First post - Extremely Slow PC - Slow too boot

**jinxie** · 2011-10-13, 04:56

Looks like your on to something........

C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\10\4c562fca-6e4c15a0 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\24\6bc5ba98-231fee52 Java/TrojanDownloader.Agent.NCH trojan
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\27\6184729b-52f19969 a variant of Java/TrojanDownloader.OpenStream.NAD trojan
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-1fa47184 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-672b7cb7 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\50\170b44f2-5a97472e multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\55\7fcb7137-38f9b8f7 multiple threats
C:\Documents and Settings\Derek Smith\Application Data\Sun\Java\Deployment\cache\6.0\9\58413909-15bed7d5 multiple threats
C:\Qoobox\Quarantine\MBR_HardDisk0.mbr Win32/Mebroot.mbr trojan

**ken545** · 2011-10-13, 10:13

That file in Qoobox is a back up of what Combofix removed, it will be removed when where done.

Download TFC to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Things running any better ??

**jinxie** · 2011-10-14, 05:17

Doesnt really seem to be any better
Still over 6 minutes to boot snd get a webpage up.
Navigating from 1 page to another seems to stall at times or load like I am on dial up!

**ken545** · 2011-10-14, 11:17

Lets take another look

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**jinxie** · 2011-10-15, 00:45

OTL logfile created on: 10/14/2011 5:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Derek Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 246.77 Mb Available Physical Memory | 49.09% Memory free
1.20 Gb Paging File | 0.63 Gb Available in Paging File | 52.35% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 5.03 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive E: | 184.06 Gb Total Space | 174.35 Gb Free Space | 94.73% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 9.38 Gb Free Space | 4.03% Space Free | Partition Type: NTFS

Computer Name: DEREK-FC4F55BE8 | User Name: Derek Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Derek Smith\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Soluto\Soluto.exe (Soluto)
PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Cobian Backup 8\cbService.exe (Luis Cobian)
PRC - C:\Program Files\Cobian Backup 8\cbInterface.exe (Luis Cobian)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe (Cisco Linksys Corporation)
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe ()
PRC - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\ac92806d5bd508eb25f1b4b73a36b101\System.ComponentModel.DataAnnotations.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\3e6deccf191ab943d3a0812a38ab5c97\CustomMarshalers.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\b065bdac30c4853790103d3f3b0317ee\SolutoCleanup.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\30dd7a3909392dedfe0721b1c913c37b\PCGDataAggregation.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\1b3aa745978c2531ac8f575960b49dee\PCGBootVisualizingCore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\a02970cffc1a8eaa7b672d55c5cf160e\PCGCatalogItemFootprint.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\f6d13459040395256c1b3137b92f5bba\PCGBrowsersProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\156eea244fece7de30542de2a3c8615a\PCGSAProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\901dec7e394a72f2b7d4fa8157ac3ed0\PCGCatalogItemCache.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\e855b800294d3af8bbd10ae3839ac9ee\PCGEntities.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\80172403815b85642b35493b1e53de8b\PCGClientCommunication.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\a0fd73a2fac5e0da3ad02245c516f61d\SolutoUpdateService.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\39d4e958987d22e760e3547547f9c8fb\PCGUpgrader.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\1989f9c13c38c15d29b2e013b035e832\SolutoService.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\cf91c87a7e084c21452a137155a2faac\PCGPostBootResources.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\24ea9baf99fca6492cfe1c11b682f594\PCGHIDProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\3a757b474ff7d7d0a8cf5ac2a301b538\PCGRSPProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\7e0f151afe2970214d839f9858ed7dc9\PCGWuInfo.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\f36a967ddaae73774dfb7e3df7c95013\Community.CsharpSqlite.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\d1b78475fd571b27e9f55dd9f2a5cb24\Interop.IWshRuntimeLibrary.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\15e14a756dded9948ec6a64090872862\PCGUsersCenter.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\48be7079613a5d63aa6a8f6dc0471916\PCGClientCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\93e6a01d6e72dda85535e07b1ebbbd19\PCGBootVisualizingCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\e6b7ddd114bb107c62b3765e3783d58c\PCGConfiguration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\f0a3fccd64c2e64230e2faccbfc9fa16\System.Data.SqlServerCe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\493425aa684912a818021247467340ad\PCGDatabase.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\c21038a6a39882d1d3cd40bb3be37563\PCGAzureEntityFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\03d0c233f6ad40357653fa2da1ed7a15\PCGAzureShared.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\4c888646aab4b2e2d8c9b9e06f5893bf\PCGCommunication.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\27466aa034b75bd0c5f33f30c881b213\PCGDriverProbe.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\564d94b932dcadc754d0105ba7818a9d\PCGPreCompiled.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\8f5a0356dff1279ff87d91738f01da95\Ionic.Zip.Reduced.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\69792bef8a100a055db88848836a7d88\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\8efcd633af87989355382b5039f1b7df\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\06a6f0f39875ca13b294b0a6f043044a\Newtonsoft.Json.Net35.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\474a341340f687bcbd7777f2820a8c7a\SMDiagnostics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\566b2e11e7f3f6d973b17b86cf42f9bc\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\e5ada332a9bc3c982e6aede6ba354196\System.Data.Services.Client.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\768e9578c2b7dc7ac2739c2b1abd2ca4\PCGFramework.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\481df6175ebb6e107ae02626c80e2045\Soluto.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\d96a94076acb8e0c5a96a1b2de4b3a7a\System.Data.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\d507b9e0e50e453793ee5e01c07a5485\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_808979e5\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9591fd0f\system.drawing.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_da606181\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_29c3d1f5\system.windows.forms.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_2332c06a\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\Soluto\PCGDllExportInspector.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll ()
MOD - c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll ()
MOD - c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll ()
MOD - c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll ()
MOD - c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll ()
MOD - c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll ()
MOD - c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll ()
MOD - c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll ()
MOD - c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll ()
MOD - c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll ()
MOD - c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll ()
MOD - c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll ()
MOD - c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll ()
MOD - c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll ()
MOD - c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll ()
MOD - c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll ()
MOD - c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll ()
MOD - c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll ()
MOD - c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll ()
MOD - c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll ()
MOD - c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll ()
MOD - c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll ()
MOD - c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll ()
MOD - c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll ()
MOD - c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll ()
MOD - c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll ()
MOD - c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll ()
MOD - c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll ()
MOD - c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Program Files\Winamp\winampa.exe ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll ()
MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll ()
MOD - c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\Security.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe ()
MOD - C:\WINDOWS\system32\GTW32N50.dll ()
MOD - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\GEMWEP.DLL ()

========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv2SVC) -- File not found
SRV - (HidServ) -- File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (CobBMService) -- C:\Program Files\Cobian Backup 8\cbService.exe (Luis Cobian)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (AresChatServer) -- C:\Program Files\Ares\chatServer.exe (Ares Development Group)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (Soluto) -- C:\WINDOWS\system32\DRIVERS\Soluto.sys (Soluto LTD.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\WUSB20XP.sys (Cisco-Linksys, LLC.)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weatheroffice.gc.ca/city/..._metric_e.html
IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\..\URLSearchHook: {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2052111302-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5BC50DED-5B37-4A44-BCE0-C4F09CE25053}: C:\Documents and Settings\Derek Smith\Local Settings\Application Data\{5BC50DED-5B37-4A44-BCE0-C4F09CE25053} [2008/12/06 01:54:07 | 000,000,000 | ---D | M]

[2009/09/13 09:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derek Smith\Application Data\Mozilla\Extensions
[2009/09/13 09:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Derek Smith\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/12/04 23:39:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/12/05 18:16:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (SuperPoke Pets Toolbar) - {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SuperPoke Pets Toolbar) - {84e53b2b-b8f6-4b9a-ab0c-fc293d0f7a45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\..\Toolbar\WebBrowser: (SuperPoke Pets Toolbar) - {84E53B2B-B8F6-4B9A-AB0C-FC293D0F7A45} - C:\Program Files\SuperPoke_Pets\prxtbSup0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cobian Backup 8 interface] C:\Program Files\Cobian Backup 8\cbInterface.exe (Luis Cobian)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKU\S-1-5-21-2052111302-861567501-725345543-1003..\Run: [AROReminder] C:\Program Files\ARO 2011\aro.exe (Support.com)
O4 - HKU\S-1-5-21-2052111302-861567501-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player...erAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/...oUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254 142.161.130.154
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F268CEC-6ADF-4F70-85A7-BC3096970FFD}: DhcpNameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F81828-0E93-4D57-B509-713BFB34BF34}: DhcpNameServer = 192.168.100.254 142.161.130.154
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) -C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Derek Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Derek Smith\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/10 14:47:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdeletesprestrt)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 17:18:11 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\OTL.exe
[2011/10/13 21:26:43 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\TFC.exe
[2011/10/12 19:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/12 18:38:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/12 07:31:52 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derek Smith\Desktop\TDSSKiller.exe
[2011/10/10 23:03:55 | 004,253,235 | R--- | C] (Swearware) -- C:\Documents and Settings\Derek Smith\Desktop\ComboFix.exe
[2011/10/10 10:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Derek Smith\Application Data\Sammsoft
[2011/10/10 10:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2011
[2011/10/10 10:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2011
[2011/10/10 10:38:40 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Derek Smith\Desktop\aswMBR.exe
[2011/10/07 22:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/10/07 22:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/10/07 22:06:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Derek Smith\Desktop\erunt-setup.exe
[2011/09/26 11:41:20 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files - Modified Within 30 Days ==========

[2011/10/14 17:18:16 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\OTL.exe
[2011/10/13 21:38:21 | 000,020,160 | ---- | M] () -- C:\WINDOWS\System32\.rsp
[2011/10/13 21:38:21 | 000,001,574 | ---- | M] () -- C:\WINDOWS\System32\.lck
[2011/10/13 21:36:11 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/13 21:36:11 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/13 21:35:14 | 000,001,110 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\Live PC Help.lnk
[2011/10/13 21:34:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/13 21:30:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/13 21:26:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Derek Smith\Desktop\TFC.exe
[2011/10/13 14:09:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/12 18:37:23 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Derek Smith\Desktop\TDSSKiller.exe
[2011/10/12 03:33:33 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/12 03:06:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/10 23:03:58 | 004,253,235 | R--- | M] (Swearware) -- C:\Documents and Settings\Derek Smith\Desktop\ComboFix.exe
[2011/10/10 10:44:36 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\Check PC For Errors.lnk
[2011/10/10 10:44:36 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/10/10 10:40:21 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\Derek Smith\default.pls
[2011/10/10 10:40:16 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/10 10:39:37 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\MBR.dat
[2011/10/10 10:38:43 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Derek Smith\Desktop\aswMBR.exe
[2011/10/10 10:35:41 | 000,459,264 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\CKScanner.exe
[2011/10/07 22:36:44 | 000,151,552 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/07 22:22:05 | 000,003,670 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\Attach.zip
[2011/10/07 22:06:36 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\NTREGOPT.lnk
[2011/10/07 22:06:36 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Derek Smith\Desktop\ERUNT.lnk
[2011/10/07 22:06:22 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Derek Smith\Desktop\erunt-setup.exe
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2011/09/26 11:41:20 | 000,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll
[2011/09/26 11:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll
[2011/09/26 11:41:14 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

========== Files Created - No Company Name ==========

[2011/10/13 21:35:11 | 000,001,110 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\Live PC Help.lnk
[2011/10/10 10:44:36 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\Check PC For Errors.lnk
[2011/10/10 10:44:36 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2011/10/10 10:39:37 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\MBR.dat
[2011/10/10 10:35:33 | 000,459,264 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\CKScanner.exe
[2011/10/07 22:22:05 | 000,003,670 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\Attach.zip
[2011/10/07 22:06:36 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\NTREGOPT.lnk
[2011/10/07 22:06:36 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Desktop\ERUNT.lnk
[2011/07/26 20:10:00 | 000,205,832 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/07/26 20:06:56 | 000,000,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2011/01/23 14:56:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\RSoftInfo.dat
[2010/12/05 13:57:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/05 13:57:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/05 13:57:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/05 13:57:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/05 13:57:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/03 16:28:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/20 10:02:45 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\kodakpcd.ini
[2009/11/08 21:51:12 | 000,117,094 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/09/12 18:57:55 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2009/09/12 18:57:51 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2009/09/12 18:57:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2009/09/12 18:57:17 | 000,001,512 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2008/10/21 19:13:44 | 000,000,818 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/21 19:11:00 | 000,159,851 | ---- | C] () -- C:\WINDOWS\System32\ProTSEAddIn.dll
[2008/07/20 23:52:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\webica.ini
[2008/06/11 09:20:33 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/05/16 11:58:04 | 000,012,632 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2008/01/20 21:18:12 | 000,116,912 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2008/01/20 21:18:11 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2007/12/23 19:28:07 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/10 21:55:21 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/30 01:51:57 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007/11/30 01:33:29 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/30 01:33:29 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\vidccleaner.exe
[2007/11/30 00:36:07 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/11/30 00:36:07 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007/11/26 20:34:49 | 000,151,552 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/22 16:02:41 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\lgbskin.dll
[2007/11/22 16:02:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\lgbTrace.dll
[2007/11/22 16:01:46 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\ver.ini
[2007/11/19 21:18:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Application Data\AVSDVDPlayer.m3u
[2007/11/16 20:59:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\PickList.ini
[2007/11/16 20:59:04 | 000,034,644 | ---- | C] () -- C:\WINDOWS\sk5.ini
[2007/11/16 20:58:52 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2007/11/15 00:06:34 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Derek Smith\Local Settings\Application Data\fusioncache.dat
[2007/11/14 22:53:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/11/10 15:11:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/10 15:06:26 | 000,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2007/11/10 15:04:28 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2007/11/10 14:56:50 | 000,003,161 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/11/10 14:56:46 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/11/10 14:50:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/11/10 14:43:26 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/11/10 08:36:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/11/10 08:35:08 | 000,211,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/19 19:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/18 04:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/05/05 18:19:28 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2005/08/31 16:07:47 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lgbsysinfo.dll.bak
[2004/09/01 10:49:17 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/18 01:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/11/21 22:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BeInSync Settings
[2007/11/17 22:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/01/06 17:42:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/07/26 20:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2011/02/15 19:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/28 21:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2011/01/14 19:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/24 20:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/01 23:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/04/28 20:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\AVG7
[2011/09/25 07:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\BitTorrent
[2008/09/01 09:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\DNA
[2008/07/20 23:55:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\ICAClient
[2007/11/30 01:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\Leadertech
[2010/08/16 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\LimeWire
[2011/10/10 10:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\Sammsoft
[2009/10/01 06:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\Skinux
[2008/01/07 21:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Derek Smith\Application Data\SmartDraw
[2007/11/17 22:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91730504
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:77D98D08

< End of report >

**jinxie** · 2011-10-15, 00:46

OTL Extras logfile created on: 10/14/2011 5:20:31 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Derek Smith\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.73 Mb Total Physical Memory | 246.77 Mb Available Physical Memory | 49.09% Memory free
1.20 Gb Paging File | 0.63 Gb Available in Paging File | 52.35% Paging File free
Paging file location(s): c:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.82 Gb Total Space | 5.03 Gb Free Space | 10.29% Space Free | Partition Type: NTFS
Drive E: | 184.06 Gb Total Space | 174.35 Gb Free Space | 94.73% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 9.38 Gb Free Space | 4.03% Space Free | Partition Type: NTFS

Computer Name: DEREK-FC4F55BE8 | User Name: Derek Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2917:TCP" = 2917:TCP:*:Enabled:Services
"4334:TCP" = 4334:TCP:*:Enabled:Services
"3225:TCP" = 3225:TCP:*:Enabled:Services
"4950:TCP" = 4950:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2917:TCP" = 2917:TCP:*:Enabled:Services
"4334:TCP" = 4334:TCP:*:Enabled:Services
"3225:TCP" = 3225:TCP:*:Enabled:Services
"4950:TCP" = 4950:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Disabled:Ares p2p for windows -- (Ares Development Group)
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe:*:Enabled:NMBgMonitor -- (Nero AG)
"C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe:*:Enabled:hpqimzone -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" = C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE:*:Enabled:SUPERAntiSpyware -- (SUPERAntiSpyware.com)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Soluto\Soluto.exe" = C:\Program Files\Soluto\Soluto.exe:*:Enabled:Soluto Tray -- (Soluto)
"C:\Program Files\Soluto\SolutoService.exe" = C:\Program Files\Soluto\SolutoService.exe:*:Enabled:Soluto Service -- (Soluto)
"C:\Program Files\Soluto\SolutoConsole.exe" = C:\Program Files\Soluto\SolutoConsole.exe:*:Enabled:Soluto Console -- (Soluto)
"C:\Program Files\Soluto\SolutoUpdateService.exe" = C:\Program Files\Soluto\SolutoUpdateService.exe:*:Enabled:Soluto Update Service -- (Soluto)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A812500-2C7D-47C1-972D-D31022D4D635}" = Soluto
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Ultra Edition
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5F7DEDEA-27B3-4E06-BCDE-B371424C0032}" = ShopKey5
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{75B6C1BF-B98C-4B99-BD0D-CC9BF16C490D}" = Clifford Phonics
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32583DA-1E2B-4476-9244-A44D21221BC7}" = Propalms Connection Manager
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E25BC708-9133-49C5-BC6C-C82F4652EE73}" = Digimax S800
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Ares" = Ares 2.0.9
"ARO 2011_is1" = ARO 2011
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Elf Bowling 7 1-7 - The Last Insult" = Elf Bowling 7 1/7: The Last Insult
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA3100ISandPSA3000IS" = Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CobBackup8" = Cobian Backup 8
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"Dragon Tales" = Dragon Tales
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Basic
"LimeWire" = LimeWire 5.5.13
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"PowerISO" = PowerISO
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealAlt_is1" = Real Alternative 1.60
"Recover My Files_is1" = Recover My Files
"Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide
"SuperPoke_Pets Toolbar" = SuperPoke Pets Toolbar
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WTA-02313303-9287-496d-9ab3-437f0374602b" = Polar Bowler
"WTA-2e829f44-8483-4b04-baa0-42df5a5e1f0a" = Polar Golfer
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2011 4:31:19 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2011 4:31:19 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/24/2011 11:38:43 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application hpqimzone.exe, version 65.0.117.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/5/2011 11:48:33 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:56:11 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/8/2011 10:56:12 PM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application msimn.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/5/2011 8:13:35 AM | Computer Name = DEREK-FC4F55BE8 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2011 7:37:36 PM | Computer Name = DEREK-FC4F55BE8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/12/2011 7:37:36 PM | Computer Name = DEREK-FC4F55BE8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/12/2011 7:37:36 PM | Computer Name = DEREK-FC4F55BE8 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

[ System Events ]
Error - 10/7/2011 11:09:30 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WUSB54Gv2SVC service.

Error - 10/9/2011 11:46:44 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WUSB54Gv2SVC service.

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7031
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 5000
milliseconds: Restart the service.

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The ArcSoft Connect Daemon service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Cobian Backup 8 service service terminated unexpectedly. It has
done this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 10:26:57 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/13/2011 10:26:58 PM | Computer Name = DEREK-FC4F55BE8 | Source = Service Control Manager | ID = 7034
Description = The WUSB54Gv2SVC service terminated unexpectedly. It has done this
1 time(s).

< End of report >

**ken545** · 2011-10-15, 01:17

ARO 2011 <--Have you by chance cleaned your registry with this tool ?

Nothing jumping out at me

Lets try one more rootkit scanner

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

**jinxie** · 2011-10-17, 03:28

Web pages are very slow loading and navigating from 1 page to another. Not instantanious like before.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-10-16 20:26:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2500JB-55REA0 rev.20.00K20
Running: gmer.exe; Driver: C:\DOCUME~1\DEREKS~1\LOCALS~1\Temp\kwgcqpoc.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 488392068
Disk \Device\Harddisk0\DR0 PE file @ sector 488392090

---- EOF - GMER 1.0.15 ----

**ken545** · 2011-10-17, 09:57

Good Morning,

It looks like your Master Boot Record is infected but I want to ask someone else who specializes in this area to take a peak. Replacing the MBR can be tricky, we have had a lot of success with it but if the fix does fail it can leave your system unbootable.

This is what I need you to do.

1. What brand of computer is this ?
2. I see Combofix did not install a Recovery Console, did you opt out of this or did Combofix not prompt you to install one ?
3. Use a CD or a Thumb Drive and back up all your pictures and important documents.
4. Do you have your windows CD or the Recovery CD that came with your computer ?

**ken545** · 2011-10-17, 18:06

It looks like your MBR is infected, had other people take a peek at it.

Before we run the fix, when you ran aswMBR there should have been a MBR.dat file on your desktop, I would like you to submit it to Virus Total to be checked.

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\Documents and Settings\Derek Smith\Desktop\MBR.dat<--This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

Thread: First post - Extremely Slow PC - Slow too boot

Thread Tools

Display

Posting Permissions