[Resolved] I'm stumped major comp slow down, HijackThis log included

[sergei91]

The reason I re ran it was the original log file seemed to be incomplete. Now when i look the only log file I can find is the one above, there is no second logfile

[sergei91]

Three isn't even a combofix folder anymore!

[1972vet]

Copy and paste the following text in Bold into a blank Notepad:

@echo off
dir C:\qoobox >> look.txt
notepad look.txt
exit

Save this as showme.bat. Change the "save as type" to all files and save it to your Desktop.
Next, please double-click the showme.bat.

Please copy and paste the contents of look.txt in your next reply.
Thanks,

[1972vet]

Three isn't even a combofix folder anymore!

Thought I should comment on this. There isn't a combofix folder TO disappear. There is however, a qoobox folderf that is produced from the combofix scan. I erred in my indicator for the combofix2.txt log. It would be located inside the qoobox folder. The log at c:\ will always be named "combofix.txt" and will be the log from the most recent scan. Regardless, by following the last instruction, the log produced there should show what happened to the log. Thanks!

[sergei91]

Volume in drive C has no label.

Volume Serial Number is FCAD-4C5A

Directory of C:\qoobox

12/09/2011 03:22 PM <DIR> .

12/09/2011 03:22 PM <DIR> ..

12/09/2011 03:20 PM 14,706 Add-Remove Programs.txt

12/09/2011 01:01 PM <DIR> BackEnv

12/09/2011 03:22 PM 2,269 ComboFix-quarantined-files.txt

12/09/2011 01:04 PM <DIR> Quarantine

12/09/2011 03:20 PM 0 SnapShot@2011-12-09_23.19.35.dat

3 File(s) 16,975 bytes

4 Dir(s) 691,860,455,424 bytes free

I also found this in the qoobox folder you mentioned

2011-12-09 21:24:22 . 2011-12-09 21:24:22 932 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-TkBellExe.reg.dat

2011-12-09 21:24:22 . 2011-12-09 21:24:22 960 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SunJavaUpdateSched.reg .dat

2011-12-09 21:24:22 . 2011-12-09 21:24:22 520 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-RTHDCPL.reg.dat

2011-12-09 21:24:22 . 2011-12-09 21:24:22 922 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat

2011-12-09 21:24:22 . 2011-12-09 21:24:22 1,080 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PowerPanel Personal Edition User Interaction.reg.dat

2011-12-09 21:24:22 . 2011-12-09 21:24:22 858 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PlayOn.reg.dat

2011-12-09 21:24:21 . 2011-12-09 21:24:21 986 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-FlashPlayerUpdate.reg. dat

2011-12-09 21:24:21 . 2011-12-09 21:24:21 988 ----a-w-C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Reader Speed Launcher.reg.dat

2011-12-09 21:24:21 . 2011-12-09 21:24:21 558 ----a-w-C:\Qoobox\Quarantine\Registry_backups\SafeBoot-52598341.sys.reg.dat

2011-12-09 21:24:12 . 2011-12-09 21:24:12 116 ----a-w-C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-WD Button Manager.reg.dat

2011-12-09 21:09:25 . 2011-12-09 21:09:25 276 ----a-w-C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat

2011-12-09 21:09:06 . 2011-12-09 23:17:18 5,911 ----a-w-C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2011-12-09 20:58:50 . 2011-12-09 23:10:43 204 ----a-w-C:\Qoobox\Quarantine\catchme.log

2010-10-17 14:54:05 . 2010-10-17 15:09:50 3,979,680 ----a-w-C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\start\temp_BB40E0B5\flash.10.0.32.18.ocx.vir

2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w-C:\Qoobox\Quarantine\C\Install.exe.vir

2002-03-20 00:30:00 . 2002-03-20 00:30:00 5,528 ----a-w-C:\Qoobox\Quarantine\C\WINDOWS\system32\PowerToyReadme.htm.vir

[1972vet]

Please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


KILLALL::

folder::
C:\Documents and Settings\All Users\Application Data\F-Secure
C:\Program Files\Sophos
c:\program files\Adobe\Reader 9.0

rootkit::
C:\WINDOWS\DCEBoot.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JMNP.exe
C:\WINDOWS\system32\C.tmp
c:\windows\system32\drivers\avgarkt.sys
c:\windows\system32\drivers\AvgArCln.sys

file::
C:\Documents and Settings\Administrator\Local Settings\Application DataBITC.tmp
c:\windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe
c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe
c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe

driver::
JMNP
MEMSWEEP2
AVG Anti-Rootkit
AvgArCln
Akamai

dds::
Trusted Zone:
uRun: [Akamai NetSession Interface]
mRun: [<NO NAME>]
dRunOnce: [FlashPlayerUpdate]

registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\C.tmp"
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-
[HKEY_USERS\S-1-5-21-515967899-1647877149-725345543-500\Software\Microsoft\I
nternet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-

reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_USERS\S-1-5-21-515967899-1647877149-725345543-500\Software\Microsoft\I
nternet Explorer\User Preferences]

[sergei91]

ComboFix 11-12-10.01 - Administrator 12/10/2011  18:12:00.3.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3259.2224 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FILE ::
"c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe"
"C:\Documents and Settings\Administrator\Local Settings\Application DataBITC.tmp"
"c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe"
"c:\windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe"


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\F-Secure
C:\Documents and Settings\All Users\Application Data\F-Secure\Daas2\cert\fsc (revoke hq).crl
c:\program files\Adobe\Reader 9.0
c:\program files\Adobe\Reader 9.0\Reader\plug_ins3d\prc\AdobeFnt11.lst
c:\program files\Adobe\Reader 9.0\Resource\Font\AdobeFnt11.lst
C:\Program Files\Sophos
c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe
F:\My Documents\CFSscript.exe
F:\My Documents\CFStext.exe


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGARCLN
-------\Legacy_AVG_ANTI-ROOTKIT
-------\Legacy_JMNP
-------\Legacy_MEMSWEEP2
-------\Service_JMNP
-------\Service_MEMSWEEP2


(((((((((((((((((((((((((   Files Created from 2011-11-11 to 2011-12-11  )))))))))))))))))))))))))))))))


2011-12-09 19:39:59 . 2001-08-17 21:28:24   224802   -c--a-w-   C:\WINDOWS\system32\dllcache\usr1807a.sys
2011-12-09 19:38:59 . 2001-08-18 06:36:32   31744   -c--a-w-   C:\WINDOWS\system32\dllcache\tp4.dll
2011-12-09 19:37:59 . 2001-08-18 06:36:32   10240   -c--a-w-   C:\WINDOWS\system32\dllcache\swpdflt2.dll
2011-12-09 19:36:58 . 2001-08-17 20:10:28   35913   -c--a-w-   C:\WINDOWS\system32\dllcache\smcirda.sys
2011-12-09 19:35:53 . 2001-07-21 22:29:20   161568   -c--a-w-   C:\WINDOWS\system32\dllcache\sgsmusb.sys
2011-12-09 19:34:59 . 2001-08-17 22:56:04   182272   -c--a-w-   C:\WINDOWS\system32\dllcache\s3mt3d.dll
2011-12-09 19:33:59 . 2001-08-17 21:52:20   40320   -c--a-w-   C:\WINDOWS\system32\dllcache\ql1080.sys
2011-12-09 19:32:58 . 2001-08-17 20:11:22   30282   -c--a-w-   C:\WINDOWS\system32\dllcache\pcntn5hl.sys
2011-12-09 19:31:58 . 2001-08-17 20:50:18   198144   -c--a-w-   C:\WINDOWS\system32\dllcache\nv3.sys
2011-12-09 19:30:59 . 2001-08-17 22:56:02   35392   -c--a-w-   C:\WINDOWS\system32\dllcache\n9i128.dll
2011-12-09 19:29:40 . 2001-08-17 22:02:40   35200   -c--a-w-   C:\WINDOWS\system32\dllcache\msgame.sys
2011-12-09 19:29:38 . 2001-08-17 21:48:36   6016   -c--a-w-   C:\WINDOWS\system32\dllcache\msfsio.sys
2011-12-09 19:29:37 . 2008-04-13 18:46:10   51200   -c--a-w-   C:\WINDOWS\system32\dllcache\msdv.sys
2011-12-09 19:29:30 . 2001-08-17 21:52:12   17280   -c--a-w-   C:\WINDOWS\system32\dllcache\mraid35x.sys
2011-12-09 19:29:22 . 2008-04-13 18:46:22   15232   -c--a-w-   C:\WINDOWS\system32\dllcache\mpe.sys
2011-12-09 19:29:16 . 2001-08-17 21:57:38   16128   -c--a-w-   C:\WINDOWS\system32\dllcache\modemcsa.sys
2011-12-09 19:29:09 . 2001-08-17 21:52:50   6528   -c--a-w-   C:\WINDOWS\system32\dllcache\miniqic.sys
2011-12-09 19:29:05 . 2001-08-17 20:50:00   320384   -c--a-w-   C:\WINDOWS\system32\dllcache\mgaum.sys
2011-12-09 19:29:04 . 2001-08-17 22:56:02   235648   -c--a-w-   C:\WINDOWS\system32\dllcache\mgaud.dll
2011-12-09 19:29:02 . 2008-04-13 18:41:22   26112   -c--a-w-   C:\WINDOWS\system32\dllcache\memstpci.sys
2011-12-09 19:29:01 . 2001-08-18 06:36:20   47616   -c--a-w-   C:\WINDOWS\system32\dllcache\memgrp.dll
2011-12-09 19:27:54 . 2008-04-14 00:09:56   6144   -c--a-w-   C:\WINDOWS\system32\dllcache\kbd106.dll
2011-12-09 19:27:52 . 2001-08-17 22:55:56   5632   -c--a-w-   C:\WINDOWS\system32\dllcache\kbd103.dll
2011-12-09 19:27:50 . 2001-08-17 22:55:56   6144   -c--a-w-   C:\WINDOWS\system32\dllcache\kbd101c.dll
2011-12-09 19:27:48 . 2001-08-17 22:55:56   6144   -c--a-w-   C:\WINDOWS\system32\dllcache\kbd101b.dll
2011-12-09 19:27:42 . 2001-08-17 21:49:10   26624   -c--a-w-   C:\WINDOWS\system32\dllcache\irstusb.sys
2011-12-09 19:27:40 . 2001-08-17 21:51:32   18688   -c--a-w-   C:\WINDOWS\system32\dllcache\irsir.sys
2011-12-09 19:27:39 . 2001-08-17 21:49:04   23552   -c--a-w-   C:\WINDOWS\system32\dllcache\irmk7.sys
2011-12-09 19:27:33 . 2001-08-17 20:12:12   45632   -c--a-w-   C:\WINDOWS\system32\dllcache\ip5515.sys
2011-12-09 19:27:32 . 2001-08-18 06:36:18   90200   -c--a-w-   C:\WINDOWS\system32\dllcache\io8ports.dll
2011-12-09 19:27:30 . 2008-04-13 18:40:30   5504   -c--a-w-   C:\WINDOWS\system32\dllcache\intelide.sys
2011-12-09 19:27:30 . 2001-08-17 21:50:56   38784   -c--a-w-   C:\WINDOWS\system32\dllcache\io8.sys
2011-12-09 19:27:28 . 2001-08-17 21:47:50   13056   -c--a-w-   C:\WINDOWS\system32\dllcache\inport.sys
2011-12-09 19:27:26 . 2001-08-17 21:52:08   16000   -c--a-w-   C:\WINDOWS\system32\dllcache\ini910u.sys
2011-12-09 19:25:22 . 2001-08-17 21:28:12   488383   -c--a-w-   C:\WINDOWS\system32\dllcache\hsf_v124.sys
2011-12-09 19:24:59 . 2001-08-17 21:52:50   5760   -c--a-w-   C:\WINDOWS\system32\dllcache\hpt4qic.sys
2011-12-09 19:23:56 . 2001-08-17 20:15:02   442240   -c--a-w-   C:\WINDOWS\system32\dllcache\fpnpbase.sys
2011-12-09 19:22:59 . 2001-08-17 20:11:12   455199   -c--a-w-   C:\WINDOWS\system32\dllcache\el985n51.sys
2011-12-09 19:21:59 . 2001-08-17 20:17:20   29531   -c--a-w-   C:\WINDOWS\system32\dllcache\dgapci.sys
2011-12-09 19:20:59 . 2001-08-17 20:13:38   980034   -c--a-w-   C:\WINDOWS\system32\dllcache\cicap.sys
2011-12-09 19:19:36 . 2001-08-17 21:51:00   13824   -c--a-w-   C:\WINDOWS\system32\dllcache\bulltlp3.sys
2011-12-09 19:18:58 . 2001-08-17 22:55:58   96128   -c--a-w-   C:\WINDOWS\system32\dllcache\ati.dll
2011-12-09 19:17:30 . 2001-08-17 22:56:04   66048   -c--a-w-   C:\WINDOWS\system32\dllcache\s3legacy.dll
2011-12-08 03:15:30 . 2011-12-08 03:15:30   --------   d-----w-   C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2011-12-08 03:14:09 . 2011-12-08 03:14:09   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-12-08 03:13:44 . 2011-12-09 18:14:49   --------   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2011-12-07 08:50:06 . 2011-12-07 10:07:11   115369   ----a-w-   C:\WINDOWS\system32\drivers\klin.dat
2011-12-07 08:50:05 . 2011-12-07 10:07:08   97961   ----a-w-   C:\WINDOWS\system32\drivers\klick.dat
2011-12-07 08:41:38 . 2011-12-07 08:41:38   --------   d-----w-   C:\Program Files\Kaspersky Lab
2011-12-07 08:41:37 . 2011-12-11 02:30:51   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2011-12-07 08:29:07 . 2011-12-07 17:22:22   --------   d-----w-   C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE
2011-12-05 02:02:17 . 2011-12-09 19:06:48   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\SecTaskMan
2011-11-26 22:42:28 . 2011-12-06 19:37:14   --------   d-----w-   C:\kleaner.tmp
2011-11-26 22:32:06 . 2011-11-26 22:32:07   --------   d-----w-   C:\Program Files\iPod
2011-11-26 07:27:36 . 2011-11-26 16:13:08   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2011-11-26 07:25:24 . 2011-11-26 16:15:27   --------   d-----w-   C:\Program Files\Spybot - Search & Destroy 2
2011-11-25 23:39:43 . 2011-11-26 00:16:26   --------   d-----w-   C:\Documents and Settings\Scott
2011-11-25 23:10:52 . 2011-11-25 23:10:52   --------   d-----w-   C:\Western Digital
2011-11-25 22:57:17 . 2011-11-25 23:26:34   --------   d-----w-   C:\Documents and Settings\Scott's Home
2011-11-25 22:43:13 . 2011-11-25 22:43:13   --------   d-----w-   C:\WINDOWS\system32\wbem\Repository
2011-11-25 21:53:20 . 2011-11-25 22:41:55   --------   d-s---w-   C:\Documents and Settings\TEMP
2011-11-24 22:55:13 . 2011-11-24 22:55:13   0   ---h--w-   C:\Documents and Settings\Administrator\Local Settings\Application Data\BITC.tmp
2011-11-24 21:33:54 . 2011-10-08 04:50:00   298304   ------w-   C:\WINDOWS\system32\nvsvc32.exe
2011-11-24 21:33:54 . 2011-10-08 04:50:00   220992   ------w-   C:\WINDOWS\system32\nvcolor.exe
2011-11-24 21:33:49 . 2011-10-08 04:50:00   203072   ------w-   C:\WINDOWS\system32\nvmctray.dll
2011-11-24 21:33:49 . 2011-10-08 04:50:00   16744256   ------w-   C:\WINDOWS\system32\nvcpl.dll
2011-11-24 21:33:37 . 2011-10-08 04:50:00   602432   ------w-   C:\WINDOWS\system32\easyupdatusapiu.dll
2011-11-24 21:33:37 . 2011-10-08 04:50:00   54272   ------w-   C:\WINDOWS\system32\nvwddi.dll
2011-11-24 21:33:22 . 2011-11-24 21:33:31   285176   ------w-   C:\WINDOWS\system32\nvdrsdb0.bin
2011-11-24 21:33:21 . 2011-11-24 21:33:31   1   ------w-   C:\WINDOWS\system32\nvdrssel.bin
2011-11-24 21:33:21 . 2011-11-24 21:33:21   285176   ------w-   C:\WINDOWS\system32\nvdrsdb1.bin
2011-11-24 18:59:39 . 2011-11-24 18:59:42   --------   d-----w-   C:\Program Files\SystemRequirementsLab
2011-11-24 18:59:38 . 2011-11-24 18:59:38   --------   d-----w-   C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2011-11-19 22:21:56 . 2011-11-26 00:59:21   --------   d-----w-   C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com
2011-11-19 19:06:43 . 2011-12-04 21:50:33   --------   d-----w-   C:\Documents and Settings\All Users\Application Data\Carbonite
2011-11-19 19:06:43 . 2011-12-04 21:50:14   --------   d-----w-   C:\Program Files\Carbonite
.


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-15 18:28:45 . 2011-06-07 15:56:40   414368   ------w-   C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-10-16 03:32:06 . 2010-03-24 15:17:37   445016   ------w-   C:\WINDOWS\system32\wrap_oal.dll
2011-10-16 03:32:06 . 2010-03-24 15:17:37   109144   ------w-   C:\WINDOWS\system32\OpenAL32.dll
2011-10-10 14:22:41 . 2010-03-22 16:02:40   692736   ------w-   C:\WINDOWS\system32\inetcomm.dll
2011-10-03 13:06:03 . 2010-05-02 16:55:32   472808   ----a-w-   C:\WINDOWS\system32\deployJava1.dll
2011-10-03 10:37:52 . 2010-04-02 03:08:51   73728   ----a-w-   C:\WINDOWS\system32\javacpl.cpl
2011-09-28 07:06:50 . 2004-08-04 12:00:00   599040   ------w-   C:\WINDOWS\system32\crypt32.dll
2011-09-26 18:41:20 . 2008-07-30 02:59:58   611328   ------w-   C:\WINDOWS\system32\uiautomationcore.dll
2011-09-26 18:41:20 . 2004-08-04 12:00:00   220160   ------w-   C:\WINDOWS\system32\oleacc.dll
2011-09-26 18:41:14 . 2004-08-04 12:00:00   20480   ------w-   C:\WINDOWS\system32\oleaccrc.dll
2011-01-22 16:06:55 . 2011-01-22 16:06:55   289592   ------w-   C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
2011-11-27 23:15:31 . 2011-03-30 03:08:34   134104   ------w-   C:\Program Files\mozilla firefox\components\browsercomps.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-10-30 02:04:48   1005712   ------r-   C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-10-30 02:04:48   1005712   ------r-   C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-10-30 02:04:48   1005712   ------r-   C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20   94208   ------w-   C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20   94208   ------w-   C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20   94208   ------w-   C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20   94208   ------w-   C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2010-12-01 19:54:48 21806592]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-05 01:29:52 346320]
"MRUTray"="C:\Program Files\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 17:12:16 741376]
"NUSB3MON"="C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 14:59:18 106496]
"EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 22:28:32 591696]
"WD Button Manager"="WDBtnMgr.exe" [BU]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 14:22:28 59240]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 02:56:42 25600]
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-10-30 02:04:48 1063056]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-10-08 04:50:00 16744256]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-10-08 04:50:00 203072]
"nwiz"="C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 04:50:00 1632360]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-13 08:24:58 421736]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 07:15:02 202296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 05:41:34 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
backupExtension=.Startup
backup=C:\WINDOWS\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSyncr WiFi.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iSyncr WiFi.lnk
backup=C:\WINDOWS\pss\iSyncr WiFi.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55:28   937920   ------w-   C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-07-29 09:25:06   497648   ------w-   C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-23 06:10:47   402432   ------w-   C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]
2006-11-18 00:42:46   53341   ------w-   C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12:16   15360   ------w-   C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Artisan 800 Series]
2008-04-06 23:00:00   188928   ------w-   C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEMA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_Plugin.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM]
2009-08-05 00:21:58   30264   ------w-   C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 08:24:58   421736   ------w-   C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 19:13:36   2363392   ------w-   C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2010-03-26 17:52:24   1234216   ------w-   C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50:00   16744256   ------w-   C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50:00   203072   ------w-   C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoshopElements8SyncAgent]
2010-09-06 10:19:32   1945536   ------w-   C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayOn]
C:\Program Files\MediaMall\PlayOn.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerPanel Personal Edition User Interaction]
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Real\RealPlayer\update\realsched.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41:43   8192   ------w-   C:\Program Files\Xvid\CheckUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 mv91cons;Marvell 91xx Config Device Driver;C:\WINDOWS\system32\drivers\mv91cons.sys [10/9/2009 2:55:54 PM 20008]
R1 kl2;kl2;C:\WINDOWS\system32\drivers\kl2.sys [3/4/2011 1:23:20 PM 11352]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 2:19:58 AM 169408]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [3/23/2010 4:28:06 AM 219360]
R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Backup Service;C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [9/16/2011 9:58:04 AM 2036224]
R2 cpuz135;cpuz135;C:\WINDOWS\system32\drivers\cpuz135_x32.sys [5/4/2011 4:28:06 PM 21992]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [6/24/2009 9:57:04 AM 136704]
R2 HPSIService;HP SI Service;C:\WINDOWS\system32\HPSIsvc.exe [3/27/2010 4:18:50 PM 99896]
R2 IconMan_R;IconMan_R;C:\Program Files\Sony\Drive Letter Recognition Software\RIconMan.exe [3/20/2011 1:16:14 PM 421888]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\raid\svc\mvraidsvc.exe [10/5/2009 10:01:30 AM 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe [4/8/2009 4:38:52 PM 24635]
R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200;C:\Program Files\Nero\Update\NASvc.exe [3/25/2010 1:39:22 PM 490280]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\WINDOWS\system32\drivers\CT20XUT.sys [6/4/2009 2:46:34 AM 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\WINDOWS\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46:56 AM 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\WINDOWS\system32\drivers\CTHWIUT.sys [6/4/2009 2:46:42 AM 72792]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [3/10/2011 6:34:46 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\system32\drivers\klmouflt.sys [11/2/2009 8:27:24 PM 19472]
R3 mvusbews;USB EWS Device;C:\WINDOWS\system32\drivers\mvusbews.sys [3/27/2010 4:16:59 PM 17408]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\WINDOWS\system32\drivers\nusb3hub.sys [9/25/2009 6:57:36 AM 56576]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\WINDOWS\system32\drivers\nusb3xhc.sys [9/25/2009 6:57:40 AM 138240]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [12/4/2010 3:34:44 PM 136176]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys --> C:\WINDOWS\system32\drivers\Ambfilt.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/24/2010 7:17:55 AM 79360]
S3 CT20XUT;CT20XUT;C:\WINDOWS\system32\drivers\CT20XUT.sys [6/4/2009 2:46:34 AM 171096]
S3 CTEXFIFX;CTEXFIFX;C:\WINDOWS\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46:56 AM 1324120]
S3 CTHWIUT;CTHWIUT;C:\WINDOWS\system32\drivers\CTHWIUT.sys [6/4/2009 2:46:42 AM 72792]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [12/4/2010 3:34:44 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]
S3 motandroidusb;Mot ADB Interface Driver;C:\WINDOWS\system32\Drivers\motoandroid.sys --> C:\WINDOWS\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys --> C:\WINDOWS\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys --> C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys --> C:\WINDOWS\system32\DRIVERS\wdcsam.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11:44   451872   ------w-   C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2011-12-10 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-GRAHAM-DBC226BA-Administrator.job
- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-07 00:55:20 . 2010-07-29 09:25:06]

2011-12-10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57:16 . 2011-06-02 00:57:16]

2011-12-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04 23:34:44 . 2010-12-04 23:34:41]

2011-12-11 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04 23:34:44 . 2010-12-04 23:34:41]

2011-12-11 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1647877149-725345543-500.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22:56 . 2011-08-11 22:22:56]

2011-12-11 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1647877149-725345543-500.job
- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22:56 . 2011-08-11 22:22:56]

2011-12-10 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D198CA8E-CF8B-4F20-844B-6799DCB6FDB7}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 11:31:54 . 2009-03-08 11:31:54]


------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
IE: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xv0e87j.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com

- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-FlashPlayerUpdate - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
AddRemove-Adobe Flash Player ActiveX - C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe

[1972vet]

Looks like the posting issue resolved. How's it running? Still slow? When was your last disk cleanup and defrag?

[sergei91]

Still bad, HD is chattering away.. until I block network access through Kaspersky

Last Defrag was recently (under 2 weeks) i checked it again and its less than 5%
Disk cleanup is also done weekly

[sergei91]

strange, i just figured since Carbonite was the only thing accessing the network that I would try to uninstall it, and the HD noises stopped!

The computer is still running very slow however.

[1972vet]

OK, let's run the TDSSKiller scan again. I know you said you ran it, but I want to see the resulting log. What's more, I don't know if you ran it properly either so let's do this:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-click on TDSSKiller.exe to run the application. Click the "Change parameters". Under Additional options, check the box next to both options, "Verify Driver Digital Signature" and "Detect TDLFS file system" and click the OK button.
  
• Click the Start scan button.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• You may be prompted to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file back here on your next reply.
  
• ...otherwise, if a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". If this was the case, then we need to see that log.
  

[1972vet]

strange, i just figured since Carbonite was the only thing accessing the network that I would try to uninstall it, and the HD noises stopped!

The computer is still running very slow however.

That wouldn't account for the issue occurring just within the past week however...unless you just started using Carbonite at that time. Did you?

The slow performance may still be relative to the 5% fragmentation.

[sergei91]

Actually yes I just started using carbonite recently.

I reinstalled carbonite and the problem reappeared.  I'm wondering if there is a carbonite /kaspersky conflict even though according to both websites I am configured correctly.it seems like it is searching for something on my HD, and when I block the network it stops searching.

[sergei91]

I'm also thinking of just upgrading to windows 7 do you think it woukd be wise? 

I will rerun the scan in a few minutes, I stepped out for Starbucks :-)

[1972vet]

You wouldn't be disappointed with Windows 7 but the backup issue with carbonite shouldn't cause you to abandon hope for the system you have now. There are alternatives...let me know if you'd like a free backup utility that will actually create an image of the system for you, from which you could restore in a few moments. The neat thing about imaging is that it puts the system back the way you had it at the time you created the image, complete with all installed software.