Double check

[techgranny]

Hello all;
I see some entries that I would like to fix but since this is not my computer I would feel better if the experts could take a quick peek and advise.

[year+ old attachment deleted by admin]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Why do you want to fix some lines. Are you experiencing problems?

[techgranny]

Yes. The startup and shutdown are too long. Also, much of the time during use the computer would get unbelievable slow. I have run a number of Malware programs and everything appears to be clean now. I have run the manufacturers diagnostics on the harddrive and I believe it found and fixed a few bad spots and repaired them and it has now passed. Now I am just cleaning up invalid entries from improper uninstalls and infections.

[techgranny]

My bad!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099601191280
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\UTILITIES\New Folder\SASWINLO.DLL (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

[SuperDave]

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.

Why did you post that last log from HiJackThis?

[techgranny]

I noticed the sticky by DragonMaster Jay and thought I did wrong by attaching it the first time. I am very confused now!

[SuperDave]

I noticed the sticky by DragonMaster Jay and thought I did wrong by attaching it the first time. I am very confused now!

Don't be. HiJackThis is a older scanner that we no longer use very much. There are other scanners that are much more efficient.

[techgranny]

Startup Lite is showing only SOUNDMAN and CTFMON.EXE which she would like to keep on the startup. The ones I was looking to remove are the four which say (file missing) or (no file) BHO Worm Radar, BHO no name, 020 SASWinLogon and 023 ArcSoft Connect.
I know it seems like a bit of a no brainer but I just needed to be sure. Do I need to disable the desirable ones to proceed?
Oh, you just posted while I was typing. What is more commonly used now?

[SuperDave]

What is more commonly used now

I usually start with DDS but other people use different scanners.
Do you wish for me to check this computer for other malware?

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\UTILITIES\New Folder\SASWINLO.DLL (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.
***********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[techgranny]

Hi Dave; I disabled the last two startup items just to see what happened and it still takes about 7 minutes for Windows to load so I put them back on.
I ran  SAS , Malwarebytes and the Microsoft Malicious Software Tool Jan/2012 before HJT.
Three of the entries in HJT were cleared up but 023-Service: ArcSoft.... wouldn't fix.
Here are... Results of screen317's Security Check version 0.99.30 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
 SUPERAntiSpyware     
 CCleaner     
 Java 2 Runtime Environment, SE v1.4.2_05
  Adobe Flash Player    10.0.45.2 Flash Player out of Date! 
 Adobe Reader X (10.1.2)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
``````````End of Log````````````

I have tryed a number of times to update the Flash Player and it says it is successful but the Security Check says otherwise.

[SuperDave]

Looking over your log it seems you don't have any antivirus software.

Before we continue download and install a free antivirus.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
4-a) Microsoft Security Essentials for Windows XP
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

[techgranny]

I installed Avast and ran a full scan. Just 1 PUP found and moved to chest.

[SuperDave]

I installed Avast and ran a full scan. Just 1 PUP found and moved to chest.

Do you want to continue cleaning the computer?

[techgranny]

The original problem still exists and if it might be Malware I have run out of ideas about what to run next. If you could suggest something that would be great!

[SuperDave]

Ok. Let's do a full cleaning.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
**********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*******************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[techgranny]

Well, here they are. Yes much more detail than HJT!

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Person at 20:11:49 on 2012-01-17
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\utilities\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\utilities\avast software\avast\aswWebRepIE.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avast] "c:\program files\utilities\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_02\bin\npjpi150_02.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099601191280
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C237B8FC-8185-442C-A9BB-72AD6590AC4A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F3626ADA-0E3F-4A7D-8D4D-33E2CD9A1977} : DhcpNameServer = 192.168.0.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: !SASWinLogon - c:\program files\utilities\sas\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\utilities\sas\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CompFilter;UVCCompositeFilter
R? MatSvc;Microsoft Automated Troubleshooting Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AR9271;Wireless Network Adapter Service
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2012-01-17 01:19:29   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-01-17 01:18:23   41184   ----a-w-   c:\windows\avastSS.scr
2012-01-17 01:16:56   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2012-01-15 16:38:15   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-12 19:57:11   --------   d-----w-   c:\documents and settings\person\local settings\application data\FixItCenter
2012-01-12 19:49:40   --------   d-----w-   c:\windows\MATS
2012-01-12 19:49:37   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-01-12 03:32:41   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-12 03:18:23   1668352   ----a-r-   c:\windows\system32\drivers\athuw.sys
2012-01-10 20:24:29   1334784   ----a-w-   c:\windows\system32\athur.sys
2012-01-10 20:24:07   --------   d-----w-   c:\documents and settings\all users\application data\TP-LINK
2012-01-10 05:58:31   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2012-01-08 19:23:55   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2012-01-08 19:23:55   21504   ----a-w-   c:\windows\system32\hidserv.dll
2012-01-08 19:23:41   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-08 19:23:41   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-03 13:10:44   182672   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2012-01-15 23:05:17   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-27 01:32:47   22   ----a-w-   c:\windows\system32\syoepk_lib0.dll
2011-11-25 21:57:19   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35:08   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21:44   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21:44   152064   ----a-w-   c:\windows\system32\schannel.dll
2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-03 15:28:36   386048   ----a-w-   c:\windows\system32\qdvd.dll
2011-11-03 15:28:36   1292288   ----a-w-   c:\windows\system32\quartz.dll
2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31:48   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2004-11-08 02:03:57   487544   -c--a-w-   c:\program files\msgr6suite.exe
2004-11-06 15:15:48   1418304   -c--a-w-   c:\program files\j2re-1_4_2_05-windows-i586-p-iftw.exe
.
============= FINISH: 20:21:15.50 ===============

==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
CameraHelperMsi
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
DVD Shrink 3.2
DVD Suite
Efficient Networks SpeedStream DSL
Enable S3 for USB Device
erLT
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer (Enable DEP)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_05
Kodak EasyShare software
Lexmark X6100 Series
LG ODD Auto Firmware Update
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.0.1800
MegaCam
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Windows Journal Viewer
MPIO Software Installation
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
Nero 7 Essentials
neroxml
netbrdg
OfotoXMI
PhotoCardMaker 1.0.3
PowerDVD
PowerProducer
Print to Fax
Pure Networks Network Magic
QuickTax 2007
QuickTime
Realtek AC'97 Audio
SeaTools for Windows
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Skype Toolbars
Skype™ 5.5
Speccy
staticcr
SUPERAntiSpyware
TurboTax 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
ViviCam 3350
VPRINTOL
WebFldrs XP
Windows Driver Package - (mr7910) Image  (08/08/2006 1.4.0.0)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WIRELESS
.
==== End Of File ===========================

[SuperDave]

Download Combofix from any of the links below, and save it to your desktop. 

Link 1
Link 2
Link 3

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

[techgranny]

ComboFix 12-01-18.04 - Person 01/18/2012  23:56:05.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.79 [GMT -5:00]
Running from: c:\documents and settings\Person\Desktop\PCHelpForum.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Person\Recent\Thumbs.db
c:\program files\INSTALL.LOG
c:\windows\alcrmv.exe
c:\windows\system32\ClientSyncLoader.en_US.htm
c:\windows\system32\ClientSyncLoader.fr_CA.htm
c:\windows\system32\ClientSyncLoader.htm
c:\windows\system32\ClientSyncLoaderDriver.en_US.htm
c:\windows\system32\ClientSyncLoaderDriver.fr_CA.htm
c:\windows\system32\ClientSyncLoaderDriver.htm
c:\windows\system32\SET54.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\syoepk_lib0.dll
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-19 to 2012-01-19  )))))))))))))))))))))))))))))))
.
.
2012-01-19 03:25 . 2012-01-19 03:25   --------   d-----w-   c:\documents and settings\Person\Application Data\VOS
2012-01-17 01:19 . 2011-11-28 17:53   314456   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2012-01-17 01:19 . 2011-11-28 17:51   20568   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2012-01-17 01:19 . 2011-11-28 17:52   34392   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2012-01-17 01:19 . 2011-11-28 17:52   52952   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2012-01-17 01:19 . 2011-11-28 17:53   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-01-17 01:19 . 2011-11-28 17:52   111320   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2012-01-17 01:19 . 2011-11-28 17:51   105176   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2012-01-17 01:19 . 2011-11-28 17:48   30808   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2012-01-17 01:18 . 2011-11-28 18:01   41184   ----a-w-   c:\windows\avastSS.scr
2012-01-17 01:18 . 2011-11-28 18:01   199816   ----a-w-   c:\windows\system32\aswBoot.exe
2012-01-17 01:16 . 2012-01-17 01:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\AVAST Software
2012-01-15 16:38 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-12 19:57 . 2012-01-12 19:57   --------   d-----w-   c:\documents and settings\Person\Local Settings\Application Data\FixItCenter
2012-01-12 19:49 . 2012-01-12 19:49   --------   d-----w-   c:\windows\MATS
2012-01-12 19:49 . 2012-01-12 19:49   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-01-12 03:32 . 2012-01-12 03:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-01-12 03:18 . 2009-07-09 04:24   1668352   ----a-r-   c:\windows\system32\drivers\athuw.sys
2012-01-10 20:24 . 2009-07-08 21:39   1334784   ----a-w-   c:\windows\system32\athur.sys
2012-01-10 20:24 . 2012-01-10 20:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\TP-LINK
2012-01-10 05:58 . 2012-01-10 05:58   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2012-01-08 19:23 . 2008-04-14 01:11   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2012-01-08 19:23 . 2008-04-14 01:11   21504   ----a-w-   c:\windows\system32\hidserv.dll
2012-01-08 19:23 . 2008-04-13 19:39   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-08 19:23 . 2008-04-13 19:39   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-03 13:10 . 2012-01-03 13:10   182672   ----a-w-   c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-15 23:05 . 2011-08-14 13:57   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57 . 2001-08-23 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2001-08-23 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2001-08-23 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-11-04 20:48   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2001-08-23 12:00   152064   ----a-w-   c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2004-01-08 20:23   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 05:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-03 15:28 . 2001-08-23 12:00   386048   ----a-w-   c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2001-08-23 12:00   1292288   ----a-w-   c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-11-04 21:05   1288704   ----a-w-   c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-08-23 12:00   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2001-08-23 12:00   2148864   ----a-w-   c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48   2027008   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2004-11-08 02:03 . 2004-11-08 02:03   487544   -c--a-w-   c:\program files\msgr6suite.exe
2004-11-06 15:15 . 2004-11-06 15:15   1418304   -c--a-w-   c:\program files\j2re-1_4_2_05-windows-i586-p-iftw.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01   122512   ----a-w-   c:\program files\UTILITIES\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"avast"="c:\program files\UTILITIES\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\UTILITIES\SAS\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\UTILITIES\SAS\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-09-13 02:10   335872   ----a-w-   c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 19:54   1057064   ----a-w-   c:\program files\Nero\Nero 7\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-12-21 01:54   278528   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-01-09 03:17   52256   ----a-w-   c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X6100 Series]
2003-09-23 06:01   57344   ----a-w-   c:\program files\Lexmark X6100 Series\lxbfbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
2008-12-21 19:04   548864   ----a-w-   c:\program files\lg_fwupdate\fwupdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-05-11 21:43   6061400   ----a-w-   c:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid HD]
2010-05-11 21:43   6061400   ----a-w-   c:\program files\Logitech\Vid\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 23:35   165208   ----a-w-   c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 10:50   155648   ----a-w-   c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57   153136   ----a-w-   c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmapp]
2006-05-01 20:27   1042000   ----a-w-   c:\program files\Pure Networks\Network Magic\nmapp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
2003-03-11 21:24   86016   ----a-w-   c:\program files\Intel\NCS\PROSet\PRONoMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-01-11 00:14   155648   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-15 02:01   71216   ------w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 19:54   1629480   ----a-w-   c:\program files\Nero\Nero 7\InCD\NBHGui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27   17351304   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-03-04 07:36   36975   ----a-w-   c:\program files\Java\jre1.5.0_02\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Logitech\\Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/16/2012 8:19 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/16/2012 8:19 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\UTILITIES\SAS\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\UTILITIES\SAS\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/16/2012 8:19 PM 20568]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [1/11/2012 10:18 PM 1668352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 4:58 PM 20704]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-19 00:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\UTILITIES\SAS\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-01-19  00:26:39
ComboFix-quarantined-files.txt  2012-01-19 05:26
.
Pre-Run: 53,560,512,512 bytes free
Post-Run: 53,666,136,064 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 77341268BC39A03A70507E78BDC11F0F
Very interesting!

[SuperDave]

Please run SAS and MBAM as outlined in Reply # 14 and post the logs.

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[techgranny]

Well here are the results but they don't seem to be much help. This computer just refuses to give up it's secrets!

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/19/2012 at 06:31 PM

Application Version : 5.0.1142

Core Rules Database Version : 8146
Trace Rules Database Version: 5958

Scan type       : Complete Scan
Total Scan Time : 02:44:51

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 447
Memory threats detected   : 0
Registry items scanned    : 38326
Registry threats detected : 0
File items scanned        : 79977
File threats detected     : 14

Adware.Tracking Cookie
   C:\Documents and Settings\Person\Cookies\29XZ0M96.txt [ /ad.yieldmanager.com ]
   C:\Documents and Settings\Person\Cookies\Q51ZN7SW.txt [ /apmebf.com ]
   C:\Documents and Settings\Person\Cookies\G6PSUHHF.txt [ /microsoftwllivemkt.112.2o7.net ]
   C:\Documents and Settings\Person\Cookies\IK71W1Z2.txt [ /revsci.net ]
   C:\Documents and Settings\Person\Cookies\JGXL2W20.txt [ /bellcan.adbureau.net ]
   C:\Documents and Settings\Person\Cookies\HCFL9ZLZ.txt [ /mm.chitika.net ]
   C:\Documents and Settings\Person\Cookies\H7KW3SRS.txt [ /atdmt.com ]
   C:\Documents and Settings\Person\Cookies\TCQNW1MW.txt [ /kontera.com ]
   C:\Documents and Settings\Person\Cookies\D0CX04SI.txt [ /doubleclick.net ]
   C:\Documents and Settings\Person\Cookies\B1MUYBL1.txt [ /mediaplex.com ]
   C:\Documents and Settings\Person\Cookies\PBNU4GE8.txt [ /legolas-media.com ]
   C:\Documents and Settings\Person\Cookies\9SO8DYMV.txt [ /imrworldwide.com ]
   C:\Documents and Settings\Person\Cookies\QX1ILAAD.txt [ /yieldmanager.net ]
   C:\Documents and Settings\Person\Cookies\5GVBIM7D.txt [ /h.atdmt.com ]

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.19.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Person :: MINE [administrator]

1/19/2012 7:30:51 PM
mbam-log-2012-01-19 (19-30-51).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 243195
Time elapsed: 1 hour(s), 50 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: ADC64000
Module End: ADC7C000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F8A4D000
Module End: F8A4F000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAddBootEntry
Address: B1F0BFC4
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory
Address: B1F8B510
Driver Base: B1F81000
Driver End: B1FCC000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwClose
Address: B1F2F6A9
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent
Address: B1F0E456
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair
Address: B1F0E4AE
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion
Address: B1F0E5C4
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey
Address: B1F2F05D
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant
Address: B1F0E3AC
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection
Address: B1F0E4FE
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore
Address: B1F0E400
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer
Address: B1F0E572
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry
Address: B1F0BFE8
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey
Address: B1F2FD6F
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey
Address: B1F30025
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject
Address: B1F0E848
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey
Address: B1F2FBDA
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey
Address: B1F2FA45
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory
Address: B1F8B5C0
Driver Base: B1F81000
Driver End: B1FCC000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver
Address: B1F0BDB2
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry
Address: B1F0C00C
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey
Address: B1F0E9BC
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys
Address: B1F0CAA4
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent
Address: B1F0E486
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair
Address: B1F0E4D6
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion
Address: B1F0E5EE
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey
Address: B1F2F3B9
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant
Address: B1F0E3D8
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess
Address: B1F0E680
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection
Address: B1F0E53E
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore
Address: B1F0E42E
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread
Address: B1F0E764
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer
Address: B1F0E59C
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory
Address: B1F8B658
Driver Base: B1F81000
Driver End: B1FCC000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey
Address: B1F2F8C0
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject
Address: B1F0C96A
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey
Address: B1F2F712
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey
Address: B1F939E6
Driver Base: B1F81000
Driver End: B1FCC000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey
Address: B1F2E6D0
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder
Address: B1F0C030
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions
Address: B1F0C054
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation
Address: B1F0BE0C
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState
Address: B1F0BF48
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey
Address: B1F2FE76
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem
Address: B1F0BF24
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl
Address: B1F0BF6C
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwVdmControl
Address: B1F0C078
Driver Base: B1EF9000
Driver End: B1F66000
Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwCreateProcessEx
At Address: 8058B9EC
Jump To: B1F9F7A6
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObMakeTemporaryObject
At Address: 805AD1E0
Jump To: B1F9C69C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject
At Address: 8056DA64
Jump To: B1F9E15C
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: MINE.CGOCABLE.NET:2869
Remote Address: 192.168.0.1:2089
Type: TCP
Process: System
State: CLOSE_WAIT

Local Address: MINE.CGOCABLE.NET:1453
Remote Address: 192.168.0.1:HTTP
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: ESTABLISHED

Local Address: MINE.CGOCABLE.NET:1450
Remote Address: 192.168.0.1:HTTP
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: ESTABLISHED

Local Address: MINE.CGOCABLE.NET:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MINE:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MINE:12995
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12993
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12563
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12465
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12143
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12119
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12110
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12080
Remote Address: LOCALHOST:1452
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: ESTABLISHED

Local Address: MINE:12080
Remote Address: LOCALHOST:1449
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: ESTABLISHED

Local Address: MINE:12080
Remote Address: LOCALHOST:1227
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: ESTABLISHED

Local Address: MINE:12080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:12025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\UTILITIES\AVAST Software\Avast\AvastSvc.exe
State: LISTENING

Local Address: MINE:1452
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
State: ESTABLISHED

Local Address: MINE:1449
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
State: ESTABLISHED

Local Address: MINE:1227
Remote Address: LOCALHOST:12080
Type: TCP
Process: C:\WINDOWS\explorer.exe
State: ESTABLISHED

Local Address: MINE:1048
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: MINE:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: MINE:1025
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\LEXPPS.EXE
State: LISTENING

Local Address: MINE:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: MINE:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: MINE.CGOCABLE.NET:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE.CGOCABLE.NET:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MINE.CGOCABLE.NET:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MINE.CGOCABLE.NET:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MINE:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: MINE:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE:1436
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: MINE:1070
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE:1064
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\explorer.exe
State: NA

Local Address: MINE:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: MINE:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: MINE:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: MINE:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

[SuperDave]

This computer just refuses to give up it's secrets!

You never did say what the problems are.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[techgranny]

I guess you missed reply #2 when I reposted my results in reply #3. The startup and shutdown are too long and there are frequent periods of really slow processing. The reason I ran Seatools in the first place was a thrashing episode which resulted in or was caused by bad sectors in the harddrive. I have heard this can be caused by Malware. Then again sluggishness, missing files, services being turned off and other strange behavior may just be the result of bad sectors. I could reinstall Windows but if there is a virus, worm, whatever in Documents and Settings or Program Files it could all start over especially since she has an external harddrive which automatically backs up everything including Windows. It is OK to tell me I am wrong or crazy and wasting your time, after all, your the expert!
I'll run the next scan anyway and post the results.

[techgranny]

(Sorry for the delay. Now my own computer won't boot so I was working on that but that would be a topic for a new thread.)
 Here is an example of the strange behaviour. All of a sudden Help and Support won't work and tells me it must be enabled but when I try to it is not even listed. Was one of the files deleted by Combofix related to H&S?  ESET found something (yippee!) and things seem to be a bit quicker especially in IE but it's still not right.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=70af0fd02c320f41bf3362a88ffaac1a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-21 07:24:32
# local_time=2012-01-21 02:24:32 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=70621
# found=1
# cleaned=1
# scan_time=10237
C:\System Volume Information\_restore{1E455453-90CD-482C-A3D5-BA9219FEA676}\RP800\A0090967.exe   multiple threats (deleted - quarantined)   00000000000000000000000000000000   C

[SuperDave]

Do you have your OS disk?

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

[techgranny]

Yes I do have my OS disk. Why do you ask?

I followed the aswMBR.exe link you provided but it is 4.5MB not 511KB so I guess they have updated it and now you have multiple scan choices. Did you want a long scan or a quick scan?

[SuperDave]

Yes I do have my OS disk. Why do you ask?

I followed the aswMBR.exe link you provided but it is 4.5MB not 511KB so I guess they have updated it and now you have multiple scan choices. Did you want a long scan or a quick scan?

Long scan please.

[techgranny]

So what do you make of this?
aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-23 19:28:27
-----------------------------
19:28:27.718    OS Version: Windows 5.1.2600 Service Pack 3
19:28:27.718    Number of processors: 2 586 0x205
19:28:27.718    ComputerName: MINE  UserName:
19:28:29.390    Initialize success
19:28:29.593    AVAST engine defs: 12012201
19:29:17.750    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:29:17.750    Disk 0 Vendor: ST380013AS 3.18 Size: 76318MB BusType: 3
19:29:17.765    Disk 0 MBR read successfully
19:29:17.765    Disk 0 MBR scan
19:29:17.796    Disk 0 Windows XP default MBR code
19:29:17.796    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
19:29:17.843    Disk 0 scanning sectors +156280320
19:29:18.015    Disk 0 scanning C:\WINDOWS\system32\drivers
19:29:50.843    Service scanning
19:29:54.609    Modules scanning
19:30:09.984    Disk 0 trace - called modules:
19:30:10.000    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
19:30:10.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f8dab8]
19:30:10.000    3 CLASSPNP.SYS[f8535fd7] -> nt!IofCallDriver -> \Device\00000063[0x82f63f18]
19:30:10.000    5 ACPI.sys[f84ac620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f23940]
19:30:11.187    AVAST engine scan C:\
21:08:23.265    Scan finished successfully
21:22:00.609    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Person\Desktop\MBR.dat"
21:22:00.640    The log file has been saved successfully to "C:\Documents and Settings\Person\Desktop\aswMBR 2.txt"

[SuperDave]

Place the OS disk in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue  progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

[techgranny]

I thought a more detailed description of what I mean by “too long to start” may help. It is the same no matter what is on the Startup.
POST and Recovery Console – 13 seconds
Windows screen – 22 seconds
Black screen – 1 full second ( not just a flash)
Windows screen – 25 seconds
Black screen – 11 seconds
Populate Taskbar – 4 Minutes
Very strange!

I ran SFC then aswMBR again. Here are the results. Do I fix the Boot Record?

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-25 00:13:02
-----------------------------
00:13:02.484    OS Version: Windows 5.1.2600 Service Pack 3
00:13:02.484    Number of processors: 2 586 0x205
00:13:02.484    ComputerName: MINE  UserName:
00:13:04.515    Initialize success
00:13:05.312    AVAST engine defs: 12012201
00:13:11.453    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:13:11.453    Disk 0 Vendor: ST380013AS 3.18 Size: 76318MB BusType: 3
00:13:11.468    Disk 0 MBR read successfully
00:13:11.468    Disk 0 MBR scan
00:13:11.500    Disk 0 Windows XP default MBR code
00:13:11.500    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 63
00:13:11.515    Disk 0 scanning sectors +156280320
00:13:11.656    Disk 0 scanning C:\WINDOWS\system32\drivers
00:13:46.656    Service scanning
00:13:51.359    Modules scanning
00:14:04.328    Disk 0 trace - called modules:
00:14:04.343    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
00:14:04.343    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f8dab8]
00:14:04.343    3 CLASSPNP.SYS[f84f5fd7] -> nt!IofCallDriver -> \Device\00000063[0x82f901d8]
00:14:04.343    5 ACPI.sys[f846c620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82f23940]
00:14:06.109    AVAST engine scan C:\
02:08:22.359    Scan finished successfully
02:10:23.671    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Person\Desktop\MBR.dat"
02:10:23.687    The log file has been saved successfully to "C:\Documents and Settings\Person\Desktop\aswMBR 3.txt"

[SuperDave]

Do I fix the Boot Record?

No. It looks ok. I can only see one DDS log. Could you please run it again and post both logs.

[techgranny]

Sorry about that! I must have saved them like I did this time but attach.txt doesn't save.

.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Adobe Shockwave Player
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Free Antivirus
CameraHelperMsi
CCleaner
CCScore
Compatibility Pack for the 2007 Office system
DVD Shrink 3.2
DVD Suite
Efficient Networks SpeedStream DSL
Enable S3 for USB Device
erLT
ESET Online Scanner v3
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer (Enable DEP)
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 30
Kodak EasyShare software
Lexmark X6100 Series
LG ODD Auto Firmware Update
Logitech Vid
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.0.1800
MegaCam
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Windows Journal Viewer
MPIO Software Installation
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
Nero 7 Essentials
neroxml
netbrdg
OfotoXMI
PicPick
PowerDVD
PowerProducer
Print to Fax
Pure Networks Network Magic
QuickTax 2007
QuickTime
Realtek AC'97 Audio
SeaTools for Windows
SecurDisc Viewer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SFR
SHASTA
skin0001
SKINXSDK
Speccy
staticcr
SUPERAntiSpyware
TurboTax 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
ViviCam 3350
VPRINTOL
WebFldrs XP
Windows Driver Package - (mr7910) Image  (08/08/2006 1.4.0.0)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WIRELESS
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Person at 17:33:11 on 2012-01-26
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\utilities\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\utilities\avast software\avast\aswWebRepIE.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\utilities\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099601191280
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://costco.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C237B8FC-8185-442C-A9BB-72AD6590AC4A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F3626ADA-0E3F-4A7D-8D4D-33E2CD9A1977} : DhcpNameServer = 192.168.0.1
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp.dll
Notify: !SASWinLogon - c:\program files\utilities\sas\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\utilities\sas\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? CompFilter;UVCCompositeFilter
R? MatSvc;Microsoft Automated Troubleshooting Service
R? SABKUTIL;SABKUTIL
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? AR9271;Wireless Network Adapter Service
S? aswFsBlk;aswFsBlk
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2012-01-26 16:40:36   --------   d-----w-   c:\program files\ART
2012-01-26 16:39:17   6689766   ----a-w-   c:\program files\picpick_inst.exe
2012-01-25 07:44:34   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-01-25 07:44:33   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-01-25 03:42:21   116224   -c--a-w-   c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-25 03:42:20   23040   -c--a-w-   c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-25 03:42:19   18944   -c--a-w-   c:\windows\system32\dllcache\xrxscnui.dll
2012-01-25 03:42:18   27648   -c--a-w-   c:\windows\system32\dllcache\xrxftplt.exe
2012-01-25 03:42:16   4608   -c--a-w-   c:\windows\system32\dllcache\xrxflnch.exe
2012-01-25 03:40:31   99865   -c--a-w-   c:\windows\system32\dllcache\xlog.exe
2012-01-25 03:40:26   16970   -c--a-w-   c:\windows\system32\dllcache\xem336n5.sys
2012-01-25 03:40:23   19455   -c--a-w-   c:\windows\system32\dllcache\wvchntxx.sys
2012-01-25 03:40:09   12063   -c--a-w-   c:\windows\system32\dllcache\wsiintxx.sys
2012-01-25 03:40:05   8192   -c--a-w-   c:\windows\system32\dllcache\wshirda.dll
2012-01-25 03:38:39   8832   -c--a-w-   c:\windows\system32\dllcache\wmiacpi.sys
2012-01-25 03:38:12   154624   -c--a-w-   c:\windows\system32\dllcache\wlluc48.sys
2012-01-25 03:38:11   34890   -c--a-w-   c:\windows\system32\dllcache\wlandrv2.sys
2012-01-25 03:36:57   64605   -c--a-w-   c:\windows\system32\dllcache\vvoice.sys
2012-01-25 03:35:57   11520   -c--a-w-   c:\windows\system32\dllcache\twotrack.sys
2012-01-25 03:34:59   30464   -c--a-w-   c:\windows\system32\dllcache\tbatm155.sys
2012-01-25 03:33:59   61824   -c--a-w-   c:\windows\system32\dllcache\speed.sys
2012-01-25 03:32:58   32768   -c--a-w-   c:\windows\system32\dllcache\sisnic.sys
2012-01-25 03:32:52   238592   -c--a-w-   c:\windows\system32\dllcache\sisgrv.dll
2012-01-25 03:32:49   104064   -c--a-w-   c:\windows\system32\dllcache\sisgrp.sys
2012-01-25 03:32:43   150144   -c--a-w-   c:\windows\system32\dllcache\sis6306v.dll
2012-01-25 03:32:40   68608   -c--a-w-   c:\windows\system32\dllcache\sis6306p.sys
2012-01-25 03:32:39   252032   -c--a-w-   c:\windows\system32\dllcache\sis300iv.dll
2012-01-25 03:32:37   101760   -c--a-w-   c:\windows\system32\dllcache\sis300ip.sys
2012-01-25 03:29:59   43904   -c--a-w-   c:\windows\system32\dllcache\sbp2port.sys
2012-01-25 03:28:53   19584   -c--a-w-   c:\windows\system32\dllcache\rasirda.sys
2012-01-25 03:27:53   121344   -c--a-w-   c:\windows\system32\dllcache\phvfwext.dll
2012-01-25 03:26:39   198144   -c--a-w-   c:\windows\system32\dllcache\nv3.sys
2012-01-25 03:26:39   123776   -c--a-w-   c:\windows\system32\dllcache\nv3.dll
2012-01-25 03:26:19   51552   -c--a-w-   c:\windows\system32\dllcache\ntgrip.sys
2012-01-25 03:26:15   9344   -c--a-w-   c:\windows\system32\dllcache\ntapm.sys
2012-01-25 03:26:14   7552   -c--a-w-   c:\windows\system32\dllcache\nsmmc.sys
2012-01-25 03:26:12   28672   -c--a-w-   c:\windows\system32\dllcache\nscirda.sys
2012-01-25 03:26:05   87040   -c--a-w-   c:\windows\system32\dllcache\nm6wdm.sys
2012-01-25 03:26:05   126080   -c--a-w-   c:\windows\system32\dllcache\nm5a2wdm.sys
2012-01-25 03:24:30   49024   -c--a-w-   c:\windows\system32\dllcache\mstape.sys
2012-01-25 03:24:22   12416   -c--a-w-   c:\windows\system32\dllcache\msriffwv.sys
2012-01-25 03:23:59   22016   -c--a-w-   c:\windows\system32\dllcache\msircomm.sys
2012-01-25 03:23:19   35200   -c--a-w-   c:\windows\system32\dllcache\msgame.sys
2012-01-25 03:23:17   6016   -c--a-w-   c:\windows\system32\dllcache\msfsio.sys
2012-01-25 03:23:15   51200   -c--a-w-   c:\windows\system32\dllcache\msdv.sys
2012-01-25 03:22:57   17280   -c--a-w-   c:\windows\system32\dllcache\mraid35x.sys
2012-01-25 03:22:23   15232   -c--a-w-   c:\windows\system32\dllcache\mpe.sys
2012-01-25 03:22:12   16128   -c--a-w-   c:\windows\system32\dllcache\modemcsa.sys
2012-01-25 03:20:59   26442   -c--a-w-   c:\windows\system32\dllcache\lanepic5.sys
2012-01-25 03:20:57   19016   -c--a-w-   c:\windows\system32\dllcache\ktc111.sys
2012-01-25 03:20:53   37376   -c--a-w-   c:\windows\system32\dllcache\kousd.dll
2012-01-25 03:20:47   253952   -c--a-w-   c:\windows\system32\dllcache\kdsusd.dll
2012-01-25 03:20:46   48640   -c--a-w-   c:\windows\system32\dllcache\kdsui.dll
2012-01-25 03:20:28   8192   -c--a-w-   c:\windows\system32\dllcache\kbdkor.dll
2012-01-25 03:20:27   8704   -c--a-w-   c:\windows\system32\dllcache\kbdjpn.dll
2012-01-25 03:20:06   6144   -c--a-w-   c:\windows\system32\dllcache\kbd106.dll
2012-01-25 03:20:06   5632   -c--a-w-   c:\windows\system32\dllcache\kbd103.dll
2012-01-25 03:20:05   6144   -c--a-w-   c:\windows\system32\dllcache\kbd101c.dll
2012-01-25 03:20:05   6144   -c--a-w-   c:\windows\system32\dllcache\kbd101b.dll
2012-01-25 03:19:57   26624   -c--a-w-   c:\windows\system32\dllcache\irstusb.sys
2012-01-25 03:19:56   18688   -c--a-w-   c:\windows\system32\dllcache\irsir.sys
2012-01-25 03:19:55   28160   -c--a-w-   c:\windows\system32\dllcache\irmon.dll
2012-01-25 03:19:54   23552   -c--a-w-   c:\windows\system32\dllcache\irmk7.sys
2012-01-25 03:19:53   151552   -c--a-w-   c:\windows\system32\dllcache\irftp.exe
2012-01-25 03:19:52   88192   -c--a-w-   c:\windows\system32\dllcache\irda.sys
2012-01-25 03:19:39   45632   -c--a-w-   c:\windows\system32\dllcache\ip5515.sys
2012-01-25 03:19:38   90200   -c--a-w-   c:\windows\system32\dllcache\io8ports.dll
2012-01-25 03:19:37   38784   -c--a-w-   c:\windows\system32\dllcache\io8.sys
2012-01-25 03:19:35   5504   -c--a-w-   c:\windows\system32\dllcache\intelide.sys
2012-01-25 03:19:34   13056   -c--a-w-   c:\windows\system32\dllcache\inport.sys
2012-01-25 03:19:33   16000   -c--a-w-   c:\windows\system32\dllcache\ini910u.sys
2012-01-25 03:17:59   702845   -c--a-w-   c:\windows\system32\dllcache\i81xdnt5.dll
2012-01-25 03:17:57   58592   -c--a-w-   c:\windows\system32\dllcache\i740nt5.sys
2012-01-25 03:17:57   353184   -c--a-w-   c:\windows\system32\dllcache\i740dnt5.dll
2012-01-25 03:17:56   18560   -c--a-w-   c:\windows\system32\dllcache\i2omp.sys
2012-01-25 03:17:54   8576   -c--a-w-   c:\windows\system32\dllcache\i2omgmt.sys
2012-01-25 03:15:59   5760   -c--a-w-   c:\windows\system32\dllcache\hpt4qic.sys
2012-01-25 03:14:52   92160   -c--a-w-   c:\windows\system32\dllcache\fuusd.dll
2012-01-25 03:13:59   347550   -c--a-w-   c:\windows\system32\dllcache\es56tpi.sys
2012-01-25 03:12:55   20192   -c--a-w-   c:\windows\system32\dllcache\dpti2o.sys
2012-01-25 03:11:59   86016   -c--a-w-   c:\windows\system32\dllcache\dc240usd.dll
2012-01-25 03:10:59   44032   -c--a-w-   c:\windows\system32\dllcache\cnusd.dll
2012-01-25 03:09:59   164923   -c--a-w-   c:\windows\system32\dllcache\diapi2.sys
2012-01-25 03:08:44   102400   -c--a-w-   c:\windows\system32\dllcache\binlsvc.dll
2012-01-25 03:07:59   37376   -c--a-w-   c:\windows\system32\dllcache\atievxx.exe
2012-01-25 03:06:55   46112   -c--a-w-   c:\windows\system32\dllcache\adptsf50.sys
2012-01-25 03:04:58   66048   -c--a-w-   c:\windows\system32\dllcache\s3legacy.dll
2012-01-21 16:21:51   --------   d-----w-   c:\program files\ESET
2012-01-20 18:02:19   --------   d-----w-   c:\documents and settings\person\application data\Skinux
2012-01-19 04:50:39   --------   d-sha-r-   C:\cmdcons
2012-01-19 04:46:56   208896   ----a-w-   c:\windows\MBR.exe
2012-01-19 04:46:55   98816   ----a-w-   c:\windows\sed.exe
2012-01-19 04:46:55   518144   ----a-w-   c:\windows\SWREG.exe
2012-01-19 04:46:55   256000   ----a-w-   c:\windows\PEV.exe
2012-01-19 03:25:02   --------   d-----w-   c:\documents and settings\person\application data\VOS
2012-01-17 01:19:29   435032   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-01-17 01:18:23   41184   ----a-w-   c:\windows\avastSS.scr
2012-01-17 01:16:56   --------   d-----w-   c:\documents and settings\all users\application data\AVAST Software
2012-01-15 16:38:15   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-01-12 19:57:11   --------   d-----w-   c:\documents and settings\person\local settings\application data\FixItCenter
2012-01-12 19:49:40   --------   d-----w-   c:\windows\MATS
2012-01-12 19:49:37   --------   d-----w-   c:\program files\Microsoft Fix it Center
2012-01-12 03:32:41   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-01-12 03:18:23   1668352   ----a-r-   c:\windows\system32\drivers\athuw.sys
2012-01-10 20:24:29   1334784   ----a-w-   c:\windows\system32\athur.sys
2012-01-10 20:24:07   --------   d-----w-   c:\documents and settings\all users\application data\TP-LINK
2012-01-10 05:58:31   --------   d-----w-   c:\program files\common files\Wise Installation Wizard
2012-01-08 19:23:55   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2012-01-08 19:23:55   21504   ----a-w-   c:\windows\system32\hidserv.dll
2012-01-08 19:23:41   14592   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2012-01-08 19:23:41   14592   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2012-01-03 13:10:44   182672   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2012-01-15 23:05:17   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25:32   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35:08   60416   ----a-w-   c:\windows\system32\packager.exe
2011-11-16 14:21:44   354816   ----a-w-   c:\windows\system32\winhttp.dll
2011-11-16 14:21:44   152064   ----a-w-   c:\windows\system32\schannel.dll
2011-11-04 19:20:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-11-04 19:20:51   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-03 15:28:36   386048   ----a-w-   c:\windows\system32\qdvd.dll
2011-11-03 15:28:36   1292288   ----a-w-   c:\windows\system32\quartz.dll
2011-11-01 16:07:10   1288704   ----a-w-   c:\windows\system32\ole32.dll
2004-11-08 02:03:57   487544   -c--a-w-   c:\program files\msgr6suite.exe
2004-11-06 15:15:48   1418304   -c--a-w-   c:\program files\j2re-1_4_2_05-windows-i586-p-iftw.exe
.
============= FINISH: 17:41:07.28 ===============

[SuperDave]

* Go to Start > Run and type mrt.exe then press Enter on the keyboard).
* (Vista and Windows 7 users go to Start and type mrt.exe in the search box then press Enter on the keyboard.
* Click Next.
* Choose Full Scan and click Next.
* Once the scan is finished click View detailed results of the scan.

Look through the list and let me know if anything was found infected.
*********************************************************
Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.
• Hidden Startup Objects
  
• System Memory
  
• Disk Boot Sectors.
  
• My Computer.
  
• Also any other drives (Removable that you may have)
  

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

[techgranny]

I ran mrt.exe again and still nothing found.

Ran Kaspersky and found
Status: Deleted   (events: 2)   
1/27/2012 8:18:11 PM   Deleted   Trojan program Trojan.Win32.KillAV.nt   C:\Documents and Settings\Person\My Documents\My Received Files\data1.cab   High   
1/27/2012 8:18:11 PM   Deleted   Trojan program Trojan.Win32.KillAV.nt   C:\Documents and Settings\Person\My Documents\My Received Files\data1.cab//killbill.exe   High   

[SuperDave]

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

[techgranny]

 Results of screen317's Security Check version 0.99.30 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Enabled! 
 avast! Free Antivirus   
 ESET Online Scanner v3   
 Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
 SUPERAntiSpyware     
 CCleaner     
 Java(TM) 6 Update 30 
 Java 2 Runtime Environment, SE v1.4.2_05
  Adobe Flash Player    10.0.45.2 Flash Player out of Date! 
 Adobe Reader X (10.1.2)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 UTILITIES AVAST Software Avast AvastSvc.exe
 UTILITIES AVAST Software Avast avastUI.exe
``````````End of Log````````````

Why isn't Malwarebytes listed? Do I need to reinstall it?

[SuperDave]

Why isn't Malwarebytes listed? Do I need to reinstall it?

No. Not necessary.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.



On the General tab, make sure all of the boxes are checked.



On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply..

[techgranny]

Here you go.
http://www.getsysteminfo.com/read.php?file=be3e352aabab1703a0c53f26c0514a6f

[SuperDave]

After all these scans I can find no malware that would be causing your problems. Did you try defragging the drive? How much RAM on that computer?

[techgranny]

Yes, repeatedly. 512 Mb Ram but it used to run well with that.
If you think it is clean it must be due to the bad sectors and the relocation of files during the repair. At least now I can be sure that the Malware we did find is removed from her external drive and won't be rewritten if I do a clean install.
I have learned a bunch in the process! Thank you for all of your time and guidance. You are super Dave, but I guess you already knew that!

[techgranny]

Just one more thing.The folder on C, created by ComboFix I belive, named Found. It has recovered file fragments in it. Am I supposed to do something with them? I know it is a mute point if I do a CLEAN install but just for future reference and because I am a curious gal!

[SuperDave]

Ok. We'll do some cleanup.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you

**********************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give you a new, clean Restore Point.
**************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!