Author Topic: [Resolved] I'm stumped major comp slow down, HijackThis log included (Read 2423 times)

sergei91 · « **on:** December 08, 2011, 10:50:14 AM »

My computer has been having slow down/freezing issues for about a week or so. For the past four days the HD keeps running/buzzing constantly (or sounds like its running) and everything else is VERY VERY slow. I have tried various malware and rootkit removal tools with no success, they find nothing. (AVG, Kas TDDS, Rootkit Reveal Spybot, Adaware etc, Backlight), I have also run Chkdsk with no errors found and a few other WD HD diag. tools with no errors on my drives. I have Kaspersky Internet Security 2012 running on my machine. When i block the internet connection thru Kaspersky the HD running STOPS, however the computer is still slow. Something is hidden in there I just can't find it!!!
Thanks for any assistance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:27:17 PM, on 12/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Sony\Drive Letter Recognition Software\RIconMan.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Marvell\raid\tray\MarvellTray.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\program files\companionlink\companionlink.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Zecter\ZumoCast\bin\gst-thumbnailer.exe
F:\My Documents\Downloads\RootkitRevealer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HJSSLXA.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
F:\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.*.*;*.local
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [MRUTray] C:\Program Files\Marvell\raid\tray\MarvellTray.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKCU\..\Run: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon
O4 - HKCU\..\Run: [ZumoCast] C:\Program Files\Zecter\ZumoCast\ZumoLauncher.lnk
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: WD Quick View.lnk = C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://novastor.cleverreach.com
O15 - Trusted Zone: http://*.google-analytics.com
O15 - Trusted Zone: http://*.novastor.com
O15 - Trusted IP range: http://127.0.0.1
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269526192781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269526232500
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} (Creative Software AutoUpdate 2) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Carbonite Mirror Image Backup Service (Carbonite-Mirror-Image-Svc) - Carbonite - C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HJSSLXA - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HJSSLXA.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files\Sony\Drive Letter Recognition Software\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: JMNP - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JMNP.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe

--
End of file - 14411 bytes

1972vet · « **Reply #1 on:** December 08, 2011, 10:53:24 AM »

Disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here. Next, please download the free utility DDS from any of these locations...Here, Here...or Here.
Note - Some infections may prevent certain executable files from running on your computer. If one of these download locations results in a failed run of the utility, please try the next location until you find one that will work on your machine
Double click dds.scr to run the tool

When it completes, DDS will open two (2) logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Next, Download GMER from the following location and save it to your desktop.

GMER Download Link 1
GMER Download Link 2 (Only use if the previous link does not work)

Right-click on the gmer.zip icon and select the Extract all... menu option. You should now see the gmer folder.
Open the folder and double-click on the gmer.exe icon. Please "ok" any prompts to allow the program to start.
You should now see the main GMER window. If you receive a warning about rootkit activity asking if you want to run a full scan, please click on the NO button.
We now need to configure GMER to prevent some features from being used during the scan. Please uncheck the following settings (we do NOT want to see these in our scan):
- IAT/EAT
- Drives/Partition other than Systemdrive,[/b] which is typically C:\
- Show All <--Important. Don't miss this one
Now that you have removed the check marks from the boxes for those items listed above, please click the Scan button.
This scan may take quite some time, so please be patient. When it has finished, you will be back at the main screen.
Please click on the Save... button and save the report to your desktop. Please name the saved file ark.txt
Please do not act on any of the information in this report. Many legitimate programs could be listed there.
Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

Please remember to include the following logs in your next reply.

DDS.txt
Attach.txt
ARK.txt

sergei91 · « **Reply #2 on:** December 09, 2011, 12:18:38 AM »

OK, so here is a problem, I have tried to run GMER 3 times and all three times after about two hours it crashes the computer. I even did it a fourth time in safe mode with the same result. Hijackthis and OTL run through but NOT GMER?
Here however are the other two requested files.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Administrator at 15:39:06 on 2011-12-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3259.1810 [GMT -8:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Sony\Drive Letter Recognition Software\RIconMan.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Marvell\raid\tray\MarvellTray.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\WDC\CR\SetIcon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\program files\companionlink\companionlink.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CompanionLink] "c:\program files\companionlink\companionlink.exe" -Icon
uRun: [Akamai NetSession Interface] c:\documents and settings\administrator\local settings\application data\akamai\netsession_win.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [MRUTray] c:\program files\marvell\raid\tray\MarvellTray.exe
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [SetIcon] \Program Files\WDC\CR\SetIcon.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdquic~1.lnk - c:\program files\western digital\wd smartware\WDDMStatus.exe
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files\opanda\iexif 2.3\IExifMap.htm
IE: View Exif/GPS/IPTC with IExif - c:\program files\opanda\iexif 2.3\IExifCom.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1269526192781
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269526232500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{24F95F4A-4394-42E1-9512-BF032D09C8C7} : DhcpNameServer = 192.168.1.1 68.238.64.12
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\1xv0e87j.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-9 20008]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-12-7 3968]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-12-7 565552]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe [2011-4-24 202296]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-3-23 219360]
R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Backup Service;c:\program files\carbonite\carbonite mirror image\CarboniteMirrorImage.exe [2011-9-16 2036224]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-5-4 21992]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-3-27 99896]
R2 IconMan_R;IconMan_R;c:\program files\sony\drive letter recognition software\RIconMan.exe [2011-3-20 421888]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
R2 MRUWebService;MRU Web Service;c:\program files\marvell\raid\apache2\bin\httpd.exe [2009-4-8 24635]
R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
R2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-12-6 439632]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2009-6-26 102400]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-8-1 263056]
R2 WDFMEService;WDFMEService;c:\program files\western digital\wd smartware\WDFME.exe [2011-8-1 1592208]
R2 WDRulesService;WDRulesService;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-8-1 1091984]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171096]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324120]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72792]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [2010-3-27 17408]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-9-25 56576]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-9-25 138240]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-4 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-24 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171096]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324120]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72792]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-4 136176]
S3 JMNP;JMNP;c:\docume~1\admini~1\locals~1\temp\JMNP.exe [2011-12-6 347008]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\c.tmp --> c:\windows\system32\C.tmp [?]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys --> c:\windows\system32\drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-3-27 11520]
.
=============== Created Last 30 ================
.
2011-12-08 03:15:30   --------   d-----w-   c:\documents and settings\administrator\application data\Malwarebytes
2011-12-08 03:14:09   --------   d-----w-   c:\documents and settings\all users\application data\Malwarebytes
2011-12-08 03:13:45   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-12-08 03:13:44   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2011-12-08 02:04:37   3968   ----a-w-   c:\windows\system32\drivers\AvgArCln.sys
2011-12-07 17:35:32   --------   d-----w-   c:\documents and settings\all users\application data\F-Secure
2011-12-07 08:50:06   115369   ----a-w-   c:\windows\system32\drivers\klin.dat
2011-12-07 08:50:05   97961   ----a-w-   c:\windows\system32\drivers\klick.dat
2011-12-07 08:41:38   --------   d-----w-   c:\program files\Kaspersky Lab
2011-12-07 08:41:37   --------   d-----w-   c:\documents and settings\all users\application data\Kaspersky Lab
2011-12-07 08:29:07   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\NPE
2011-12-06 18:18:48   --------   d-----w-   c:\program files\WinPcap
2011-12-06 18:05:57   --------   d-----w-   c:\documents and settings\all users\application data\Trend Micro
2011-12-06 18:03:21   --------   d-----w-   c:\program files\Trend Micro
2011-12-06 15:13:24   --------   d-----w-   c:\program files\Sophos
2011-12-06 01:26:23   22032   ----a-w-   c:\windows\DCEBoot.exe
2011-12-05 02:02:17   --------   d-----w-   c:\documents and settings\all users\application data\SecTaskMan
2011-12-05 02:01:45   --------   d-----w-   c:\program files\Security Task Manager
2011-11-26 22:42:28   --------   d--h--w-   C:\kleaner.tmp
2011-11-26 22:32:06   --------   d-----w-   c:\program files\iPod
2011-11-26 07:27:36   --------   d-----w-   c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-26 07:25:24   --------   d-----w-   c:\program files\Spybot - Search & Destroy 2
2011-11-25 23:10:52   --------   d-----w-   C:\Western Digital
2011-11-25 22:43:13   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2011-11-25 22:43:13   --------   d-----w-   c:\windows\system32\wbem\Repository
2011-11-24 22:55:13   0   ---h--w-   c:\documents and settings\administrator\local settings\application data\BITC.tmp
2011-11-24 21:33:54   298304   ------w-   c:\windows\system32\nvsvc32.exe
2011-11-24 21:33:54   220992   ------w-   c:\windows\system32\nvcolor.exe
2011-11-24 21:33:49   203072   ------w-   c:\windows\system32\nvmctray.dll
2011-11-24 21:33:49   16744256   ------w-   c:\windows\system32\nvcpl.dll
2011-11-24 21:33:37   602432   ------w-   c:\windows\system32\easyupdatusapiu.dll
2011-11-24 21:33:37   54272   ------w-   c:\windows\system32\nvwddi.dll
2011-11-24 21:33:22   285176   ------w-   c:\windows\system32\nvdrsdb0.bin
2011-11-24 21:33:21   285176   ------w-   c:\windows\system32\nvdrsdb1.bin
2011-11-24 21:33:21   1   ------w-   c:\windows\system32\nvdrssel.bin
2011-11-24 21:32:15   65536   ------w-   c:\windows\system32\OpenCL.dll
2011-11-24 21:32:12   877376   ------w-   c:\windows\system32\nvgenco32.dll
2011-11-24 21:32:12   17956864   ------w-   c:\windows\system32\nvoglnt.dll
2011-11-24 21:32:11   919872   ------w-   c:\windows\system32\nvdispco32.dll
2011-11-24 21:32:10   2398016   ------w-   c:\windows\system32\nvcuvid.dll
2011-11-24 21:32:10   2099520   ------w-   c:\windows\system32\nvcuvenc.dll
2011-11-24 21:32:09   5595136   ------w-   c:\windows\system32\nvcuda.dll
2011-11-24 21:32:09   4226688   ------w-   c:\windows\system32\nv4_disp.dll
2011-11-24 21:32:09   2449408   ------w-   c:\windows\system32\nvapi.dll
2011-11-24 21:32:09   17240064   ------w-   c:\windows\system32\nvcompiler.dll
2011-11-24 21:32:09   12791488   ------w-   c:\windows\system32\drivers\nv4_mini.sys
2011-11-24 18:59:39   --------   d-----w-   c:\program files\SystemRequirementsLab
2011-11-19 22:21:56   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\eSupport.com
2011-11-19 19:06:43   --------   d-----w-   c:\program files\Carbonite
2011-11-19 19:06:43   --------   d-----w-   c:\documents and settings\all users\application data\Carbonite
2011-11-10 03:38:04   --------   d-----w-   c:\documents and settings\administrator\local settings\application data\Akamai
.
==================== Find3M ====================
.
2011-11-15 18:28:45   414368   ------w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-16 03:32:06   445016   ------w-   c:\windows\system32\wrap_oal.dll
2011-10-16 03:32:06   109144   ------w-   c:\windows\system32\OpenAL32.dll
2011-10-10 14:22:41   692736   ------w-   c:\windows\system32\inetcomm.dll
2011-10-03 13:06:03   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2011-10-03 10:37:52   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50   599040   ------w-   c:\windows\system32\crypt32.dll
2011-09-26 18:41:20   611328   ------w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20   220160   ------w-   c:\windows\system32\oleacc.dll
2011-09-26 18:41:14   20480   ------w-   c:\windows\system32\oleaccrc.dll
.
============= FINISH: 15:39:30.21 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/22/2010 9:05:58 AM
System Uptime: 12/8/2011 8:03:48 AM (7 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
Processor: Intel Pentium II Xeon processor | Socket 1156 | 3417/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 636.351 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 699 GiB total, 217.389 GiB free.
G: is FIXED (NTFS) - 168 GiB total, 119.169 GiB free.
H: is Removable
P: is Removable
Q: is FIXED (NTFS) - 466 GiB total, 18.501 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP776: 11/27/2011 7:32:29 PM - System Checkpoint
RP777: 11/28/2011 8:18:57 PM - System Checkpoint
RP778: 11/29/2011 10:12:11 PM - System Checkpoint
RP779: 11/30/2011 11:00:16 PM - System Checkpoint
RP780: 12/1/2011 11:54:51 PM - System Checkpoint
RP781: 12/3/2011 12:12:28 AM - System Checkpoint
RP782: 12/4/2011 1:53:32 AM - System Checkpoint
RP783: 12/5/2011 2:21:00 AM - System Checkpoint
RP784: 12/6/2011 4:24:32 AM - System Checkpoint
RP785: 12/6/2011 10:48:24 AM - First Restore Point
RP786: 12/6/2011 11:52:06 AM - First Restore Point
RP787: 12/6/2011 12:11:51 PM - First Restore Point
RP788: 12/7/2011 12:40:50 AM - Installed Kaspersky Internet Security 2012.
RP789: 12/7/2011 6:01:21 PM - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5
Adobe Media Player
Adobe Photoshop Elements 9
Adobe Photoshop Lightroom 3.5
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avery Wizard 4.0
AVG Anti-Rootkit Free
Belarc Advisor 8.1
Bonjour
BookSmart® 3.0.3 3.0.3
Browser Configuration Utility
Carbonite
Carbonite Mirror Image: Carbonite Mirror Image
CCleaner
CompanionLink
CPUID CPU-Z 1.57.1
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative WaveStudio 7
Digimarc Plug-ins for Adobe® Photoshop®
Drive Letter Recognition Software
Dropbox
Elements 9 Organizer
Elements STI Installer
EndItAll 2.0
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager
EPSON Scan
fotoQuote Pro 6
Google Update Helper
High-Definition Video Playback 10
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP LaserJet Professional P1100-P1560-P1600 Series
hppLaserJetService
hppP1100P1560P1600SeriesLaserJetService
hppusgP1100P1560P1600Series
HPSSupply
Image Resizer Powertoy for Windows XP
iTunes
Java(TM) 6 Update 29
Kaspersky Internet Security 2012
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Marvell MRU V4
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotoHelper MergeModules
Motorola Mobile Drivers Installation 5.2.0
Mozilla Firefox 8.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEC Electronics USB 3.0 Host Controller Driver
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Noise Ninja 2 (Standalone Version)
NVIDIA Control Panel 285.58
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
Oakley THUMP Pro
OGA Notifier 2.0.0048.0
Opanda IExif 2.3
OpenAL
Pandora Icon Installer™
PDF Settings CS5
Polar ProTrainer
RealNetworks - Microsoft Visual C++ 2008 Runtime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
RealUpgrade 1.1
RescuePRO 3.5
Security Task Manager 1.8d
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.1
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sophos Anti-Rootkit 1.5.20
swMSM
System Requirements Lab
Trend Micro RUBotted 2.0 Beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
USB 2.0 IrDA Bridge
VLC media player 1.1.11
VoiceOver Kit
WD Drive Manager (x86)
WD Media Center Driver
WD SmartWare
WD Software Upgrader
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPcap 4.1.1
WinRAR archiver
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
12/7/2011 9:07:54 PM, error: PlugPlayManager [11] - The device Root\LEGACY_SMR210\0000 disappeared from the system without first being prepared for removal.
12/7/2011 12:40:19 AM, error: Service Control Manager [7034] - The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).
12/6/2011 9:28:23 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/6/2011 9:13:22 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/6/2011 3:58:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WDRulesService service to connect.
12/6/2011 3:58:34 AM, error: Service Control Manager [7001] - The WDFMEService service depends on the WDRulesService service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2011 3:58:34 AM, error: Service Control Manager [7000] - The WDRulesService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/6/2011 11:04:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
12/6/2011 10:53:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
12/6/2011 10:53:13 AM, error: Service Control Manager [7001] - The MRU Web Service service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2011 10:53:13 AM, error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The dependency service or group failed to start.
12/6/2011 10:53:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/6/2011 10:05:01 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro RUBotted Service service to connect.
12/6/2011 10:05:01 AM, error: Service Control Manager [7000] - The Trend Micro RUBotted Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2011 9:06:29 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
12/5/2011 9:06:29 AM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2011 9:06:25 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
12/5/2011 8:50:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/5/2011 8:49:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}
12/5/2011 8:34:20 AM, error: Service Control Manager [7000] - The CarboniteService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/5/2011 8:34:17 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CarboniteService service to connect.
12/5/2011 8:34:17 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
12/5/2011 8:15:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF
12/5/2011 8:12:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/5/2011 8:12:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/5/2011 7:11:47 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
12/5/2011 7:10:52 AM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/5/2011 6:54:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
12/5/2011 6:33:16 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 6:33:16 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 6:33:16 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 6:33:16 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/5/2011 6:33:16 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/4/2011 1:28:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WDFMEService service to connect.
12/4/2011 1:28:09 AM, error: Service Control Manager [7000] - The WDFMEService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/1/2011 4:59:57 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\D.
12/1/2011 4:04:30 AM, error: atapi [9] - The device, \Device\Ide\IdePort5, did not respond within the timeout period.
12/1/2011 3:02:35 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================

1972vet · « **Reply #3 on:** December 09, 2011, 08:25:54 AM »

In your original complaint, you state that the system has become sluggish for about a week or so. Do you recall when it was that you installed the WesternDigital software? How about the TrendMicro "RUBotted"? Both will consume an incredible amount of RAM but I would imagine, on that system, just the WesternDigital running on startup would cause that thing to slow down quite a bit...perhaps even to intolerable levels. I only see one processor, unless I mis-read something. I did look this over in a rush, but as I recall, I saw just one.

If you have the software for the WesternDigial program, uninstall it for now as well as the RUBotted software. That one is free anyway, so reinstalling it won't be a problem later, should you decide you still want it. By the way, with the Kaspersky software, you really should have no need of it.

Also, please uninstall AVG Anti-Rootkit and removed these from your trusted zone:
Trusted Zone: cleverreach.com\novastor
Trusted Zone: google-analytics.com
Trusted Zone: novastor.com

Post back when you finish and let me know if you noticed any improvement at all at this point, before we continue. We'll do a more in depth study at that time. Thanks!

sergei91 · « **Reply #4 on:** December 09, 2011, 10:53:43 AM »

Strange I can't post to the forum from my PC anymore..it says I have a virus when I try to post! I'm sending this from my tablet.
To answer your questions the rubot I just installed, the WD software has been on my comp for a long time.
what worries me amongst the other issue I'd slowdown, and that Gmer is crashing etc, is the fact that the HD is constantly searching (running) until I go into Kaspersky and block all network connections, then it stops.

On a different note I noticed your picture and sign that u served in the USCG. I'm a photojournalist and i just got back from a week at Airsta Sacto flying in their C130's for a piece I'm working on. I've also done work with LAX and soon SD as well. I think the CG is under appreciated and doesn't get the publicity it deserves and im trying to help in my own little way. Thank you for your service!

sergei91 · « **Reply #5 on:** December 09, 2011, 10:54:43 AM »

Oh, and I believe I have a dual core chipset

1972vet · « **Reply #6 on:** December 09, 2011, 11:32:32 AM »

You're welcome indeed...and thank you!

Try to run This Tool on the affected system. See if you can download it to some removal media and transfer it to the desktop. Run it from there if you can...

Click "I Accept" for the agreement. You may be prompted, to allow the system to reboot. When you've completed this scan, please post back your results. Thanks!

1972vet · « **Reply #7 on:** December 09, 2011, 12:02:56 PM »

While I'm waiting for your next reply, look to see when the following were installed:
Akamai NetSession Interface
Akamai NetSession Interface Service
...if you can. Those programs were more than likely foisted on your system. They're not malicious but the constant disk running issue you mentioned may well be coming from this software. It was probably bundled with something else you installed...maybe one of the video/sound related programs or maybe a game.

Anyway, that software is some sort of download accelerator/caching tool from Akamai. Akamai is using your machine(s) as part of their distributoin network. They use it to "re-distribute" the content (files) that came from their distribution network in order to deliver these same content (files) to other users (machines) that require the same content (files) from the Akamai network.

It's done that way, on their behalf, not yours. In order to lessen the load on their network and improve the delivery efficiency of their network, they use other systems when they find them willing or not, to participate.

If you uninstall it, there will be no ill effect on any of the software that came bundled with it...the only affect should be improvement on your end. Until I see the scan result from your last posted instruction, I might say, uninstalling this software may just be the end of your issue, although we can't be certain as I said, until we see the scan results.

sergei91 · « **Reply #8 on:** December 09, 2011, 12:38:55 PM »

OK ran the scan, response was Backdoor was not found on this computer.

sergei91 · « **Reply #9 on:** December 09, 2011, 12:53:46 PM »

Removed both programs,HD is still chattering away, until I block network access

1972vet · « **Reply #10 on:** December 09, 2011, 02:39:29 PM »

Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

sergei91 · « **Reply #11 on:** December 09, 2011, 03:34:32 PM »

I CANNOT post via my PC to this website, it keeps saying either I have a virus or have posted within the last 45 seconds!
So I emailed the combofix log to my tablet ....here it is

ComboFix 11-12-09.02 - Administrator 12/09/2011 13:05:03.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3259.2523 [GMT -8:00]

Running from: F:\My Documents\Downloads\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator\Application Data\Start

C:\Documents and Settings\Administrator\Application Data\Start\temp_BB40E0B5\flash.10.0.32.18.ocx

C:\Install.exe

C:\WINDOWS\CSC\d6

C:\WINDOWS\system32\PowerToyReadme.htm

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NPF

((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))

2011-12-09 19:29:37 . 2008-04-13 18:46:10 51200 -c--a-w-C:\WINDOWS\system32\dllcache\msdv.sys

2011-12-09 19:29:30 . 2001-08-17 21:52:12 17280 -c--a-w-C:\WINDOWS\system32\dllcache\mraid35x.sys

2011-12-09 19:29:22 . 2008-04-13 18:46:22 15232 -c--a-w-C:\WINDOWS\system32\dllcache\mpe.sys

2011-12-09 19:29:16 . 2001-08-17 21:57:38 16128 -c--a-w-C:\WINDOWS\system32\dllcache\modemcsa.sys

2011-12-09 19:29:09 . 2001-08-17 21:52:50 6528 -c--a-w-C:\WINDOWS\system32\dllcache\miniqic.sys

2011-12-09 19:29:05 . 2001-08-17 20:50:00 320384 -c--a-w-C:\WINDOWS\system32\dllcache\mgaum.sys

2011-12-09 19:29:04 . 2001-08-17 22:56:02 235648 -c--a-w-C:\WINDOWS\system32\dllcache\mgaud.dll

2011-12-09 19:29:02 . 2008-04-13 18:41:22 26112 -c--a-w-C:\WINDOWS\system32\dllcache\memstpci.sys

2011-12-09 19:29:01 . 2001-08-18 06:36:20 47616 -c--a-w-C:\WINDOWS\system32\dllcache\memgrp.dll

2011-12-09 19:27:54 . 2008-04-14 00:09:56 6144 -c--a-w-C:\WINDOWS\system32\dllcache\kbd106.dll

2011-12-09 19:27:52 . 2001-08-17 22:55:56 5632 -c--a-w-C:\WINDOWS\system32\dllcache\kbd103.dll

2011-12-09 19:27:50 . 2001-08-17 22:55:56 6144 -c--a-w-C:\WINDOWS\system32\dllcache\kbd101c.dll

2011-12-09 19:27:48 . 2001-08-17 22:55:56 6144 -c--a-w-C:\WINDOWS\system32\dllcache\kbd101b.dll

2011-12-09 19:27:42 . 2001-08-17 21:49:10 26624 -c--a-w-C:\WINDOWS\system32\dllcache\irstusb.sys

2011-12-09 19:27:40 . 2001-08-17 21:51:32 18688 -c--a-w-C:\WINDOWS\system32\dllcache\irsir.sys

2011-12-09 19:27:39 . 2001-08-17 21:49:04 23552 -c--a-w-C:\WINDOWS\system32\dllcache\irmk7.sys

2011-12-09 19:27:33 . 2001-08-17 20:12:12 45632 -c--a-w-C:\WINDOWS\system32\dllcache\ip5515.sys

2011-12-09 19:27:32 . 2001-08-18 06:36:18 90200 -c--a-w-C:\WINDOWS\system32\dllcache\io8ports.dll

2011-12-09 19:27:30 . 2008-04-13 18:40:30 5504 -c--a-w-C:\WINDOWS\system32\dllcache\intelide.sys

2011-12-09 19:27:30 . 2001-08-17 21:50:56 38784 -c--a-w-C:\WINDOWS\system32\dllcache\io8.sys

2011-12-09 19:27:28 . 2001-08-17 21:47:50 13056 -c--a-w-C:\WINDOWS\system32\dllcache\inport.sys

2011-12-09 19:27:26 . 2001-08-17 21:52:08 16000 -c--a-w-C:\WINDOWS\system32\dllcache\ini910u.sys

2011-12-09 19:25:22 . 2001-08-17 21:28:12 488383 -c--a-w-C:\WINDOWS\system32\dllcache\hsf_v124.sys

2011-12-09 19:24:59 . 2001-08-17 21:52:50 5760 -c--a-w-C:\WINDOWS\system32\dllcache\hpt4qic.sys

2011-12-09 19:23:56 . 2001-08-17 20:15:02 442240 -c--a-w-C:\WINDOWS\system32\dllcache\fpnpbase.sys

2011-12-09 19:22:59 . 2001-08-17 20:11:12 455199 -c--a-w-C:\WINDOWS\system32\dllcache\el985n51.sys

2011-12-09 19:21:59 . 2001-08-17 20:17:20 29531 -c--a-w-C:\WINDOWS\system32\dllcache\dgapci.sys

2011-12-09 19:20:59 . 2001-08-17 20:13:38 980034 -c--a-w-C:\WINDOWS\system32\dllcache\cicap.sys

2011-12-09 19:19:36 . 2001-08-17 21:51:00 13824 -c--a-w-C:\WINDOWS\system32\dllcache\bulltlp3.sys

2011-12-09 19:18:58 . 2001-08-17 22:55:58 96128 -c--a-w-C:\WINDOWS\system32\dllcache\ati.dll

2011-12-08 03:15:30 . 2011-12-08 03:15:30 -------- d-----w-C:\Documents and Settings\Administrator\Application Data\Malwarebytes

2011-12-08 03:14:09 . 2011-12-08 03:14:09 -------- d-----w-C:\Documents and Settings\All Users\Application Data\Malwarebytes

2011-12-08 03:13:44 . 2011-12-09 18:14:49 -------- d-----w-C:\Program Files\Malwarebytes' Anti-Malware

2011-12-07 17:35:32 . 2011-12-07 17:35:32 -------- d-----w-C:\Documents and Settings\All Users\Application Data\F-Secure

2011-12-07 08:50:06 . 2011-12-07 10:07:11 115369 ----a-w-C:\WINDOWS\system32\drivers\klin.dat

2011-12-07 08:50:05 . 2011-12-07 10:07:08 97961 ----a-w-C:\WINDOWS\system32\drivers\klick.dat

2011-12-07 08:41:38 . 2011-12-07 08:41:38 -------- d-----w-C:\Program Files\Kaspersky Lab

2011-12-07 08:41:37 . 2011-12-09 21:20:10 -------- d-----w-C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2011-12-07 08:29:07 . 2011-12-07 17:22:22 -------- d-----w-C:\Documents and Settings\Administrator\Local Settings\Application Data\NPE

2011-12-06 15:13:24 . 2011-12-09 17:07:21 -------- d-----w-C:\Program Files\Sophos

2011-12-06 01:26:23 . 2011-12-06 01:27:37 22032 ----a-w-C:\WINDOWS\DCEBoot.exe

2011-12-05 02:02:17 . 2011-12-09 19:06:48 -------- d-----w-C:\Documents and Settings\All Users\Application Data\SecTaskMan

2011-11-26 22:42:28 . 2011-12-06 19:37:14 -------- d-----w-C:\kleaner.tmp

2011-11-26 22:32:06 . 2011-11-26 22:32:07 -------- d-----w-C:\Program Files\iPod

2011-11-26 07:27:36 . 2011-11-26 16:13:08 -------- d-----w-C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2011-11-26 07:25:24 . 2011-11-26 16:15:27 -------- d-----w-C:\Program Files\Spybot - Search & Destroy 2

2011-11-25 23:39:43 . 2011-11-26 00:16:26 -------- d-----w-C:\Documents and Settings\Scott

2011-11-25 23:10:52 . 2011-11-25 23:10:52 -------- d-----w-C:\Western Digital

2011-11-25 22:57:17 . 2011-11-25 23:26:34 -------- d-----w-C:\Documents and Settings\Scott's Home

2011-11-25 22:43:13 . 2011-11-25 22:43:13 -------- d-----w-C:\WINDOWS\system32\wbem\Repository

2011-11-25 21:53:20 . 2011-11-25 22:41:55 -------- d-s---w-C:\Documents and Settings\TEMP

2011-11-24 22:55:13 . 2011-11-24 22:55:13 0 ---h--w- C:\Documents and Settings\Administrator\Local Settings\Application Data\BITC.tmp

2011-11-24 21:33:54 . 2011-10-08 04:50:00 298304 ------w-C:\WINDOWS\system32\nvsvc32.exe

2011-11-24 21:33:54 . 2011-10-08 04:50:00 220992 ------w-C:\WINDOWS\system32\nvcolor.exe

2011-11-24 21:33:49 . 2011-10-08 04:50:00 203072 ------w-C:\WINDOWS\system32\nvmctray.dll

2011-11-24 21:33:49 . 2011-10-08 04:50:00 16744256 ------w- C:\WINDOWS\system32\nvcpl.dll

2011-11-24 21:33:37 . 2011-10-08 04:50:00 602432 ------w-C:\WINDOWS\system32\easyupdatusapiu.dll

2011-11-24 21:33:37 . 2011-10-08 04:50:00 54272 ------w-C:\WINDOWS\system32\nvwddi.dll

2011-11-24 21:33:22 . 2011-11-24 21:33:31 285176 ------w-C:\WINDOWS\system32\nvdrsdb0.bin

2011-11-24 21:33:21 . 2011-11-24 21:33:31 1 ------w- C:\WINDOWS\system32\nvdrssel.bin

2011-11-24 21:33:21 . 2011-11-24 21:33:21 285176 ------w-C:\WINDOWS\system32\nvdrsdb1.bin

2011-11-24 21:32:15 . 2011-10-08 04:50:00 65536 ------w-C:\WINDOWS\system32\OpenCL.dll

2011-11-24 21:32:12 . 2011-10-08 04:50:00 877376 ------w-C:\WINDOWS\system32\nvgenco32.dll

2011-11-24 21:32:12 . 2011-10-08 04:50:00 17956864 ------w- C:\WINDOWS\system32\nvoglnt.dll

2011-11-24 21:32:11 . 2011-10-08 04:50:00 919872 ------w-C:\WINDOWS\system32\nvdispco32.dll

2011-11-24 21:32:10 . 2011-10-08 04:50:00 2398016 ------w- C:\WINDOWS\system32\nvcuvid.dll

2011-11-24 21:32:10 . 2011-10-08 04:50:00 2099520 ------w- C:\WINDOWS\system32\nvcuvenc.dll

2011-11-24 21:32:09 . 2011-10-08 04:50:00 5595136 ------w- C:\WINDOWS\system32\nvcuda.dll

2011-11-24 21:32:09 . 2011-10-08 04:50:00 4226688 ------w- C:\WINDOWS\system32\nv4_disp.dll

2011-11-24 21:32:09 . 2011-10-08 04:50:00 2449408 ------w- C:\WINDOWS\system32\nvapi.dll

2011-11-24 21:32:09 . 2011-10-08 04:50:00 17240064 ------w- C:\WINDOWS\system32\nvcompiler.dll

2011-11-24 21:32:09 . 2011-10-08 04:50:00 12791488 ------w- C:\WINDOWS\system32\drivers\nv4_mini.sys

2011-11-24 18:59:39 . 2011-11-24 18:59:42 -------- d-----w-C:\Program Files\SystemRequirementsLab

2011-11-24 18:59:38 . 2011-11-24 18:59:38 -------- d-----w-C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

2011-11-19 22:21:56 . 2011-11-26 00:59:21 -------- d-----w-C:\Documents and Settings\Administrator\Local Settings\Application Data\eSupport.com

2011-11-19 19:06:43 . 2011-12-04 21:50:33 -------- d-----w-C:\Documents and Settings\All Users\Application Data\Carbonite

2011-11-19 19:06:43 . 2011-12-04 21:50:14 -------- d-----w-C:\Program Files\Carbonite

2011-11-10 03:38:04 . 2011-12-09 18:41:27 -------- d-----w-C:\Documents and Settings\Administrator\Local Settings\Application Data\Akamai

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-11-15 18:28:45 . 2011-06-07 15:56:40 414368 ------w-C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

2011-10-16 03:32:06 . 2010-03-24 15:17:37 445016 ------w-C:\WINDOWS\system32\wrap_oal.dll

2011-10-16 03:32:06 . 2010-03-24 15:17:37 109144 ------w-C:\WINDOWS\system32\OpenAL32.dll

2011-10-10 14:22:41 . 2010-03-22 16:02:40 692736 ------w-C:\WINDOWS\system32\inetcomm.dll

2011-10-03 13:06:03 . 2010-05-02 16:55:32 472808 ----a-w-C:\WINDOWS\system32\deployJava1.dll

2011-10-03 10:37:52 . 2010-04-02 03:08:51 73728 ----a-w-C:\WINDOWS\system32\javacpl.cpl

2011-09-28 07:06:50 . 2004-08-04 12:00:00 599040 ------w-C:\WINDOWS\system32\crypt32.dll

2011-09-26 18:41:20 . 2008-07-30 02:59:58 611328 ------w-C:\WINDOWS\system32\uiautomationcore.dll

2011-09-26 18:41:20 . 2004-08-04 12:00:00 220160 ------w-C:\WINDOWS\system32\oleacc.dll

2011-09-26 18:41:14 . 2004-08-04 12:00:00 20480 ------w-C:\WINDOWS\system32\oleaccrc.dll

2011-01-22 16:06:55 . 2011-01-22 16:06:55 289592 ------w-C:\Program Files\mozilla firefox\plugins\ieatgpc.dll

2011-11-27 23:15:31 . 2011-03-30 03:08:34 134104 ------w-C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-10-30 02:04:48 1005712 ------r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-10-30 02:04:48 1005712 ------r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-10-30 02:04:48 1005712 ------r- C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ------w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ------w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ------w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12:20 94208 ------w- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2010-12-01 19:54:48 21806592]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-05 01:29:52 346320]

"MRUTray"="C:\Program Files\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 17:12:16 741376]

"NUSB3MON"="C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 14:59:18 106496]

"EEventManager"="C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 22:28:32 591696]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 14:22:28 59240]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 02:56:42 25600]

"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-10-30 02:04:48 1063056]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2011-10-08 04:50:00 16744256]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2011-10-08 04:50:00 203072]

"nwiz"="C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 04:50:00 1632360]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-13 08:24:58 421736]

"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 07:15:02 202296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX .exe" [2011-03-04 03:57:36 233936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]

"EnableLinkedConnections"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 05:41:34 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Dropbox.lnk]

path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk

backupExtension=.Startup

backup=C:\WINDOWS\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iSyncr WiFi.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iSyncr WiFi.lnk

backup=C:\WINDOWS\pss\iSyncr WiFi.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 19:55:28 937920 ------w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-07-29 09:25:06 497648 ------w- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 06:10:47 402432 ------w- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-18 00:42:46 53341 ------w- C:\Program Files\Creative\Shared Files\CTSched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12:16 15360 ------w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Artisan 800 Series]

2008-04-06 23:00:00 188928 ------w-C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEMA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTrackingLEDM]

2009-08-05 00:21:58 30264 ------w- C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-11-13 08:24:58 421736 ------w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-06-17 19:13:36 2363392 ------w- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-03-26 17:52:24 1234216 ------w- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50:00 16744256 ------w-C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50:00 203072 ------w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoshopElements8SyncAgent]

2010-09-06 10:19:32 1945536 ------w- C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]

2011-01-17 19:41:43 8192 ------w- C:\Program Files\Xvid\CheckUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 mv91cons;Marvell 91xx Config Device Driver;C:\WINDOWS\system32\drivers\mv91cons.sys [10/9/2009 2:55:54 PM 20008]

R1 kl2;kl2;C:\WINDOWS\system32\drivers\kl2.sys [3/4/2011 1:23:20 PM 11352]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010 2:19:58 AM 169408]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [3/23/2010 4:28:06 AM 219360]

R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Backup Service;C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [9/16/2011 9:58:04 AM 2036224]

R2 cpuz135;cpuz135;C:\WINDOWS\system32\drivers\cpuz135_x32.sys [5/4/2011 4:28:06 PM 21992]

R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [6/24/2009 9:57:04 AM 136704]

R2 HPSIService;HP SI Service;C:\WINDOWS\system32\HPSIsvc.exe [3/27/2010 4:18:50 PM 99896]

R2 IconMan_R;IconMan_R;C:\Program Files\Sony\Drive Letter Recognition Software\RIconMan.exe [3/20/2011 1:16:14 PM 421888]

R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files\Marvell\raid\svc\mvraidsvc.exe [10/5/2009 10:01:30 AM 151552]

R2 MRUWebService;MRU Web Service;C:\Program Files\Marvell\raid\Apache2\bin\httpd.exe [4/8/2009 4:38:52 PM 24635]

R2 NAUpdate;@C:\Program Files\Nero\Update\NASvc.exe,-200;C:\Program Files\Nero\Update\NASvc.exe [3/25/2010 1:39:22 PM 490280]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\WINDOWS\system32\drivers\CT20XUT.sys [6/4/2009 2:46:34 AM 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\WINDOWS\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46:56 AM 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\WINDOWS\system32\drivers\CTHWIUT.sys [6/4/2009 2:46:42 AM 72792]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [3/10/2011 6:34:46 PM 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\system32\drivers\klmouflt.sys [11/2/2009 8:27:24 PM 19472]

R3 mvusbews;USB EWS Device;C:\WINDOWS\system32\drivers\mvusbews.sys [3/27/2010 4:16:59 PM 17408]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\WINDOWS\system32\drivers\nusb3hub.sys [9/25/2009 6:57:36 AM 56576]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\WINDOWS\system32\drivers\nusb3xhc.sys [9/25/2009 6:57:40 AM 138240]

S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [12/4/2010 3:34:44 PM 136176]

S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys --> C:\WINDOWS\system32\drivers\Ambfilt.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/24/2010 7:17:55 AM 79360]

S3 CT20XUT;CT20XUT;C:\WINDOWS\system32\drivers\CT20XUT.sys [6/4/2009 2:46:34 AM 171096]

S3 CTEXFIFX;CTEXFIFX;C:\WINDOWS\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46:56 AM 1324120]

S3 CTHWIUT;CTHWIUT;C:\WINDOWS\system32\drivers\CTHWIUT.sys [6/4/2009 2:46:42 AM 72792]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [12/4/2010 3:34:44 PM 136176]

S3 JMNP;JMNP;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JMNP.exe --> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\JMNP.exe [?]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sy s --> C:\WINDOWS\system32\drivers\mbamswissarmy.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\system32\C.tmp --> C:\WINDOWS\system32\C.tmp [?]

S3 motandroidusb;Mot ADB Interface Driver;C:\WINDOWS\system32\Drivers\motoandroid.sys --> C:\WINDOWS\system32\Drivers\motoandroid.sys [?]

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys --> C:\WINDOWS\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys --> C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys --> C:\WINDOWS\system32\DRIVERS\wdcsam.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11:44 451872 ------w- C:\Program Files\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2011-12-09 C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-GRAHAM-DBC226BA-Administrator.job

- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-07 00:55:20 . 2010-07-29 09:25:06]

2011-12-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57:16 . 2011-06-02 00:57:16]

2011-12-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04 23:34:44 . 2010-12-04 23:34:41]

2011-12-09 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-12-04 23:34:44 . 2010-12-04 23:34:41]

2011-12-09 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1647877149-725345543 -500.job

- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22:56 . 2011-08-11 22:22:56]

2011-12-09 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1647877149-72534 5543-500.job

- C:\Program Files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22:56 . 2011-08-11 22:22:56]

2011-12-09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{D198CA8E-CF8B-4F20-844B-6799DCB6 FDB7}.job

- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 11:31:54 . 2009-03-08 11:31:54]

------- Supplementary Scan -------

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel -C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - C:\Program Files\Opanda\IExif 2.3\IExifMap.htm

IE: View Exif/GPS/IPTC with IExif - C:\Program Files\Opanda\IExif 2.3\IExifCom.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} -hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1xv0e87j.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

- - - - ORPHANS REMOVED - - - -

HKLM-Run-WD Button Manager - WDBtnMgr.exe

SafeBoot-52598341.sys

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-FlashPlayerUpdate -C:\WINDOWS\system32\Macromed\Flash\FlashUtil10m_Plugin.exe

MSConfigStartUp-PlayOn - C:\Program Files\MediaMall\PlayOn.exe

MSConfigStartUp-PowerPanel Personal Edition User Interaction - C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe

MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe

MSConfigStartUp-RTHDCPL - RTHDCPL.EXE

MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Common Files\Java\Java Update\jusched.exe

MSConfigStartUp-TkBellExe - C:\Program Files\Real\RealPlayer\update\realsched.exe

1972vet · « **Reply #12 on:** December 09, 2011, 04:48:23 PM »

Can you post the entire log please?

As to the "virus" or "posting within the last 45 seconds" issue...the first relates most likely to something about the log you were trying to post. The other is genuinely accurate. If you have not waited a full minute before posting, after you log in, then the forum software will interrupt your effort and render that warning. It's part of the "Spam" protection which, by the way, works quite well huh?

sergei91 · « **Reply #13 on:** December 09, 2011, 05:59:44 PM »

Ran the scan again...here is the whole file

ComboFix 11-12-09.03 - Administrator 12/09/2011 15:12:21.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3259.2318 [GMT
-8:00]

Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated*
{2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *Disabled*
{2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\Administrator\Application
Data\Start\temp_BB40E0B5\flash.10.0.32.18.ocx

C:\Install.exe

c:\windows\system32\PowerToyReadme.htm

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09
)))))))))))))))))))))))))))))))

.

.

2011-12-09 19:43 . 2008-04-14 00:12 116224 -c--a-w-
c:\windows\system32\dllcache\xrxwiadr.dll

2011-12-09 19:43 . 2001-08-18 06:36 23040 -c--a-w-
c:\windows\system32\dllcache\xrxwbtmp.dll

2011-12-09 19:43 . 2008-04-14 00:12 18944 -c--a-w-
c:\windows\system32\dllcache\xrxscnui.dll

2011-12-09 19:43 . 2001-08-18 06:37 27648 -c--a-w-
c:\windows\system32\dllcache\xrxftplt.exe

2011-12-09 19:43 . 2001-08-18 06:37 4608 -c--a-w-
c:\windows\system32\dllcache\xrxflnch.exe

2011-12-09 19:42 . 2001-08-18 06:37 99865 -c--a-w-
c:\windows\system32\dllcache\xlog.exe

2011-12-09 19:42 . 2001-08-17 20:11 16970 -c--a-w-
c:\windows\system32\dllcache\xem336n5.sys

2011-12-09 19:42 . 2004-08-04 06:29 19455 -c--a-w-
c:\windows\system32\dllcache\wvchntxx.sys

2011-12-09 19:42 . 2008-04-13 18:46 19200 -c--a-w-
c:\windows\system32\dllcache\wstcodec.sys

2011-12-09 19:42 . 2004-08-04 06:29 12063 -c--a-w-
c:\windows\system32\dllcache\wsiintxx.sys

2011-12-09 19:41 . 2008-04-13 18:36 8832 -c--a-w-
c:\windows\system32\dllcache\wmiacpi.sys

2011-12-09 19:41 . 2004-08-04 06:31 154624 -c--a-w-
c:\windows\system32\dllcache\wlluc48.sys

2011-12-09 19:41 . 2001-08-17 20:12 34890 -c--a-w-
c:\windows\system32\dllcache\wlandrv2.sys

2011-12-09 19:39 . 2001-08-17 21:28 224802 -c--a-w-
c:\windows\system32\dllcache\usr1807a.sys

2011-12-09 19:38 . 2001-08-18 06:36 31744 -c--a-w-
c:\windows\system32\dllcache\tp4.dll

2011-12-09 19:37 . 2001-08-18 06:36 10240 -c--a-w-
c:\windows\system32\dllcache\swpdflt2.dll

2011-12-09 19:36 . 2001-08-17 20:10 35913 -c--a-w-
c:\windows\system32\dllcache\smcirda.sys

2011-12-09 19:35 . 2001-07-21 22:29 161568 -c--a-w-
c:\windows\system32\dllcache\sgsmusb.sys

2011-12-09 19:34 . 2001-08-17 22:56 182272 -c--a-w-
c:\windows\system32\dllcache\s3mt3d.dll

2011-12-09 19:33 . 2001-08-17 21:52 40320 -c--a-w-
c:\windows\system32\dllcache\ql1080.sys

2011-12-09 19:32 . 2001-08-17 20:11 30282 -c--a-w-
c:\windows\system32\dllcache\pcntn5hl.sys

2011-12-09 19:31 . 2001-08-17 20:50 198144 -c--a-w-
c:\windows\system32\dllcache\nv3.sys

2011-12-09 19:30 . 2001-08-17 22:56 35392 -c--a-w-
c:\windows\system32\dllcache\n9i128.dll

2011-12-09 19:29 . 2001-08-17 22:02 35200 -c--a-w-
c:\windows\system32\dllcache\msgame.sys

2011-12-09 19:29 . 2001-08-17 21:48 6016 -c--a-w-
c:\windows\system32\dllcache\msfsio.sys

2011-12-09 19:29 . 2008-04-13 18:46 51200 -c--a-w-
c:\windows\system32\dllcache\msdv.sys

2011-12-09 19:29 . 2001-08-17 21:52 17280 -c--a-w-
c:\windows\system32\dllcache\mraid35x.sys

2011-12-09 19:29 . 2008-04-13 18:46 15232 -c--a-w-
c:\windows\system32\dllcache\mpe.sys

2011-12-09 19:29 . 2001-08-17 21:57 16128 -c--a-w-
c:\windows\system32\dllcache\modemcsa.sys

2011-12-09 19:29 . 2001-08-17 21:52 6528 -c--a-w-
c:\windows\system32\dllcache\miniqic.sys

2011-12-09 19:29 . 2001-08-17 20:50 320384 -c--a-w-
c:\windows\system32\dllcache\mgaum.sys

2011-12-09 19:29 . 2001-08-17 22:56 235648 -c--a-w-
c:\windows\system32\dllcache\mgaud.dll

2011-12-09 19:29 . 2008-04-13 18:41 26112 -c--a-w-
c:\windows\system32\dllcache\memstpci.sys

2011-12-09 19:29 . 2001-08-18 06:36 47616 -c--a-w-
c:\windows\system32\dllcache\memgrp.dll

2011-12-09 19:27 . 2008-04-14 00:09 6144 -c--a-w-
c:\windows\system32\dllcache\kbd106.dll

2011-12-09 19:27 . 2001-08-17 22:55 5632 -c--a-w-
c:\windows\system32\dllcache\kbd103.dll

2011-12-09 19:27 . 2001-08-17 22:55 6144 -c--a-w-
c:\windows\system32\dllcache\kbd101c.dll

2011-12-09 19:27 . 2001-08-17 22:55 6144 -c--a-w-
c:\windows\system32\dllcache\kbd101b.dll

2011-12-09 19:27 . 2001-08-17 21:49 26624 -c--a-w-
c:\windows\system32\dllcache\irstusb.sys

2011-12-09 19:27 . 2001-08-17 21:51 18688 -c--a-w-
c:\windows\system32\dllcache\irsir.sys

2011-12-09 19:27 . 2001-08-17 21:49 23552 -c--a-w-
c:\windows\system32\dllcache\irmk7.sys

2011-12-09 19:27 . 2001-08-17 20:12 45632 -c--a-w-
c:\windows\system32\dllcache\ip5515.sys

2011-12-09 19:27 . 2001-08-18 06:36 90200 -c--a-w-
c:\windows\system32\dllcache\io8ports.dll

2011-12-09 19:27 . 2008-04-13 18:40 5504 -c--a-w-
c:\windows\system32\dllcache\intelide.sys

2011-12-09 19:27 . 2001-08-17 21:50 38784 -c--a-w-
c:\windows\system32\dllcache\io8.sys

2011-12-09 19:27 . 2001-08-17 21:47 13056 -c--a-w-
c:\windows\system32\dllcache\inport.sys

2011-12-09 19:27 . 2001-08-17 21:52 16000 -c--a-w-
c:\windows\system32\dllcache\ini910u.sys

2011-12-09 19:25 . 2001-08-17 21:28 488383 -c--a-w-
c:\windows\system32\dllcache\hsf_v124.sys

2011-12-09 19:24 . 2001-08-17 21:52 5760 -c--a-w-
c:\windows\system32\dllcache\hpt4qic.sys

2011-12-09 19:23 . 2001-08-17 20:15 442240 -c--a-w-
c:\windows\system32\dllcache\fpnpbase.sys

2011-12-09 19:22 . 2001-08-17 20:11 455199 -c--a-w-
c:\windows\system32\dllcache\el985n51.sys

2011-12-09 19:21 . 2001-08-17 20:17 29531 -c--a-w-
c:\windows\system32\dllcache\dgapci.sys

2011-12-09 19:20 . 2001-08-17 20:13 980034 -c--a-w-
c:\windows\system32\dllcache\cicap.sys

2011-12-09 19:19 . 2001-08-17 21:51 13824 -c--a-w-
c:\windows\system32\dllcache\bulltlp3.sys

2011-12-09 19:18 . 2001-08-17 22:55 96128 -c--a-w-
c:\windows\system32\dllcache\ati.dll

2011-12-09 19:17 . 2001-08-17 22:56 66048 -c--a-w-
c:\windows\system32\dllcache\s3legacy.dll

2011-12-08 03:15 . 2011-12-08 03:15 -------- d-----w-
c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-12-08 03:14 . 2011-12-08 03:14 -------- d-----w-
c:\documents and settings\All Users\Application Data\Malwarebytes

2011-12-08 03:13 . 2011-12-09 18:14 -------- d-----w-
c:\program files\Malwarebytes' Anti-Malware

2011-12-07 17:35 . 2011-12-07 17:35 -------- d-----w-
c:\documents and settings\All Users\Application Data\F-Secure

2011-12-07 08:50 . 2011-12-07 10:07 115369 ----a-w-
c:\windows\system32\drivers\klin.dat

2011-12-07 08:50 . 2011-12-07 10:07 97961 ----a-w-
c:\windows\system32\drivers\klick.dat

2011-12-07 08:41 . 2011-12-07 08:41 -------- d-----w-
c:\program files\Kaspersky Lab

2011-12-07 08:41 . 2011-12-09 23:07 -------- d-----w-
c:\documents and settings\All Users\Application Data\Kaspersky Lab

2011-12-07 08:29 . 2011-12-07 17:22 -------- d-----w-
c:\documents and settings\Administrator\Local Settings\Application Data\NPE

2011-12-06 15:13 . 2011-12-09 17:07 -------- d-----w-
c:\program files\Sophos

2011-12-06 01:26 . 2011-12-06 01:27 22032 ----a-w-
c:\windows\DCEBoot.exe

2011-12-05 02:02 . 2011-12-09 19:06 -------- d-----w-
c:\documents and settings\All Users\Application Data\SecTaskMan

2011-11-26 22:42 . 2011-12-06 19:37 -------- d-----w-
C:\kleaner.tmp

2011-11-26 22:32 . 2011-11-26 22:32 -------- d-----w-
c:\program files\iPod

2011-11-26 07:27 . 2011-11-26 16:13 -------- d-----w-
c:\documents and settings\All Users\Application Data\Spybot - Search &
Destroy

2011-11-26 07:25 . 2011-11-26 16:15 -------- d-----w-
c:\program files\Spybot - Search & Destroy 2

2011-11-25 23:39 . 2011-11-26 00:16 -------- d-----w-
c:\documents and settings\Scott

2011-11-25 23:10 . 2011-11-25 23:10 -------- d-----w-
C:\Western Digital

2011-11-25 22:57 . 2011-11-25 23:26 -------- d-----w-
c:\documents and settings\Scott's Home

2011-11-25 22:43 . 2011-11-25 22:43 -------- d-----w-
c:\windows\system32\wbem\Repository

2011-11-25 21:53 . 2011-11-25 22:41 -------- d-s---w-
c:\documents and settings\TEMP

2011-11-24 22:55 . 2011-11-24 22:55 0 ---h--w-
c:\documents and settings\Administrator\Local Settings\Application
Data\BITC.tmp

2011-11-24 21:33 . 2011-10-08 04:50 298304 ------w-
c:\windows\system32\nvsvc32.exe

2011-11-24 21:33 . 2011-10-08 04:50 220992 ------w-
c:\windows\system32\nvcolor.exe

2011-11-24 21:33 . 2011-10-08 04:50 203072 ------w-
c:\windows\system32\nvmctray.dll

2011-11-24 21:33 . 2011-10-08 04:50 16744256 ------w-
c:\windows\system32\nvcpl.dll

2011-11-24 21:33 . 2011-10-08 04:50 602432 ------w-
c:\windows\system32\easyupdatusapiu.dll

2011-11-24 21:33 . 2011-10-08 04:50 54272 ------w-
c:\windows\system32\nvwddi.dll

2011-11-24 21:33 . 2011-11-24 21:33 285176 ------w-
c:\windows\system32\nvdrsdb0.bin

2011-11-24 21:33 . 2011-11-24 21:33 1 ------w-
c:\windows\system32\nvdrssel.bin

2011-11-24 21:33 . 2011-11-24 21:33 285176 ------w-
c:\windows\system32\nvdrsdb1.bin

2011-11-24 18:59 . 2011-11-24 18:59 -------- d-----w-
c:\program files\SystemRequirementsLab

2011-11-24 18:59 . 2011-11-24 18:59 -------- d-----w-
c:\documents and settings\Administrator\Application
Data\SystemRequirementsLab

2011-11-19 22:21 . 2011-11-26 00:59 -------- d-----w-
c:\documents and settings\Administrator\Local Settings\Application
Data\eSupport.com

2011-11-19 19:06 . 2011-12-04 21:50 -------- d-----w-
c:\documents and settings\All Users\Application Data\Carbonite

2011-11-19 19:06 . 2011-12-04 21:50 -------- d-----w-
c:\program files\Carbonite

2011-11-10 03:38 . 2011-12-09 18:41 -------- d-----w-
c:\documents and settings\Administrator\Local Settings\Application
Data\Akamai

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-15 18:28 . 2011-06-07 15:56 414368 ------w-
c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-16 03:32 . 2010-03-24 15:17 445016 ------w-
c:\windows\system32\wrap_oal.dll

2011-10-16 03:32 . 2010-03-24 15:17 109144 ------w-
c:\windows\system32\OpenAL32.dll

2011-10-10 14:22 . 2010-03-22 16:02 692736 ------w-
c:\windows\system32\inetcomm.dll

2011-10-03 13:06 . 2010-05-02 16:55 472808 ----a-w-
c:\windows\system32\deployJava1.dll

2011-10-03 10:37 . 2010-04-02 03:08 73728 ----a-w-
c:\windows\system32\javacpl.cpl

2011-09-28 07:06 . 2004-08-04 12:00 599040 ------w-
c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2008-07-30 02:59 611328 ------w-
c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2004-08-04 12:00 220160 ------w-
c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2004-08-04 12:00 20480 ------w-
c:\windows\system32\oleaccrc.dll

2011-01-22 16:06 . 2011-01-22 16:06 289592 ------w- c:\program
files\mozilla firefox\plugins\ieatgpc.dll

2011-11-27 23:15 . 2011-03-30 03:08 134104 ------w- c:\program
files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-10-30 02:04 1005712 ------r- c:\program
files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-10-30 02:04 1005712 ------r- c:\program
files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-10-30 02:04 1005712 ------r- c:\program
files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ------w- c:\documents and
settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ------w- c:\documents and
settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ------w- c:\documents and
settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell
iconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ------w- c:\documents and
settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CompanionLink"="c:\program files\companionlink\companionlink.exe"
[2010-12-01 21806592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe"
[2009-08-05 346320]

"MRUTray"="c:\program files\Marvell\raid\tray\MarvellTray.exe" [2009-10-09
741376]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller
Driver\Application\nusb3mon.exe" [2009-09-25 106496]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe"
[2008-05-07 591696]

"WD Button Manager"="WDBtnMgr.exe" [BU]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application
Support\APSDaemon.exe" [2011-09-27 59240]

"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-06 25600]

"Carbonite Backup"="c:\program files\Carbonite\Carbonite
Backup\CarboniteUI.exe" [2011-10-30 1063056]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-10-08 203072]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08
1632360]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13
421736]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security
2012\avp.exe" [2011-04-25 202296]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX
.exe" [2011-03-04 233936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste
m]

"EnableLinkedConnections"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell
ExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop
Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010
00.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start
Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Administrator\Start
Menu\Programs\Startup\Dropbox.lnk

backupExtension=.Startup

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^iSyncr WiFi.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\iSyncr
WiFi.lnk

backup=c:\windows\pss\iSyncr WiFi.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start
Menu^Programs^Startup^Windows Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows
Search.lnk

backup=c:\windows\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Adobe ARM]

2011-06-06 19:55 937920 ------w- c:\program files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Adobe Reader Speed Launcher]

c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-07-29 09:25 497648 ------w- c:\program files\Common
Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\AdobeCS5ServiceManager]

2010-07-23 06:10 402432 ------w- c:\program files\Common
Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\CreativeTaskScheduler]

2006-11-18 00:42 53341 ------w- c:\program
files\Creative\Shared Files\CTSched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ------w-
c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\EPSON Artisan 800 Series]

2008-04-06 23:00 188928 ------w-
c:\windows\system32\spool\drivers\w32x86\3\E_FATIEMA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\FlashPlayerUpdate]

c:\windows\system32\Macromed\Flash\FlashUtil10m_Plugin.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\HPUsageTrackingLEDM]

2009-08-05 00:21 30264 ------w- c:\program files\HP\HP UT
LEDM\bin\hppusg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\iTunesHelper]

2011-11-13 08:24 421736 ------w- c:\program
files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\LightScribe Control Panel]

2009-06-17 19:13 2363392 ------w- c:\program
files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NBAgent]

2010-03-26 17:52 1234216 ------w- c:\program
files\Nero\Nero 10\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NvCplDaemon]

2011-10-08 04:50 16744256 ------w-
c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\NvMediaCenter]

2011-10-08 04:50 203072 ------w-
c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PhotoshopElements8SyncAgent]

2010-09-06 10:19 1945536 ------w- c:\program
files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PlayOn]

c:\program files\MediaMall\PlayOn.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PowerPanel Personal Edition User Interaction]

c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\QuickTime Task]

c:\program files\QuickTime\QTTask.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\RTHDCPL]

RTHDCPL.EXE [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\SunJavaUpdateSched]

c:\program files\Common Files\Java\Java Update\jusched.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\TkBellExe]

c:\program files\Real\RealPlayer\update\realsched.exe [BU]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\Xvid]

2011-01-17 19:41 8192 ------w- c:\program
files\Xvid\CheckUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security
center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth
orizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application
Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Documents and Settings\\Administrator\\Application
Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 mv91cons;Marvell 91xx Config Device
Driver;c:\windows\system32\drivers\mv91cons.sys [10/9/2009 2:55 PM 20008]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 1:23 PM 11352]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program
files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [9/6/2010
2:19 AM 169408]

R2 BCUService;Browser Configuration Utility Service;c:\program
files\DeviceVM\Browser Configuration Utility\BCUService.exe [3/23/2010 4:28
AM 219360]

R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Backup
Service;c:\program files\Carbonite\Carbonite Mirror
Image\CarboniteMirrorImage.exe [9/16/2011 9:58 AM 2036224]

R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5/4/2011
4:28 PM 21992]

R2 HP LaserJet Service;HP LaserJet Service;c:\program
files\HP\HPLaserJetService\HPLaserJetService.exe [6/24/2009 9:57 AM 136704]

R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [3/27/2010 4:18
PM 99896]

R2 IconMan_R;IconMan_R;c:\program files\Sony\Drive Letter Recognition
Software\RIconMan.exe [3/20/2011 1:16 PM 421888]

R2 Marvell RAID;Marvell RAID Event Agent;c:\program
files\Marvell\raid\svc\mvraidsvc.exe [10/5/2009 10:01 AM 151552]

R2 MRUWebService;MRU Web Service;c:\program
files\Marvell\raid\Apache2\bin\httpd.exe [4/8/2009 4:38 PM 24635]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program
files\Nero\Update\NASvc.exe [3/25/2010 1:39 PM 490280]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009
2:46 AM 171096]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys
[6/4/2009 2:46 AM 1324120]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009
2:46 AM 72792]

R3 klim5;Kaspersky Anti-Virus NDIS
Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys
[11/2/2009 8:27 PM 19472]

R3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys
[3/27/2010 4:16 PM 17408]

R3 nusb3hub;NEC Electronics USB 3.0 Hub
Driver;c:\windows\system32\drivers\nusb3hub.sys [9/25/2009 6:57 AM 56576]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller
Driver;c:\windows\system32\drivers\nusb3xhc.sys [9/25/2009 6:57 AM 138240]

S2 gupdate;Google Update Service (gupdate);c:\program
files\Google\Update\GoogleUpdate.exe [12/4/2010 3:34 PM 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys -->
c:\windows\system32\drivers\Ambfilt.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing
Service;c:\program files\Common Files\Creative Labs
Shared\Service\CTAELicensing.exe [3/24/2010 7:17 AM 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [6/4/2009 2:46 AM
171096]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [6/4/2009 2:46
AM 1324120]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [6/4/2009 2:46 AM
72792]

S3 gupdatem;Google Update Service (gupdatem);c:\program
files\Google\Update\GoogleUpdate.exe [12/4/2010 3:34 PM 136176]

S3 JMNP;JMNP;c:\docume~1\ADMINI~1\LOCALS~1\Temp\JMNP.exe -->
c:\docume~1\ADMINI~1\LOCALS~1\Temp\JMNP.exe [?]

S3
MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sy
s --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\C.tmp -->
c:\windows\system32\C.tmp [?]

S3 motandroidusb;Mot ADB Interface
Driver;c:\windows\system32\Drivers\motoandroid.sys -->
c:\windows\system32\Drivers\motoandroid.sys [?]

S3 motccgp;Motorola USB Composite Device
Driver;c:\windows\system32\DRIVERS\motccgp.sys -->
c:\windows\system32\DRIVERS\motccgp.sys [?]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys -->
c:\windows\system32\DRIVERS\motccgpfl.sys [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys
--> c:\windows\system32\DRIVERS\wdcsam.sys [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed
components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-06-17 19:11 451872 ------w- c:\program files\Common
Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-09
c:\windows\Tasks\AdobeAAMUpdater-1.0-GRAHAM-DBC226BA-Administrator.job

- c:\program files\Common
Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-07 09:25]

.

2011-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02
00:57]

.

2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 23:34]

.

2011-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 23:34]

.

2011-12-09
c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-1647877149-725345543
-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]

.

2011-12-09
c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-1647877149-72534
5543-500.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-08-11 22:22]

.

2011-12-09
c:\windows\Tasks\User_Feed_Synchronization-{D198CA8E-CF8B-4F20-844B-6799DCB6
FDB7}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet
Security 2012\ie_banner_deny.htm

IE: E&xport to Microsoft Excel -
c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Locate Spot on Map by GPS - c:\program files\Opanda\IExif
2.3\IExifMap.htm

IE: View Exif/GPS/IPTC with IExif - c:\program files\Opanda\IExif
2.3\IExifCom.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 192.168.1.1 68.238.64.12

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} -
hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\documents and settings\Administrator\Application
Data\Mozilla\Firefox\Profiles\1xv0e87j.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net

Rootkit scan 2011-12-09 15:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

CTxfiHlp = CTXFIHLP.EXE?

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\C.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,
15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,5f,f6,71,be,d2,40,49,81,c7,8e,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,
15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,5f,f6,71,be,d2,40,49,81,c7,8e,\

.

[HKEY_USERS\S-1-5-21-515967899-1647877149-725345543-500\Software\Microsoft\I
nternet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,
15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,20,a2,94,a5,fa,58,2a,4b,a4,c2,ef,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,
15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,35,af,a1,d5,74,9c,f7,45,af,1e,34,\

.

--------------------- DLLs Loaded Under Running Processes
---------------------

.

- - - - - - - > 'explorer.exe'(2216)

c:\windows\system32\WININET.dll

c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

c:\documents and settings\Administrator\Application
Data\Dropbox\bin\DropboxExt.14.dll

c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-12-09 15:22:20

ComboFix-quarantined-files.txt 2011-12-09 23:22

.

Pre-Run: 692,202,123,264 bytes free

Post-Run: 692,182,577,152 bytes free

.

- - End Of File - - 74C626A2FF8B90F0CCE020B30FE40C77

Delete ReplyReply ForwardSpamMovePrint Actions

Again, i can't post via my PC to website, so its not a 45 second spam thing, the forum must see malware and block me from posting!

1972vet · « **Reply #14 on:** December 10, 2011, 08:19:51 AM »

Please don't run combofix unless it is instructed here. We now have two logs to deal with...and I still need to see the first one. Instead of copying and pasting, just upload it instead. Look for that log here:
C:\combofix2.txt
...that text file is from the first combofix scan. Please upload that one. Thanks!

News:

Author Topic: [Resolved] I'm stumped major comp slow down, HijackThis log included (Read 2423 times)

sergei91

[Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

sergei91

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included

1972vet

Re: [Resolved] I'm stumped major comp slow down, HijackThis log included