE.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2917:TCP"= 2917:TCP:Services
"4334:TCP"= 4334:TCP:Services
"3225:TCP"= 3225:TCP:Services
"4950:TCP"= 4950:TCP:Services
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [7/26/2011 8:02 PM 51144]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/5/2010 6:30 PM 136360]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [7/21/2011 11:52 AM 392224]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 12:59 PM 206072]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.weatheroffice.gc.ca/city/pages/mb-38_metric_e.html
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = 0a000000
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = 01000000
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = 1a000000
uInternet Connection Wizard,ShellNext = 1a000000
uInternet Connection Wizard,ShellNext = Microsoft Corporation
uInternet Connection Wizard,ShellNext = MICROSO
uInternet Connection Wizard,ShellNext = 6.0.2600.0000
uInternet Connection Wizard,ShellNext = no
uInternet Connection Wizard,ShellNext = yes
uInternet Connection Wizard,ShellNext = \0
uInternet Connection Wizard,ShellNext = about:NoAdd-ons
uInternet Connection Wizard,ShellNext = about:SecurityRisk
uInternet Connection Wizard,ShellNext = 0 (0x0)
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.254 142.161.130.154
TCP: Interfaces\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: DhcpNameServer = 208.67.220.220,208.67.222.222
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-10 23:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-10-10 23:32:41
ComboFix-quarantined-files.txt 2011-10-11 04:32
ComboFix2.txt 2010-12-05 23:22
ComboFix3.txt 2010-12-05 19:24
.
Pre-Run: 5,173,444,608 bytes free
Post-Run: 6,289,915,904 bytes free
.
- - End Of File - - 4D080139ED62D26C8FE865A7CC339759
ken545
2011-10-11, 11:15
Good Morning

Step 1 | Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.
jinxie
2011-10-12, 04:54
Here it is...........

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd

Kernel Drivers (total 136):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8BC2000 \WINDOWS\system32\KDCOM.DLL
0xF8AD2000 \WINDOWS\system32\BOOTVID.dll
0xF8673000 ACPI.sys
0xF8BC4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8662000 pci.sys
0xF86C2000 isapnp.sys
0xF8C8A000 pciide.sys
0xF8942000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8BC6000 intelide.sys
0xF86D2000 MountMgr.sys
0xF8643000 ftdisk.sys
0xF8BC8000 dmload.sys
0xF861D000 dmio.sys
0xF894A000 PartMgr.sys
0xF86E2000 VolSnap.sys
0xF8605000 atapi.sys
0xF86F2000 disk.sys
0xF8702000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF85E5000 fltmgr.sys
0xF85D3000 sr.sys
0xF8712000 PxHelp20.sys
0xF85BC000 KSecDD.sys
0xF852F000 Ntfs.sys
0xF8502000 NDIS.sys
0xF8722000 Soluto.sys
0xF84E8000 Mup.sys
0xF7CB4000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF783F000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF782B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8A82000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7807000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8A8A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77E3000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF8762000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF8A92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8A9A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8772000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8BBA000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF8AA2000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF77CF000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8782000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8792000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF87A2000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF77AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8AAA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF771E000 \SystemRoot\system32\drivers\smwdm.sys
0xF76FA000 \SystemRoot\system32\drivers\portcls.sys
0xF87B2000 \SystemRoot\system32\drivers\drmk.sys
0xF8C04000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8E19000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF87C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF84C4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF76E3000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF87D2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF87E2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8AB2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF76D2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF87F2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8ABA000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8AC2000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76A2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8812000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8C08000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7644000 \SystemRoot\system32\DRIVERS\update.sys
0xF84A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8822000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEF577000 \SystemRoot\system32\drivers\ialmkchw.sys
0xEF559000 \SystemRoot\system32\drivers\ialmsbw.sys
0xF8842000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8C14000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF896A000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF8C16000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D7B000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C18000 \SystemRoot\System32\Drivers\Beep.SYS
0xF897A000 \SystemRoot\System32\drivers\vga.sys
0xF8C1A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C1C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8982000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF898A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF786B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEF4FE000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEF4A5000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEF47D000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEF45B000 \SystemRoot\System32\drivers\afd.sys
0xF8862000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8992000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF899A000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xEF40E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xF89A2000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEF3E3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEF373000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8872000 \SystemRoot\System32\Drivers\Fips.SYS
0xEF34D000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8882000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEE613000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF8C24000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF8922000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEE5FB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C4E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEF531000 \SystemRoot\System32\drivers\Dxapi.sys
0xF89DA000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D36000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF073000 \SystemRoot\System32\ialmdd5.DLL
0xBF0EF000 \SystemRoot\System32\ATMFD.DLL
0xEE4A4000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xEE490000 \SystemRoot\system32\DRIVERS\mdc8021x.sys
0xEE0A7000 \SystemRoot\system32\drivers\wdmaud.sys
0xEE1D4000 \SystemRoot\system32\drivers\sysaudio.sys
0xEDDA4000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8C82000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEDA2C000 \SystemRoot\system32\DRIVERS\srv.sys
0xF89AA000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xED747000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xED547000 \??\C:\WINDOWS\system32\GTNDIS5.SYS
0xED3D2000 \SystemRoot\System32\Drivers\HTTP.sys
0xF89D2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xED91C000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF89BA000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF8A4A000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF8A7A000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xED17A000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xEE09B000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xECC09000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xECA20000 \SystemRoot\system32\DRIVERS\WUSB20XP.sys
0xED0DA000 \??\C:\DOCUME~1\DEREKS~1\LOCALS~1\Temp\aswMBR.sys
0xF8C2A000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xF8972000 \??\C:\DOCUME~1\DEREKS~1\LOCALS~1\Temp\catchme.sys
0xEC6FA000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
772 C:\WINDOWS\system32\smss.exe
844 csrss.exe
868 C:\WINDOWS\system32\winlogon.exe
912 C:\WINDOWS\system32\services.exe
924 C:\WINDOWS\system32\lsass.exe
1088 C:\WINDOWS\system32\svchost.exe
1148 PresentationFontCache.exe
1180 svchost.exe
1324 C:\WINDOWS\system32\svchost.exe
1440 svchost.exe
1512 svchost.exe
1540 C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
1696 C:\Program Files\Soluto\Soluto.exe
1984 C:\WINDOWS\system32\spoolsv.exe
2028 C:\WINDOWS\system32\igfxtray.exe
2036 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2044 C:\WINDOWS\system32\hkcmd.exe
208 C:\Program Files\Cobian Backup 8\cbInterface.exe
300 C:\Program Files\PowerISO\PWRISOVM.EXE
548 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
596 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
608 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
640 C:\Program Files\Common Files\Java\Java Update\jusched.exe
684 C:\Program Files\iTunes\iTunesHelper.exe
712 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
720 C:\WINDOWS\system32\ctfmon.exe
752 svchost.exe
1300 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1472 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
968 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1500 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1640 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
1872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
172 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
312 C:\Program Files\Bonjour\mDNSResponder.exe
412 C:\Program Files\Cobian Backup 8\cbService.exe
816 C:\Program Files\Java\jre6\bin\jqs.exe
2400 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
2472 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2604 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2656 C:\WINDOWS\system32\svchost.exe
2696 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
2732 C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
2880 C:\Program Files\Canon\CAL\CALMAIN.exe
3584 C:\Program Files\iPod\bin\iPodService.exe
2096 alg.exe
336 C:\Program Files\Soluto\SolutoService.exe
3980 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
2904 C:\WINDOWS\system32\HPZipm12.exe
1804 C:\WINDOWS\explorer.exe
972 C:\Program Files\Internet Explorer\iexplore.exe
236 C:\Program Files\Internet Explorer\iexplore.exe
4072 C:\WINDOWS\system32\wscntfy.exe
3836 C:\Documents and Settings\Derek Smith\Local Settings\Temporary Internet Files\Content.IE5\MEWKTDSH\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000000c`34f2cc00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JB-55REA0, Rev: 20.00K20
PhysicalDrive1 Model Number: WDCWD2500JB-55REA0, Rev: 20.00K20

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
ken545
2011-10-12, 11:32
It looks like your MBR (Master Boot Record ) may be infected, thats a real sensitive area so lets run this other program first and see what it comes up with


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)
jinxie
2011-10-13, 02:39
18:37:40.0734 3632 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
18:37:41.0078 3632 ============================================================
18:37:41.0093 3632 Current date / time: 2011/10/12 18:37:41.0078
18:37:41.0093 3632 SystemInfo:
18:37:41.0093 3632
18:37:41.0093 3632 OS Version: 5.1.2600 ServicePack: 3.0
18:37:41.0093 3632 Product type: Workstation
18:37:41.0093 3632 ComputerName: DEREK-FC4F55BE8
18:37:41.0093 3632 UserName: Derek Smith
18:37:41.0093 3632 Windows directory: C:\WINDOWS
18:37:41.0093 3632 System windows directory: C:\WINDOWS
18:37:41.0093 3632 Processor architecture: Intel x86
18:37:41.0093 3632 Number of processors: 1
18:37:41.0093 3632 Page size: 0x1000
18:37:41.0093 3632 Boot type: Normal boot
18:37:41.0093 3632 ============================================================
18:37:42.0937 3632 Initialize success
18:37:50.0531 0808 ============================================================
18:37:50.0531 0808 Scan started
18:37:50.0531 0808 Mode: Manual;
18:37:50.0531 0808 ============================================================
18:37:51.0906 0808 Abiosdsk - ok
18:37:51.0953 0808 abp480n5 - ok
18:37:52.0015 0808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:37:52.0031 0808 ACPI - ok
18:37:52.0078 0808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:37:52.0140 0808 ACPIEC - ok
18:37:52.0171 0808 adpu160m - ok
18:37:52.0218 0808 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
18:37:52.0281 0808 aeaudio - ok
18:37:52.0328 0808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:37:52.0375 0808 aec - ok
18:37:52.0437 0808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:37:52.0437 0808 AFD - ok
18:37:52.0468 0808 Aha154x - ok
18:37:52.0500 0808 aic78u2 - ok
18:37:52.0531 0808 aic78xx - ok
18:37:52.0578 0808 AliIde - ok
18:37:52.0593 0808 amsint - ok
18:37:52.0656 0808 asc - ok
18:37:52.0687 0808 asc3350p - ok
18:37:52.0734 0808 asc3550 - ok
18:37:52.0812 0808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:37:52.0828 0808 AsyncMac - ok
18:37:52.0859 0808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:37:52.0859 0808 atapi - ok
18:37:52.0890 0808 Atdisk - ok
18:37:52.0953 0808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:37:52.0984 0808 Atmarpc - ok
18:37:53.0031 0808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:37:53.0078 0808 audstub - ok
18:37:53.0140 0808 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:37:53.0171 0808 avgio - ok
18:37:53.0234 0808 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:37:53.0234 0808 avgntflt - ok
18:37:53.0281 0808 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:37:53.0343 0808 avipbb - ok
18:37:53.0390 0808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:37:53.0437 0808 Beep - ok
18:37:53.0562 0808 catchme - ok
18:37:53.0625 0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:37:53.0656 0808 cbidf2k - ok
18:37:53.0687 0808 cd20xrnt - ok
18:37:53.0718 0808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:37:53.0750 0808 Cdaudio - ok
18:37:53.0812 0808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:37:53.0812 0808 Cdfs - ok
18:37:53.0859 0808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:37:53.0906 0808 Cdrom - ok
18:37:54.0046 0808 Changer - ok
18:37:54.0125 0808 CmdIde - ok
18:37:54.0171 0808 Cpqarray - ok
18:37:54.0203 0808 dac2w2k - ok
18:37:54.0234 0808 dac960nt - ok
18:37:54.0281 0808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:37:54.0296 0808 Disk - ok
18:37:54.0359 0808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:37:54.0468 0808 dmboot - ok
18:37:54.0515 0808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
18:37:54.0531 0808 dmio - ok
18:37:54.0546 0808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:37:54.0546 0808 dmload - ok
18:37:54.0609 0808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:37:54.0640 0808 DMusic - ok
18:37:54.0687 0808 dpti2o - ok
18:37:54.0718 0808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:37:54.0750 0808 drmkaud - ok
18:37:54.0812 0808 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:37:54.0812 0808 E100B - ok
18:37:54.0906 0808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:37:54.0968 0808 Fastfat - ok
18:37:55.0046 0808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:37:55.0078 0808 Fdc - ok
18:37:55.0140 0808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:37:55.0171 0808 Fips - ok
18:37:55.0218 0808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:37:55.0250 0808 Flpydisk - ok
18:37:55.0312 0808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:37:55.0312 0808 FltMgr - ok
18:37:55.0359 0808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:37:55.0390 0808 Fs_Rec - ok
18:37:55.0453 0808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:37:55.0453 0808 Ftdisk - ok
18:37:55.0515 0808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
18:37:55.0531 0808 GEARAspiWDM - ok
18:37:55.0578 0808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:37:55.0609 0808 Gpc - ok
18:37:55.0656 0808 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
18:37:55.0718 0808 GTNDIS5 - ok
18:37:55.0781 0808 hpn - ok
18:37:55.0843 0808 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:37:55.0890 0808 HPZid412 - ok
18:37:55.0921 0808 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:37:55.0968 0808 HPZipr12 - ok
18:37:56.0015 0808 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:37:56.0062 0808 HPZius12 - ok
18:37:56.0156 0808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:37:56.0171 0808 HTTP - ok
18:37:56.0203 0808 i2omgmt - ok
18:37:56.0218 0808 i2omp - ok
18:37:56.0281 0808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:37:56.0343 0808 i8042prt - ok
18:37:56.0390 0808 ialm (3db0a9c35a5cf76386aadceda014e5e6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
18:37:56.0421 0808 ialm - ok
18:37:56.0484 0808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:37:56.0515 0808 Imapi - ok
18:37:56.0593 0808 ini910u - ok
18:37:56.0656 0808 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:37:56.0656 0808 IntelIde - ok
18:37:56.0703 0808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:37:56.0750 0808 intelppm - ok
18:37:56.0796 0808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:37:56.0828 0808 Ip6Fw - ok
18:37:56.0906 0808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:37:56.0937 0808 IpFilterDriver - ok
18:37:57.0015 0808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:37:57.0046 0808 IpInIp - ok
18:37:57.0093 0808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:37:57.0109 0808 IpNat - ok
18:37:57.0156 0808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:37:57.0171 0808 IPSec - ok
18:37:57.0218 0808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:37:57.0218 0808 IRENUM - ok
18:37:57.0281 0808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:37:57.0281 0808 isapnp - ok
18:37:57.0312 0808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:37:57.0359 0808 Kbdclass - ok
18:37:57.0406 0808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:37:57.0468 0808 kmixer - ok
18:37:57.0546 0808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:37:57.0546 0808 KSecDD - ok
18:37:57.0609 0808 lbrtfdc - ok
18:37:57.0671 0808 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
18:37:57.0703 0808 MDC8021X - ok
18:37:57.0750 0808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:37:57.0781 0808 mnmdd - ok
18:37:57.0843 0808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:37:57.0875 0808 Modem - ok
18:37:57.0921 0808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:37:57.0953 0808 Mouclass - ok
18:37:58.0062 0808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:37:58.0062 0808 MountMgr - ok
18:37:58.0093 0808 mraid35x - ok
18:37:58.0156 0808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:37:58.0156 0808 MRxDAV - ok
18:37:58.0218 0808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:37:58.0234 0808 MRxSmb - ok
18:37:58.0312 0808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:37:58.0312 0808 Msfs - ok
18:37:58.0375 0808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:37:58.0390 0808 MSKSSRV - ok
18:37:58.0453 0808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:37:58.0468 0808 MSPCLOCK - ok
18:37:58.0531 0808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:37:58.0546 0808 MSPQM - ok
18:37:58.0593 0808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:37:58.0593 0808 mssmbios - ok
18:37:58.0640 0808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:37:58.0640 0808 Mup - ok
18:37:58.0750 0808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:37:58.0750 0808 NDIS - ok
18:37:58.0796 0808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:37:58.0796 0808 NdisTapi - ok
18:37:58.0843 0808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:37:58.0875 0808 Ndisuio - ok
18:37:58.0937 0808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:37:58.0984 0808 NdisWan - ok
18:37:59.0046 0808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:37:59.0046 0808 NDProxy - ok
18:37:59.0093 0808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:37:59.0093 0808 NetBIOS - ok
18:37:59.0140 0808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:37:59.0171 0808 NetBT - ok
18:37:59.0281 0808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:37:59.0281 0808 Npfs - ok
18:37:59.0343 0808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:37:59.0375 0808 Ntfs - ok
18:37:59.0421 0808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:37:59.0453 0808 Null - ok
18:37:59.0500 0808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:37:59.0531 0808 NwlnkFlt - ok
18:37:59.0593 0808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:37:59.0625 0808 NwlnkFwd - ok
18:37:59.0703 0808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:37:59.0718 0808 Parport - ok
18:37:59.0750 0808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:37:59.0750 0808 PartMgr - ok
18:37:59.0812 0808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:37:59.0843 0808 ParVdm - ok
18:37:59.0890 0808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:37:59.0890 0808 PCI - ok
18:37:59.0921 0808 PCIDump - ok
18:37:59.0984 0808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:37:59.0984 0808 PCIIde - ok
18:38:00.0031 0808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:38:00.0078 0808 Pcmcia - ok
18:38:00.0125 0808 PDCOMP - ok
18:38:00.0156 0808 PDFRAME - ok
18:38:00.0187 0808 PDRELI - ok
18:38:00.0218 0808 PDRFRAME - ok
18:38:00.0234 0808 perc2 - ok
18:38:00.0265 0808 perc2hib - ok
18:38:00.0359 0808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:38:00.0390 0808 PptpMiniport - ok
18:38:00.0468 0808 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys
18:38:00.0500 0808 PRISM_A02 - ok
18:38:00.0562 0808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:38:00.0593 0808 PSched - ok
18:38:00.0625 0808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:38:00.0671 0808 Ptilink - ok
18:38:00.0734 0808 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:38:00.0734 0808 PxHelp20 - ok
18:38:00.0765 0808 ql1080 - ok
18:38:00.0796 0808 Ql10wnt - ok
18:38:00.0828 0808 ql12160 - ok
18:38:00.0859 0808 ql1240 - ok
18:38:00.0890 0808 ql1280 - ok
18:38:00.0921 0808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:38:00.0937 0808 RasAcd - ok
18:38:01.0015 0808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:38:01.0062 0808 Rasl2tp - ok
18:38:01.0125 0808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:38:01.0140 0808 RasPppoe - ok
18:38:01.0171 0808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:38:01.0203 0808 Raspti - ok
18:38:01.0281 0808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:38:01.0281 0808 Rdbss - ok
18:38:01.0328 0808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:38:01.0343 0808 RDPCDD - ok
18:38:01.0406 0808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:38:01.0468 0808 rdpdr - ok
18:38:01.0531 0808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:38:01.0531 0808 RDPWD - ok
18:38:01.0609 0808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:38:01.0640 0808 redbook - ok
18:38:01.0750 0808 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:38:01.0796 0808 SASDIFSV - ok
18:38:01.0812 0808 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:38:01.0843 0808 SASENUM - ok
18:38:01.0875 0808 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:38:01.0921 0808 SASKUTIL - ok
18:38:02.0015 0808 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys
18:38:02.0046 0808 SCDEmu - ok
18:38:02.0140 0808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:38:02.0156 0808 Secdrv - ok
18:38:02.0234 0808 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:38:02.0250 0808 serenum - ok
18:38:02.0296 0808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:38:02.0343 0808 Serial - ok
18:38:02.0421 0808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:38:02.0453 0808 Sfloppy - ok
18:38:02.0515 0808 Simbad - ok
18:38:02.0578 0808 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys
18:38:02.0687 0808 smwdm - ok
18:38:02.0750 0808 Soluto (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
18:38:02.0750 0808 Soluto - ok
18:38:02.0796 0808 Sparrow - ok
18:38:02.0859 0808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:38:02.0890 0808 splitter - ok
18:38:02.0968 0808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:38:02.0968 0808 sr - ok
18:38:03.0031 0808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:38:03.0046 0808 Srv - ok
18:38:03.0125 0808 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:38:03.0140 0808 ssmdrv - ok
18:38:03.0250 0808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:38:03.0265 0808 swenum - ok
18:38:03.0359 0808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:38:03.0406 0808 swmidi - ok
18:38:03.0437 0808 symc810 - ok
18:38:03.0484 0808 symc8xx - ok
18:38:03.0515 0808 sym_hi - ok
18:38:03.0546 0808 sym_u3 - ok
18:38:03.0609 0808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:38:03.0656 0808 sysaudio - ok
18:38:03.0734 0808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:38:03.0750 0808 Tcpip - ok
18:38:03.0796 0808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:38:03.0843 0808 TDPIPE - ok
18:38:03.0906 0808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:38:03.0921 0808 TDTCP - ok
18:38:03.0984 0808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:38:04.0015 0808 TermDD - ok
18:38:04.0078 0808 TosIde - ok
18:38:04.0140 0808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:38:04.0171 0808 Udfs - ok
18:38:04.0218 0808 ultra - ok
18:38:04.0281 0808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:38:04.0328 0808 Update - ok
18:38:04.0437 0808 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:38:04.0468 0808 USBAAPL - ok
18:38:04.0531 0808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:38:04.0562 0808 usbccgp - ok
18:38:04.0625 0808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:38:04.0656 0808 usbehci - ok
18:38:04.0703 0808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:38:04.0734 0808 usbhub - ok
18:38:04.0796 0808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:38:04.0828 0808 usbprint - ok
18:38:04.0890 0808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:38:04.0921 0808 usbscan - ok
18:38:05.0000 0808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:38:05.0000 0808 USBSTOR - ok
18:38:05.0062 0808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:38:05.0078 0808 usbuhci - ok
18:38:05.0140 0808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:38:05.0156 0808 VgaSave - ok
18:38:05.0187 0808 ViaIde - ok
18:38:05.0234 0808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:38:05.0234 0808 VolSnap - ok
18:38:05.0296 0808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:38:05.0312 0808 Wanarp - ok
18:38:05.0359 0808 WDICA - ok
18:38:05.0421 0808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:38:05.0453 0808 wdmaud - ok
18:38:05.0625 0808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:38:05.0656 0808 WudfPf - ok
18:38:05.0703 0808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:38:05.0734 0808 WudfRd - ok
18:38:05.0843 0808 {6080A529-897E-4629-A488-ABA0C29B635E} (9c4b8ead60c0ce09c0fcf49f6788bb19) C:\WINDOWS\system32\drivers\ialmsbw.sys
18:38:05.0890 0808 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
18:38:05.0937 0808 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (dfebdcc9e3678fad34b14867c47c1036) C:\WINDOWS\system32\drivers\ialmkchw.sys
18:38:06.0000 0808 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
18:38:06.0031 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:38:06.0218 0808 \Device\Harddisk0\DR0 - ok
18:38:06.0234 0808 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:38:06.0250 0808 \Device\Harddisk1\DR1 - ok
18:38:06.0281 0808 Boot (0x1200) (ab1736fc6632f41a2c260c13f2aa94ea) \Device\Harddisk0\DR0\Partition0
18:38:06.0281 0808 \Device\Harddisk0\DR0\Partition0 - ok
18:38:06.0296 0808 Boot (0x1200) (edebf617b266f44100175f3c7edc1aee) \Device\Harddisk0\DR0\Partition1
18:38:06.0296 0808 \Device\Harddisk0\DR0\Partition1 - ok
18:38:06.0296 0808 Boot (0x1200) (1680c3e452f374135df63d77ba2a5ec6) \Device\Harddisk1\DR1\Partition0
18:38:06.0312 0808 \Device\Harddisk1\DR1\Partition0 - ok
18:38:06.0312 0808 ============================================================
18:38:06.0312 0808 Scan finished
18:38:06.0312 0808 ============================================================
18:38:06.0343 3996 Detected object count: 0
18:38:06.0343 3996 Actual detected object count: 0
18:38:23.0968 2124 Deinitialize success
ken545
2011-10-13, 02:44
Your ok, no infection in that area

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
jinxie
2011-10-13, 05:56
Looks like your on to something........

C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\10\4c562fca-6e4c15a0 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\24\6bc5ba98-231fee52 Java/TrojanDownloader.Agent.NCH trojan
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-52f19969 a variant of Java/TrojanDownloader.OpenStream.NAD trojan
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-1fa47184 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-672b7cb7 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\50\170b44f2-5a97472e multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\55\7fcb7137-38f9b8f7 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\9\58413909-15bed7d5 multiple threats
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Mebroot.mbr trojan
ken545
2011-10-13, 11:13
That file in Qoobox is a back up of what Combofix removed, it will be removed when where done.


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean



Things running any better ??
jinxie
2011-10-14, 06:17
Doesnt really seem to be any better
Still over 6 minutes to boot snd get a webpage up.
Navigating from 1 page to another seems to stall at times or load like I am on dial up!
ken545
2011-10-14, 12:17
Lets take another look

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
jinxie
2011-10-15, 01:45
OTL logfile created on: 10/14/2011 5:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Derek Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 246.77 Mb Available Physical Memory | 49.09% Memory free
1.20 Gb Paging File | 0.63 Gb Available in Paging File | 52.35% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 5.03 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive E: | 184.06 Gb Total Space | 174.35 Gb Free Space | 94.73% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 9.38 Gb Free Space | 4.03% Space Free | Partition Type: NTFS

Computer Name: DEREK-FC4F55BE8 | User Name: Derek Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Derek Smith\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cobian Backup 8\cbService.exe (Luis Cobian)
PRC - C:\Program Files\Cobian Backup 8\cbInterface.exe (Luis Cobian)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe (Cisco Linksys Corporation)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe ()
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\b065bdac30c4853790103d3f3b0317ee\SolutoCleanup.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\30dd7a3909392dedfe0721b1c913c37b\PCGDataAggregation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\1b3aa745978c2531ac8f575960b49dee\PCGBootVisualizingCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\a02970cffc1a8eaa7b672d55c5cf160e\PCGCatalogItemFootprint.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\f6d13459040395256c1b3137b92f5bba\PCGBrowsersProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\156eea244fece7de30542de2a3c8615a\PCGSAProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\901dec7e394a72f2b7d4fa8157ac3ed0\PCGCatalogItemCache.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\e855b800294d3af8bbd10ae3839ac9ee\PCGEntities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\80172403815b85642b35493b1e53de8b\PCGClientCommunication.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\a0fd73a2fac5e0da3ad02245c516f61d\SolutoUpdateService.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\39d4e958987d22e760e3547547f9c8fb\PCGUpgrader.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\1989f9c13c38c15d29b2e013b035e832\SolutoService.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\cf91c87a7e084c21452a137155a2faac\PCGPostBootResources.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\24ea9baf99fca6492cfe1c11b682f594\PCGHIDProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\3a757b474ff7d7d0a8cf5ac2a301b538\PCGRSPProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\7e0f151afe2970214d839f9858ed7dc9\PCGWuInfo.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\f36a967ddaae73774dfb7e3df7c95013\Community.CsharpSqlite.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\d1b78475fd571b27e9f55dd9f2a5cb24\Interop.IWshRuntimeLibrary.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\15e14a756dded9948ec6a64090872862\PCGUsersCenter.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\48be7079613a5d63aa6a8f6dc0471916\PCGClientCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\93e6a01d6e72dda85535e07b1ebbbd19\PCGBootVisualizingCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\e6b7ddd114bb107c62b3765e3783d58c\PCGConfiguration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\f0a3fccd64c2e64230e2faccbfc9fa16\System.Data.SqlServerCe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\493425aa684912a818021247467340ad\PCGDatabase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\c21038a6a39882d1d3cd40bb3be37563\PCGAzureEntityFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\03d0c233f6ad40357653fa2da1ed7a15\PCGAzureShared.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\4c888646aab4b2e2d8c9b9e06f5893bf\PCGCommunication.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\27466aa034b75bd0c5f33f30c881b213\PCGDriverProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\564d94b932dcadc754d0105ba7818a9d\PCGPreCompiled.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\8f5a0356dff1279ff87d91738f01da95\Ionic.Zip.Reduced.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\06a6f0f39875ca13b294b0a6f043044a\Newtonsoft.Json.Net35.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\768e9578c2b7dc7ac2739c2b1abd2ca4\PCGFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\481df6175ebb6e107ae02626c80e2045\Soluto.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_808979e5\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9591fd0f\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_da606181\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_29c3d1f5\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2332c06a\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Soluto\PCGDllExportInspector.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv2SVC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (CobBMService) -- C:\Program Files\Cobian Backup 8\cbService.exe (Luis Cobian)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (AresChatServer) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Soluto) -- C:\WINDOWS\system32\DRIVERS\Soluto.sys (Soluto LTD.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\WUSB20XP.sys (Cisco-Linksys, LLC.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.gc.ca/city/pages/mb-38_metric_e.html
IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\..\URLSearchHook: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5BC50DED-5B37-4A44-BCE0-C4F09CE25053}: C:\Documents and Settings\Derek Smith\Local Settings\Application Data\{5BC50DED-5B37-4A44-BCE0-C4F09CE25053} [2008/12/06 01:54:07 | 000,000,000 | ---D | M]

[2009/09/13 09:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derek Smith\Application Data\Mozilla\Extensions
[2009/09/13 09:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derek Smith\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/04 23:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/05 18:16:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SuperPoke Pets Toolbar) - {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SuperPoke Pets Toolbar) - {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\..\Toolbar\WebBrowser: (SuperPoke Pets Toolbar) - {84E53B2B-B8F6-4B9A-AB0C-FC293D0F7A45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cobian Backup 8 interface] C:\Program Files\Cobian Backup 8\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\S-1-5-21-2052111302-861567501-725345543-1003..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - HKU\S-1-5-21-2052111302-861567501-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254 142.161.130.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: DhcpNameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F81828-0E93-4D57-B509-713BFB34BF34}: DhcpNameServer = 192.168.100.254 142.161.130.154
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) -C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Derek Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Derek Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/10 14:47:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdeletesprestrt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 17:18:11 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\OTL.exe
[2011/10/13 21:26:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\TFC.exe
[2011/10/12 19:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/12 18:38:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/12 07:31:52 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derek Smith\Desktop\TDSSKiller.exe
[2011/10/10 23:03:55 | 004,253,235 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek Smith\Desktop\ComboFix.exe
[2011/10/10 10:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek Smith\Application Data\Sammsoft
[2011/10/10 10:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/10/10 10:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/10/10 10:38:40 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Derek Smith\Desktop\aswMBR.exe
[2011/10/07 22:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/07 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/07 22:06:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Derek Smith\Desktop\erunt-setup.exe
[2011/09/26 11:41:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files - Modified Within 30 Days ==========

[2011/10/14 17:18:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\OTL.exe
[2011/10/13 21:38:21 | 000,020,160 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/10/13 21:38:21 | 000,001,574 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/10/13 21:36:11 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 21:36:11 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 21:35:14 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\Live PC Help.lnk
[2011/10/13 21:34:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/13 21:30:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 21:26:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\TFC.exe
[2011/10/13 14:09:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/12 18:37:23 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derek Smith\Desktop\TDSSKiller.exe
[2011/10/12 03:33:33 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 03:06:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 23:03:58 | 004,253,235 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek Smith\Desktop\ComboFix.exe
[2011/10/10 10:44:36 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\Check PC For Errors.lnk
[2011/10/10 10:44:36 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/10/10 10:40:21 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Derek Smith\default.pls
[2011/10/10 10:40:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/10 10:39:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\MBR.dat
[2011/10/10 10:38:43 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Derek Smith\Desktop\aswMBR.exe
[2011/10/10 10:35:41 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\CKScanner.exe
[2011/10/07 22:36:44 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 22:22:05 | 000,003,670 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\Attach.zip
[2011/10/07 22:06:36 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\NTREGOPT.lnk
[2011/10/07 22:06:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\ERUNT.lnk
[2011/10/07 22:06:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Derek Smith\Desktop\erunt-setup.exe
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files Created - No Company Name ==========

[2011/10/13 21:35:11 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\Live PC Help.lnk
[2011/10/10 10:44:36 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\Check PC For Errors.lnk
[2011/10/10 10:44:36 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/10/10 10:39:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\MBR.dat
[2011/10/10 10:35:33 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\CKScanner.exe
[2011/10/07 22:22:05 | 000,003,670 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\Attach.zip
[2011/10/07 22:06:36 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\NTREGOPT.lnk
[2011/10/07 22:06:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\ERUNT.lnk
[2011/07/26 20:10:00 | 000,205,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 20:06:56 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/23 14:56:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2010/12/05 13:57:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/05 13:57:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/05 13:57:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/05 13:57:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/05 13:57:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 16:28:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/20 10:02:45 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\kodakpcd.ini
[2009/11/08 21:51:12 | 000,117,094 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/09/12 18:57:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/09/12 18:57:51 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/12 18:57:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/12 18:57:17 | 000,001,512 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/10/21 19:13:44 | 000,000,818 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/21 19:11:00 | 000,159,851 | ---- | C] () -- C:\WINDOWS\System32\ProTSEAddIn.dll
[2008/07/20 23:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/06/11 09:20:33 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/01/20 21:18:12 | 000,116,912 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/01/20 21:18:11 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/12/23 19:28:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/10 21:55:21 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/30 01:51:57 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/11/30 01:33:29 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/30 01:33:29 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/11/30 00:36:07 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/30 00:36:07 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/11/26 20:34:49 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/22 16:02:41 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\lgbskin.dll
[2007/11/22 16:02:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\lgbTrace.dll
[2007/11/22 16:01:46 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\ver.ini
[2007/11/19 21:18:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Application Data\AVSDVDPlayer.m3u
[2007/11/16 20:59:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\PickList.ini
[2007/11/16 20:59:04 | 000,034,644 | ---- | C] () -- C:\WINDOWS\sk5.ini
[2007/11/16 20:58:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/11/15 00:06:34 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\fusioncache.dat
[2007/11/14 22:53:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/11/10 15:11:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/10 15:06:26 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/11/10 15:04:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/11/10 14:56:50 | 000,003,161 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/11/10 14:56:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/11/10 14:50:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/10 14:43:26 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/10 08:36:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/10 08:35:08 | 000,211,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 04:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/05 18:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/08/31 16:07:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lgbsysinfo.dll.bak
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/11/21 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeInSync Settings
[2007/11/17 22:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/01/06 17:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/07/26 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/02/15 19:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/28 21:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/01/14 19:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/24 20:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/01 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/04/28 20:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\AVG7
[2011/09/25 07:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\BitTorrent
[2008/09/01 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\DNA
[2008/07/20 23:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\ICAClient
[2007/11/30 01:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\Leadertech
[2010/08/16 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\LimeWire
[2011/10/10 10:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\Sammsoft
[2009/10/01 06:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\Skinux
[2008/01/07 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\SmartDraw
[2007/11/17 22:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91730504
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08

< End of report >
jinxie
2011-10-15, 01:46
OTL Extras logfile created on: 10/14/2011 5:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Derek Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 246.77 Mb Available Physical Memory | 49.09% Memory free
1.20 Gb Paging File | 0.63 Gb Available in Paging File | 52.35% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 5.03 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive E: | 184.06 Gb Total Space | 174.35 Gb Free Space | 94.73% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 9.38 Gb Free Space | 4.03% Space Free | Partition Type: NTFS

Computer Name: DEREK-FC4F55BE8 | User Name: Derek Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2917:TCP" = 2917:TCP:*:Enabled:Services
"4334:TCP" = 4334:TCP:*:Enabled:Services
"3225:TCP" = 3225:TCP:*:Enabled:Services
"4950:TCP" = 4950:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2917:TCP" = 2917:TCP:*:Enabled:Services
"4334:TCP" = 4334:TCP:*:Enabled:Services
"3225:TCP" = 3225:TCP:*:Enabled:Services
"4950:TCP" = 4950:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe:*:Enabled:NMBgMonitor -- (Nero AG)
"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Enabled:hpqimzone -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware -- (SUPERAntiSpyware.com)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A812500-2C7D-47C1-972D-D31022D4D635}" = Soluto
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5F7DEDEA-27B3-4E06-BCDE-B371424C0032}" = ShopKey5
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32583DA-1E2B-4476-9244-A44D21221BC7}" = Propalms Connection Manager
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E25BC708-9133-49C5-BC6C-C82F4652EE73}" = Digimax S800
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Ares" = Ares 2.0.9
"ARO 2011_is1" = ARO 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Elf Bowling 7 1-7 - The Last Insult" = Elf Bowling 7 1/7: The Last Insult
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CobBackup8" = Cobian Backup 8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Dragon Tales" = Dragon Tales
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
"LimeWire" = LimeWire 5.5.13
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealAlt_is1" = Real Alternative 1.60
"Recover My Files_is1" = Recover My Files
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SuperPoke_Pets Toolbar" = SuperPoke Pets Toolbar
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WTA-02313303-9287-496d-9ab3-437f0374602b" = Polar Bowler
"WTA-2e829f44-8483-4b04-baa0-42df5a5e1f0a" = Polar Golfer
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2011 4:31:19 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2011 4:31:19 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2011 11:38:43 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application hpqimzone.exe, version 65.0.117.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2011 11:48:33 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:56:11 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:56:12 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 8:13:35 AM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2011 7:37:36 PM | Computer Name = DEREK-FC4F55BE8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/12/2011 7:37:36 PM | Computer Name = DEREK-FC4F55BE8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/12/2011 7:37:36 PM | Computer Name = DEREK-FC4F55BE8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 10/7/2011 11:09:30 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WUSB54Gv2SVC service.

Error - 10/9/2011 11:46:44 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WUSB54Gv2SVC service.

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The ArcSoft Connect Daemon service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Cobian Backup 8 service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 10:26:58 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The WUSB54Gv2SVC service terminated unexpectedly. It has done this
1 time(s).


< End of report >
ken545
2011-10-15, 02:17
ARO 2011 <--Have you by chance cleaned your registry with this tool ?

Nothing jumping out at me

Lets try one more rootkit scanner

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
jinxie
2011-10-17, 04:28
Web pages are very slow loading and navigating from 1 page to another. Not instantanious like before.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-16 20:26:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500JB-55REA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\DEREKS~1\LOCALS~1\Temp\kwgcqpoc.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 488392068
Disk \Device\Harddisk0\DR0 PE file @ sector 488392090

---- EOF - GMER 1.0.15 ----
ken545
2011-10-17, 10:57
Good Morning,

It looks like your Master Boot Record is infected but I want to ask someone else who specializes in this area to take a peak. Replacing the MBR can be tricky, we have had a lot of success with it but if the fix does fail it can leave your system unbootable.

This is what I need you to do.

1. What brand of computer is this ?
2. I see Combofix did not install a Recovery Console, did you opt out of this or did Combofix not prompt you to install one ?
3. Use a CD or a Thumb Drive and back up all your pictures and important documents.
4. Do you have your windows CD or the Recovery CD that came with your computer ?
ken545
2011-10-17, 19:06
It looks like your MBR is infected, had other people take a peek at it.

Before we run the fix, when you ran aswMBR there should have been a MBR.dat file on your desktop, I would like you to submit it to Virus Total to be checked.

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\Documents and Settings\Derek Smith\Desktop\MBR.dat<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en
jinxie
2011-10-20, 02:12
http://virusscan.jotti.org/en/scanresult/9175bcab74191d0fb5b67cde1e18355a12b7e9f5
ken545
2011-10-20, 02:29
Cant help you if you dont help me :red:


This is what I need you to do.

1. What brand of computer is this ?
2. I see Combofix did not install a Recovery Console, did you opt out of this or did Combofix not prompt you to install one ?
3. Use a CD or a Thumb Drive and back up all your pictures and important documents.
4. Do you have your windows CD or the Recovery CD that came with your computer ?
jinxie
2011-10-20, 04:02
Missed that.....

1-not sure of brand. A friend of mine built it about 5 yrs ago. Do you need me to find out motherboard/cpu info?
2-I dont recall....I would have followed directions as instructed.
3-Probably need a day or so to do this step
4- No, my friend built the computer and i didnt get any discs or backup copies.
ken545
2011-10-20, 04:22
OK, thanks. Did you back up your data ? Are you still being redirected ?
ken545
2011-10-21, 12:35
This is what I would like you to do, we are sure your Master Boot Record is infected, after you back up all your data, drag Combofix to the trash and download a newly updated copy and run it and post the log.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
ken545
2011-10-25, 11:26
Still with me ?