hello there,
over the past month my pc has run very slowly and takes a long time to boot up and has choppy response to my commands. You can visually see programs slowwwwly close or open up. I use CCleaner, ATF Cleaner, avast antivirus, & malwarebyte's antimalware regularly without finding any virus'. I do have 1/3 of my hard drive full of jpegs but don't understand why my pc would run so slowly. Any help will be appreciated, thanks.

This is pcstorm adding on to my previous post. Here is my log of my malawarebyte's antimalware quick scan as suggested on self help. I'm not sure why the pc is running slowly. Could it be getting too full?

forgot to add the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3185
Windows 5.1.2600 Service Pack 3

11/16/2009 9:23:29 PM
mbam-log-2009-11-16 (21-23-29).txt

Scan type: Quick Scan
Objects scanned: 108883
Time elapsed: 6 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi pc storm,



My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

1. Download DDS and save it to your desktop from
2. Here
3. here or
4. here.
   
   • Disable any script blocking protection (How to Disable your Security Programs)
   • Double click DDS icon to run the tool (may take up to 3 minutes to run)
   • When done, DDS.txt will open.
   • After a few moments, attach.txt will open in a second window.
   • Save both reports to your desktop.
   
   
5. We Need to check for Rootkits with RootRepeal
   
   1. Download RootRepeal from one of the following locations and save it to your desktop.
      
      • Here
      • Here
        
      • or Here
   2. Open on your desktop.
   3. Click the tab.
   4. Click the button.
   5. In the Select Scan dialog, check
      
   6. Push Ok
   7. Check the box for your main system drive (Usually C:), and press Ok.
   8. Allow RootRepeal to run a scan of your system. This may take some time.
   9. Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
   
   
6. Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.
   
   
7. Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.
   
   
8. Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Here are the logs and the attachment you've requested. Thanks for looking into this.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Alain at 15:44:50.68 on Mon 11/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.127 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\ACS.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Creative\MEDIAS~1\MtdAcqu.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Alain\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theweathernetwork.com/weather/caab0194
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MtdAcqu] "c:\progra~1\creative\medias~1\MtdAcqu.exe" /s
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [CeEPOWER] c:\program files\toshiba\power management\CePMTray.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alain\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20060511/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149653933265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://my.calgaryhealthregion.ca/redirect/http://exCAS1a.crha-health.ab.ca/owa/MWScripts/AttachView/1.5/DAX.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize2/pcpitstop2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\roxio creator 2009\digital home 11\roxioupnprenderer11.exe" --> c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [?]

=============== Created Last 30 ================

2009-11-23 08:38 93,360 a------- c:\windows\system32\drivers\SBREDrv.sys
2009-11-18 10:40 <DIR> --d----- c:\program files\LimeWire
2009-11-14 22:14 3,253 a------- c:\windows\system32\wbem\Outlook_01ca65b2888545a0.mof
2009-11-12 12:46 <DIR> --d----- C:\e0ca4154876d7715d3

==================== Find3M ====================

2009-10-11 04:17 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-11 07:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-04 14:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 01:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 01:00 247,326 -------- c:\windows\system32\strmdll.dll

============= FINISH: 15:45:49.62 ===============

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/23 15:48
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF5D6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B53000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEF0BC000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

pc storm,

Not much showing. Let's try a couple more scans.

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
  
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Please go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Here is the rooter text but the Kaspersky has been running since about 2:15 and it is now 6:45 and it has not really done anything. I have just stopped the scan and will attempt again. Let me know what you think.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:19 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
.
Scan : 13:11.42
Path : C:\Documents and Settings\Alain\Desktop\Rooter.exe
User : Alain ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (636)
______ \??\C:\WINDOWS\system32\csrss.exe (800)
______ \??\C:\WINDOWS\SYSTEM32\winlogon.exe (828)
______ C:\WINDOWS\system32\services.exe (872)
______ C:\WINDOWS\system32\lsass.exe (884)
______ C:\WINDOWS\system32\Ati2evxx.exe (1072)
______ C:\WINDOWS\system32\svchost.exe (1088)
______ C:\WINDOWS\system32\svchost.exe (1148)
______ C:\WINDOWS\System32\svchost.exe (1188)
______ C:\WINDOWS\system32\svchost.exe (1232)
______ C:\WINDOWS\system32\ACS.exe (1368)
______ C:\WINDOWS\system32\svchost.exe (1416)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1664)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1720)
______ C:\WINDOWS\Explorer.EXE (176)
______ C:\WINDOWS\system32\spoolsv.exe (460)
______ C:\WINDOWS\system32\svchost.exe (1900)
______ C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe (780)
______ C:\Program Files\TOSHIBA\Power Management\CePMTray.exe (788)
______ C:\Program Files\Apoint2K\Apoint.exe (708)
______ C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (660)
______ C:\WINDOWS\system32\dla\tfswctrl.exe (804)
______ C:\WINDOWS\AGRSMMSG.exe (848)
______ C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe (1208)
______ C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (1304)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1280)
______ C:\WINDOWS\system32\CTsvcCDA.exe (1452)
______ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (1524)
______ C:\WINDOWS\system32\DVDRAMSV.exe (1528)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1592)
______ C:\WINDOWS\system32\ctfmon.exe (1616)
______ C:\Program Files\Apoint2K\Apntex.exe (1656)
______ C:\WINDOWS\system32\RAMASST.exe (1728)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1828)
______ C:\WINDOWS\system32\svchost.exe (1884)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (2776)
______ C:\WINDOWS\System32\alg.exe (3604)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (3620)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2120)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (2308)
______ C:\Documents and Settings\Alain\Desktop\Rooter.exe (2264)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80023716864)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Disk Cleanup.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\Tasks\XoftSpy.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 13:12.05
.
C:\Rooter$\Rooter_1.txt - (24/11/2009 | 13:12.05)

pc storm,

It is best to let Kaspersky run on its own. Don't use your computer while it runs. It usually takes several hours. Best bet would be to reboot and then go run Kaspersky without using computer for anything else. Let it start as fresh as possible.

Good morning TomK. I let Kaspersky run all night and when I got to it this a.m. it was not on my pc anymore. I thought it would still be there so that I could send you a log. Any suggestions? The pc is still running verrrrrrrry sloooowwwwly.

pc storm,

Let's try this...

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatthetech.com/How_Disable_...ams_t96260.html
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Hello TomK,
Here is the result of the combofix scan:

ComboFix 09-11-26.02 - Alain 11/26/2009 20:20.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.227 [GMT -7:00]
Running from: c:\documents and settings\Alain\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-25 03:22 . 2009-11-25 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-24 20:12 . 2009-11-24 20:12 -------- d-----w- C:\Rooter$
2009-11-23 23:09 . 2009-11-24 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-23 23:08 . 2009-11-23 23:08 -------- d-----w- c:\program files\Common Files\iS3
2009-11-23 15:38 . 2009-11-23 15:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-18 17:40 . 2009-11-18 17:41 -------- d-----w- c:\program files\LimeWire
2009-11-12 19:46 . 2009-11-12 19:48 -------- d-----w- C:\e0ca4154876d7715d3
2009-11-04 16:54 . 2009-11-04 16:54 152576 ----a-w- c:\documents and settings\Alain\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 13:13 . 2006-06-07 05:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-26 13:11 . 2006-06-07 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 20:12 . 2007-01-12 00:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-24 01:26 . 2006-06-26 16:39 -------- d-----w- c:\program files\STOPzilla!
2009-11-23 23:41 . 2009-11-23 23:40 5936 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-23 23:23 . 2006-06-26 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-23 23:06 . 2008-04-08 15:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-23 22:20 . 2008-10-01 05:14 -------- d-----w- c:\program files\ERUNT
2009-11-23 22:01 . 2006-09-17 22:44 -------- d-----w- c:\program files\Lavasoft
2009-11-23 22:00 . 2008-02-11 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-04 16:56 . 2006-09-19 02:28 -------- d-----w- c:\program files\Java
2009-10-27 16:38 . 2008-10-03 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 16:36 . 2008-10-03 16:01 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-22 22:03 . 2009-10-22 22:03 26 ----a-w- c:\windows\winstart.bat
2009-10-22 22:03 . 2009-10-22 22:03 123 ----a-w- c:\windows\tmpcpyis.bat
2009-10-22 22:03 . 2009-10-22 22:03 122 ----a-w- c:\windows\tmpdelis.bat
2009-10-22 19:41 . 2009-10-22 19:41 -------- d-----w- c:\program files\PowerISO
2009-10-14 14:22 . 2004-08-21 01:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 02:43 . 2006-06-07 00:48 28296 ----a-w- c:\documents and settings\Alain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 11:17 . 2009-01-08 17:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18 . 2004-08-21 00:47 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:54 . 2008-10-03 16:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53 . 2008-10-03 16:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-21 00:47 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-21 00:47 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 638976]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-20 135168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-04-21 118843]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-20 88363]

c:\documents and settings\Alain\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-8-20 155648]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-21 00:12]

2007-02-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-31 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytelus.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://my.calgaryhealthregion.ca/redirect/http://exCAS1a.crha-health.ab.ca/owa/MWScripts/AttachView/1.5/DAX.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
MSConfigStartUp-CTFMON - (no file)
AddRemove-{2FCE4FC5-6930-40E7-A4F1-F862207424EF} - c:\program files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe REMOVEALL
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2688664847-4137593175-816191208-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81B79AEB-7465-1339-8968-CCB1E1E78026}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialfkanghpldckgabi"=hex:6a,61,6c,61,65,70,6a,62,69,6e,65,68,61,6f,69,6a,65,66,
6b,61,00,00
"hajgeimfgncjcfob"=hex:6a,61,6f,61,64,70,63,6e,63,6f,64,70,70,6e,65,61,63,6c,
6f,66,00,23
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\dla\tfswshx.dll
c:\windows\system32\tfswapi.dll
c:\windows\system32\dla\tfswcres.dll
.
Completion time: 2009-11-26 20:33
ComboFix-quarantined-files.txt 2009-11-27 03:33
ComboFix2.txt 2008-10-07 15:38
ComboFix3.txt 2008-10-05 19:46

Pre-Run: 21,653,463,040 bytes free
Post-Run: 21,629,247,488 bytes free

- - End Of File - - 7D18E86DA2E35C591BA1ED65B1CCC6ED

Let me know how this is... Thanks...

pc storm,

COMBOFIX-Script

• Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
  
  
  CODE
  regnull::
  [HKEY_USERS\S-1-5-21-2688664847-4137593175-816191208-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{81B79AEB-7465-1339-8968-CCB1E1E78026}*]
  
  
• Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
  
  
  
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
• ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
• When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

I would further suggest that you also read this tutorial on slow running computers
and Help! My computer is slow! by miekiemoes.

Then let me know how things are running.

TomK

Here is the newest Combofix log: (I'll read through the recommended links)

ComboFix 09-11-26.02 - Alain 11/26/2009 21:58.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.206 [GMT -7:00]
Running from: c:\documents and settings\Alain\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alain\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.

2009-11-25 03:22 . 2009-11-25 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-24 20:12 . 2009-11-24 20:12 -------- d-----w- C:\Rooter$
2009-11-23 23:09 . 2009-11-24 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-23 23:08 . 2009-11-23 23:08 -------- d-----w- c:\program files\Common Files\iS3
2009-11-23 15:38 . 2009-11-23 15:38 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-18 17:40 . 2009-11-18 17:41 -------- d-----w- c:\program files\LimeWire
2009-11-12 19:46 . 2009-11-12 19:48 -------- d-----w- C:\e0ca4154876d7715d3
2009-11-04 16:54 . 2009-11-04 16:54 152576 ----a-w- c:\documents and settings\Alain\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 13:13 . 2006-06-07 05:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-26 13:11 . 2006-06-07 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 20:12 . 2007-01-12 00:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-24 01:26 . 2006-06-26 16:39 -------- d-----w- c:\program files\STOPzilla!
2009-11-23 23:41 . 2009-11-23 23:40 5936 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-23 23:23 . 2006-06-26 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-23 23:06 . 2008-04-08 15:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-23 22:20 . 2008-10-01 05:14 -------- d-----w- c:\program files\ERUNT
2009-11-23 22:01 . 2006-09-17 22:44 -------- d-----w- c:\program files\Lavasoft
2009-11-23 22:00 . 2008-02-11 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-04 16:56 . 2006-09-19 02:28 -------- d-----w- c:\program files\Java
2009-10-27 16:38 . 2008-10-03 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 16:36 . 2008-10-03 16:01 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-22 22:03 . 2009-10-22 22:03 26 ----a-w- c:\windows\winstart.bat
2009-10-22 22:03 . 2009-10-22 22:03 123 ----a-w- c:\windows\tmpcpyis.bat
2009-10-22 22:03 . 2009-10-22 22:03 122 ----a-w- c:\windows\tmpdelis.bat
2009-10-22 19:41 . 2009-10-22 19:41 -------- d-----w- c:\program files\PowerISO
2009-10-14 14:22 . 2004-08-21 01:32 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-12 02:43 . 2006-06-07 00:48 28296 ----a-w- c:\documents and settings\Alain\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-11 11:17 . 2009-01-08 17:18 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-11 14:18 . 2004-08-21 00:47 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:54 . 2008-10-03 16:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 20:53 . 2008-10-03 16:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-21 00:47 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-21 00:47 916480 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 638976]
"CeEPOWER"="c:\program files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-20 135168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2003-10-30 192512]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-15 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-04-21 118843]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-20 88363]

c:\documents and settings\Alain\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2004-8-20 155648]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=

S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-21 00:12]

2007-02-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-31 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytelus.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {D9CDEFE3-51BB-4737-A12C-53D9814A148C} - hxxps://my.calgaryhealthregion.ca/redirect/http://exCAS1a.crha-health.ab.ca/owa/MWScripts/AttachView/1.5/DAX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-26 22:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3300)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-26 22:09
ComboFix-quarantined-files.txt 2009-11-27 05:08
ComboFix2.txt 2009-11-27 03:33
ComboFix3.txt 2008-10-07 15:38
ComboFix4.txt 2008-10-05 19:46

Pre-Run: 21,636,190,208 bytes free
Post-Run: 21,624,688,640 bytes free

- - End Of File - - BC3A0D5C5B6D290379480A6DC3CC3650

Good morning TomK,
I have noticed over the last few hours how my pc is much quicker and does not seem to hesitate to open a file, launch a program, etc... What is it that Combofix does that would speed up the computer like that? Other than running the programs you've suggested I have done nothing else and the result is great. Thanks...

pc storm,

All we did is clean up some remnants that may or may not have been left by malware. Most were references to files that no longer exist but there was one entry that was corrupted whether by accident or a virus I don't know.

I don't see anything more to mess with so...

Log looks good


Time for some housekeeping

• Click START then RUN
• Now type ComboFix /Uninstall in the runbox and click OK.
• Note the space between the X and the U, it needs to be there.
• 

The above procedure will:

• Implement some cleanup procedures.
• Reset System Restore.

Please re-enable any security that was disabled.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.