Solved svchost.exe (network service) Slow - Possible Infection?

James Martin · 2010/08/16

"broni said: ↑

Let Combofix do it.

Do you use two firewalls?
That's not a good idea.
You should run only one.

Go on...
Click to expand...

Not at the same time.

If I disable ZA, the XP firewall takes its place. However, I made sure both were off before scanning.

*******************************

Combo Fix appears to be dead in the water.

I ran a scan (or so the autoscan window was up) for at least 30 minutes, but the CPU usage was 0%. Seems like a scanner of this magnitude would at least use 25 to 50% of resources.

I had to do a hard reboot to clear the autoscan window...tried the process again, and after a minute or two, the CPU usage was back to 0% (except for jqs.exe peaking at 19% every 30 seconds). Figuring the program had stalled after the second scan of approximately 25 minutes, I did another hard reboot.

The message in the autoscan window suggested a 10 minute scan, and an infected machine would double that.

Suggestions?

broni · 2010/08/16

Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now, run broni.exe

If any problems with the above, try running all three tools in Safe Mode.

For me, it's a bed time, so I'll check on you tomorrow

James Martin · 2010/08/16

"broni said: ↑

For me, it's a bed time, so I'll check on you tomorrow
Click to expand...

Same here.

It is now 2:15 am on the east coast.

I may not be back online until evening.

ZZZZZZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz.

broni · 2010/08/16

I'm back

James Martin · 2010/08/16

rkill ran successfully.

==============================

exeHelper by Raktor
Build 20100414
Run at 21:08:25 on 08/16/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
===============================

Bronifix will run ASAP.

broni · 2010/08/16

Ok

James Martin · 2010/08/16

ComboFix 10-08-16.03 - Owner 08/16/2010 23:24:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.713 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Bronifix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\inst.exe
c:\documents and settings\Owner\My Documents\DPE.DUS
C:\ipconfig.txt
c:\windows\daemon.dll
c:\windows\Downloaded Program Files\ODCTOOLS
c:\windows\Downloaded Program Files\ODCTOOLS\ef6b26db-344d-4ad3-ba24-aca0bdaa999a.cab
c:\windows\Downloaded Program Files\ODCTOOLS\f04d289f-c60a-422b-8396-6c372047042e.cab

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-15 02:53 . 2010-08-15 02:53 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-08 19:22 . 2010-08-08 19:22 -------- d-----w- c:\program files\ESET
2010-08-01 22:10 . 2010-08-01 22:10 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 22:10 . 2010-08-01 22:10 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e81b591-n\msvcp71.dll
2010-08-01 22:10 . 2010-08-01 22:10 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e81b591-n\jmc.dll
2010-08-01 22:10 . 2010-08-01 22:10 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e81b591-n\msvcr71.dll
2010-08-01 22:10 . 2010-08-01 22:10 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-59eaa80a-n\decora-sse.dll
2010-08-01 22:10 . 2010-08-01 22:10 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-59eaa80a-n\decora-d3d.dll
2010-07-28 21:28 . 2010-07-28 21:32 -------- d-----w- c:\windows\$regcmp$
2010-07-27 18:30 . 2010-07-27 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2010-07-21 07:46 . 2010-07-21 07:47 -------- d-----w- c:\program files\CPU Thermometer
2010-07-21 02:03 . 2010-07-21 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 00:21 . 2010-05-23 02:48 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-14 00:21 . 2009-08-19 05:24 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-14 00:12 . 2009-03-02 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-14 00:12 . 2009-03-02 15:47 -------- d-----w- c:\program files\SpywareBlaster
2010-08-11 13:43 . 2009-03-02 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 15:01 . 2010-07-06 20:47 4784084 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-01 22:10 . 2009-03-02 16:53 -------- d-----w- c:\program files\Java
2010-08-01 06:06 . 2009-03-02 13:23 -------- d-----w- c:\program files\CCleaner
2010-07-30 05:02 . 2009-06-20 02:07 -------- d-----w- c:\documents and settings\Owner\Application Data\GoodSync
2010-07-29 23:48 . 2010-05-18 05:19 -------- d-----w- c:\program files\SpeedFan
2010-07-27 18:30 . 2009-03-02 14:03 -------- d-----w- c:\program files\Siber Systems
2010-07-24 07:30 . 2009-08-19 05:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 09:00 . 2010-04-17 19:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 18:08 . 2010-07-03 18:08 -------- d-----w- c:\program files\Lavalys
2010-06-30 12:31 . 2003-07-16 20:43 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-06-29 17:00 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-03-02 05:22 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-02 05:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-02 05:22 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-02 05:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-02 05:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-03-02 05:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-03-02 05:22 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-03-02 05:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 16:54 . 2009-11-11 07:11 -------- d-----w- c:\program files\Eraser
2010-06-24 12:10 . 2009-03-02 01:50 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2003-07-16 20:51 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-07-16 20:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-07-16 20:46 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-07-16 20:29 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-02 01:30 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-07-16 20:37 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 00:56 . 2009-03-02 03:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-28 11:04 . 2009-06-17 12:20 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-26 17:03 . 2010-06-12 00:56 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 17:03 . 2010-06-12 00:56 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 17:03 . 2010-06-12 00:56 103936 ----a-w- c:\windows\system32\zlcommdb.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-12 221247]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 04:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [3/2/2009 12:02 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [3/2/2009 12:02 PM 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/2/2009 1:22 AM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/5/2009 4:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2009 1:22 AM 17744]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 14896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 12872]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 23:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86433C18]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7753f28
\Driver\ACPI -> ACPI.sys @ 0xf76a0cb8
\Driver\atapi -> 0x86433c18
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1035525444-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-16 23:36:09
ComboFix-quarantined-files.txt 2010-08-17 03:36

Pre-Run: 5,358,071,808 bytes free
Post-Run: 5,313,572,864 bytes free

- - End Of File - - 7B8491A08567E7E20B1260ABC5472246

broni · 2010/08/16

Delete Bronifix.exe, download fresh Combofix file, run it and post fresh log.
Hopefully, it'll run straight without renaming, or using other pre-tools.

James Martin · 2010/08/16

Combofix scan - Safe Mode

Got a message informing me of Avast running in the background, but I don't see how while in the Safe Mode.

ComboFix 10-08-16.03 - Owner 08/17/2010 0:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.991.704 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-15 02:53 . 2010-08-15 02:53 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-14 22:28 . 2010-08-14 22:28 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-08 19:22 . 2010-08-08 19:22 -------- d-----w- c:\program files\ESET
2010-08-01 22:10 . 2010-08-01 22:10 -------- d-----w- c:\program files\Common Files\Java
2010-08-01 22:10 . 2010-08-01 22:10 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e81b591-n\msvcp71.dll
2010-08-01 22:10 . 2010-08-01 22:10 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e81b591-n\jmc.dll
2010-08-01 22:10 . 2010-08-01 22:10 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5e81b591-n\msvcr71.dll
2010-08-01 22:10 . 2010-08-01 22:10 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-59eaa80a-n\decora-sse.dll
2010-08-01 22:10 . 2010-08-01 22:10 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-59eaa80a-n\decora-d3d.dll
2010-07-28 21:28 . 2010-07-28 21:32 -------- d-----w- c:\windows\$regcmp$
2010-07-27 18:30 . 2010-07-27 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\GoodSync
2010-07-21 07:46 . 2010-07-21 07:47 -------- d-----w- c:\program files\CPU Thermometer
2010-07-21 02:03 . 2010-07-21 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 00:21 . 2010-05-23 02:48 63488 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-14 00:21 . 2009-08-19 05:24 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-14 00:12 . 2009-03-02 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-14 00:12 . 2009-03-02 15:47 -------- d-----w- c:\program files\SpywareBlaster
2010-08-11 13:43 . 2009-03-02 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 15:01 . 2010-07-06 20:47 4784084 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-01 22:10 . 2009-03-02 16:53 -------- d-----w- c:\program files\Java
2010-08-01 06:06 . 2009-03-02 13:23 -------- d-----w- c:\program files\CCleaner
2010-07-30 05:02 . 2009-06-20 02:07 -------- d-----w- c:\documents and settings\Owner\Application Data\GoodSync
2010-07-29 23:48 . 2010-05-18 05:19 -------- d-----w- c:\program files\SpeedFan
2010-07-27 18:30 . 2009-03-02 14:03 -------- d-----w- c:\program files\Siber Systems
2010-07-24 07:30 . 2009-08-19 05:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-17 09:00 . 2010-04-17 19:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 18:08 . 2010-07-03 18:08 -------- d-----w- c:\program files\Lavalys
2010-06-30 12:31 . 2003-07-16 20:43 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 20:57 . 2010-06-29 17:00 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-03-02 05:22 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-03-02 05:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-03-02 05:22 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-03-02 05:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-03-02 05:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-03-02 05:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-03-02 05:22 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-03-02 05:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 16:54 . 2009-11-11 07:11 -------- d-----w- c:\program files\Eraser
2010-06-24 12:10 . 2009-03-02 01:50 81920 ------w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2003-07-16 20:51 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2003-07-16 20:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2003-07-16 20:46 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2003-07-16 20:29 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-03-02 01:30 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2003-07-16 20:37 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-12 00:56 . 2009-03-02 03:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-05-28 11:04 . 2009-06-17 12:20 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-26 17:03 . 2010-06-12 00:56 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-05-26 17:03 . 2010-06-12 00:56 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-05-26 17:03 . 2010-06-12 00:56 103936 ----a-w- c:\windows\system32\zlcommdb.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-17_03.32.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-17 04:12 . 2010-08-17 04:12 16384 c:\windows\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol "= "c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"avast5 "= "c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2009-3-12 221247]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-07 04:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "=

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [3/2/2009 12:02 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [3/2/2009 12:02 PM 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/2/2009 1:22 AM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [8/5/2009 4:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/2/2009 1:22 AM 17744]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 14896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 12872]
S3 WEBNTACCESS;WEBNTACCESS;\??\c:\windows\system32\NTACCESS.SYS --> c:\windows\system32\NTACCESS.SYS [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 00:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86428F00]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7753f28
\Driver\ACPI -> ACPI.sys @ 0xf76a0cb8
\Driver\atapi -> 0x86428f00
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1035525444-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1000)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-17 00:25:28
ComboFix-quarantined-files.txt 2010-08-17 04:25
ComboFix2.txt 2010-08-17 03:36

Pre-Run: 5,267,218,432 bytes free
Post-Run: 5,247,533,056 bytes free

- - End Of File - - D7AB6B112068110A591541A448499A57

James Martin · 2010/08/16

Should I have unchecked the ZA startup with Windows box?

broni · 2010/08/16

Don't worry about Avast....

How is computer doing at the moment?

Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

* Doubleclick mbr.exe and follow prompts (Vista users: right click on mbr.exe and click "Run As Administrator ").
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log (mbr.log) file to your next reply.

James Martin · 2010/08/16

MBR Scan Results

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

--------------------------------------

Not sure if things have changed for the better yet. The problem was intermittent.

broni · 2010/08/16

That looks good

You didn't say how your computer is doing.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

==============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

James Martin · 2010/08/17

OTL Log

OTL logfile created on: 8/17/2010 1:06:55 AM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1486 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 5.91 Gb Free Space | 29.53% Space Free | Partition Type: NTFS
Drive D: | 20.00 Gb Total Space | 8.14 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive E: | 15.00 Gb Total Space | 8.23 Gb Free Space | 54.85% Space Free | Partition Type: NTFS
Drive F: | 19.53 Gb Total Space | 3.06 Gb Free Space | 15.66% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Unable to calculate disk information.
Drive I: | 123.50 Mb Total Space | 95.26 Mb Free Space | 77.13% Space Free | Partition Type: FAT32
Drive J: | 1.86 Gb Total Space | 1.10 Gb Free Space | 59.04% Space Free | Partition Type: FAT32
Drive L: | 982.05 Mb Total Space | 287.60 Mb Free Space | 29.29% Space Free | Partition Type: FAT32
Drive W: | 647.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive X: | 533.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive Y: | 96.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: NONERT-82YVYMU0
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 00:55:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/07/27 13:31:48 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/05/26 13:03:36 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/12/12 15:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 00:55:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/10/09 11:53:03 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/05/26 13:05:04 | 002,437,176 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/03/03 17:21:23 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2005/12/12 15:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2004/11/17 23:12:14 | 000,118,784 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/03/09 22:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/10/16 22:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\NTACCESS.SYS -- (WEBNTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/06/01 00:37:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/14 16:10:31 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/14 16:10:31 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/14 16:10:26 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/04/14 16:10:20 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/08 12:49:59 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/02/28 02:08:16 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/28 02:08:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/04/13 14:36:38 | 000,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/03/06 11:51:14 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/03/08 15:34:46 | 004,027,840 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/10/17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/08/09 14:29:08 | 000,015,345 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\PC Alert 4\NTCooler.sys -- (CoolerXPDriver)
DRV - [2004/08/22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2004/03/02 14:02:30 | 000,167,040 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3Psddr)
DRV - [2003/08/04 03:56:02 | 000,884,614 | R--- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winachcf.sys -- (Winachcf)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.8.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ea627165-1724-4db5-ccde-fdc12f45452e}:2.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 13:31:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 13:31:54 | 000,000,000 | ---D | M]

[2010/03/20 23:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/08/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions
[2010/04/26 21:05:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/20 23:23:22 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/03/21 02:12:03 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/03/20 23:19:44 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}
[2010/08/08 14:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xpqrfdvr.default\extensions\{ea627165-1724-4db5-ccde-fdc12f45452e}
[2010/08/16 17:31:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 15:14:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/01 18:10:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/24 00:42:09 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/08/16 23:31:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000315.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra 'Tools' menuitem : Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1269839132156 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236018061328 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/01 21:32:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/13 22:38:52 | 003,533,821 | ---- | M] () - I:\AutoCAD 2008_cust_settings.zip -- [ FAT32 ]
O32 - AutoRun File - [2010/06/26 19:10:38 | 000,000,197 | ---- | M] () - J:\AutoRun.inf -- [ FAT32 ]
O32 - AutoRun File - [1999/01/19 18:25:50 | 000,000,095 | R--- | M] () - W:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [1999/01/19 18:26:06 | 000,000,187 | R--- | M] () - W:\AUTORUN.INI -- [ CDFS ]
O32 - AutoRun File - [2003/07/16 16:55:09 | 000,000,110 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2003/08/11 17:48:20 | 000,000,043 | R--- | M] () - Y:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 00:55:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/17 00:43:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/17 00:02:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2010/08/16 00:20:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/15 22:40:23 | 000,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010/08/15 16:24:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Broni
[2010/08/08 15:22:34 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/06 02:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\New Folder
[2010/08/01 18:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/28 17:28:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2010/07/27 14:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2010/07/21 03:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\CPU Thermometer
[2010/07/20 22:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2010/07/16 21:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Everest
[2010/07/11 01:06:19 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/07/11 01:03:41 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/07/11 01:01:22 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/07/11 01:01:21 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/07/11 01:01:10 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/07/11 00:55:35 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/07/03 14:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010/06/29 13:00:12 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/29 01:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Antioch House
[2010/06/20 22:57:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/06/20 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\SecurityScans
[2010/06/19 22:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Mower lawsuit
[2010/06/12 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\IE8 blurry
[2010/06/12 17:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/06/11 20:56:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/06/11 20:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/06/11 20:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/05/27 13:27:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2010/05/24 00:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/05/24 00:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/05/22 15:11:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/21 11:02:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2009/03/02 12:02:13 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2009/03/02 12:02:13 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/17 00:55:47 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/17 00:52:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 00:52:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 00:52:12 | 1039,716,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/17 00:51:16 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/17 00:51:11 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/17 00:22:16 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/16 23:31:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/16 17:23:58 | 000,551,842 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Me_Momalate50_sorearly60_s.jpg
[2010/08/16 17:23:31 | 000,148,092 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Martins.JPG
[2010/08/16 12:03:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 01:55:48 | 000,010,102 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Skeeters have been bitin.docx
[2010/08/16 00:21:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/15 23:22:30 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BleepingComputer.com Toseeka; shopica; findlinks.URL
[2010/08/15 22:40:23 | 000,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2010/08/15 22:40:23 | 000,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2010/08/15 22:40:23 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2010/08/15 22:40:23 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010/08/14 18:36:59 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/08/14 18:36:56 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/14 15:20:55 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NC8012490 Machinist.doc
[2010/08/13 22:26:57 | 000,011,044 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Magic Chef Microwave Oven.docx
[2010/08/13 21:26:20 | 010,485,760 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.bak
[2010/08/13 03:24:24 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hulu - The Pride Of St. Louis - Watch the full feature film now..url
[2010/08/12 15:46:50 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\50332 pressure regulator - Google Search.URL
[2010/08/12 00:28:41 | 000,014,211 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\'94 Dodge Gas Mileage.xlsx
[2010/08/11 09:46:21 | 000,351,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 09:41:23 | 000,492,248 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 09:41:23 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 09:41:23 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/11 01:16:44 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How to Stop svchost.exe High CPU Usage.URL
[2010/08/09 21:13:41 | 000,000,069 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Office of Community Services - Low Income Home Energy Assistance (LIHEAP) Program.URL
[2010/08/09 17:46:23 | 005,864,631 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ID-2820 cordless phone.PDF
[2010/08/09 01:15:00 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Hulu - Big House, U.S.A. - Watch the full feature film now..URL
[2010/08/07 21:14:15 | 000,000,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\secrets-to-maximizing-social-security Personal Finance News from Yahoo! Finance.URL
[2010/08/06 12:42:02 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2007.lnk
[2010/08/06 12:38:53 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Recent Tithes 2.xlsx
[2010/08/06 00:49:04 | 000,000,119 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\kb2286198 slow - Google Search.URL
[2010/08/05 21:20:46 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2010/08/05 12:46:06 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/08/05 12:12:25 | 000,000,817 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/05 08:48:57 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\12 Examples of "Mental Accounting" (And How To Avoid Them) - trademonster.com - Yahoo! Buzz.URL
[2010/08/03 22:15:13 | 000,000,142 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Supplements to consider.URL
[2010/08/01 15:09:59 | 000,034,472 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\key_art_highway_patrol.jpg
[2010/08/01 02:10:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/01 00:22:42 | 000,010,523 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Many of the liquid soap products are leaking.docx
[2010/07/31 03:36:10 | 002,110,022 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/07/28 23:39:20 | 000,000,060 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NumbersUSA For Lower Immigration Levels - For Lower Immigration Levels.URL
[2010/07/28 03:23:37 | 000,000,096 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Computer Power Supply Fan Replacement.URL
[2010/07/28 03:03:25 | 000,000,094 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Antec EarthWatts EA-500 500W Review.URL
[2010/07/27 21:11:01 | 000,012,437 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Walmart downloads.docx
[2010/07/24 18:29:09 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Hi Ray.doc
[2010/07/23 22:36:57 | 000,178,984 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Magic Chef mcm1290a.pdf
[2010/07/23 17:06:53 | 000,014,562 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Leanness Law No 1.docx
[2010/07/23 17:06:53 | 000,014,562 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Leanness Law No 1.docx
[2010/07/23 16:44:04 | 000,000,091 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\How do you add another yahoo email address to your existing yahoo account - Yahoo! Answers.URL
[2010/07/23 01:19:08 | 000,144,379 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Maintenance Guide.pdf
[2010/07/23 01:18:38 | 001,729,313 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Manual.pdf
[2010/07/21 18:18:56 | 013,525,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox 0.7.110.exe
[2010/07/21 14:04:20 | 000,301,752 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\plugin-Slim_DVD_Writer_en_.pdf
[2010/07/20 19:52:57 | 000,073,412 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Cricket modem, MUST READ FIRST.pdf
[2010/07/18 20:14:02 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/07/17 21:41:05 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Installed programs & instructions on their use..doc
[2010/07/15 15:58:30 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2010/07/13 03:25:06 | 000,000,076 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wendys Survey.URL
[2010/07/11 20:45:10 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
[2010/07/11 20:45:10 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
[2010/07/09 11:52:16 | 000,000,103 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Dell Documentation.URL
[2010/07/06 22:46:43 | 000,011,601 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\My Job List.docx
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/28 00:25:46 | 000,943,454 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\C139_9500A91O Elaine's old phone.pdf
[2010/06/11 20:57:07 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/06/11 20:56:39 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/06/09 17:59:03 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\e-Sword.lnk
[2010/05/28 07:04:52 | 000,014,896 | ---- | M] (Secunia) -- C:\WINDOWS\System32\drivers\psi_mf.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 00:11:04 | 1039,716,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/16 17:23:54 | 000,551,842 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Me_Momalate50_sorearly60_s.jpg
[2010/08/16 17:23:30 | 000,148,092 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Martins.JPG
[2010/08/16 01:55:48 | 000,010,102 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Skeeters have been bitin.docx
[2010/08/16 00:21:02 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/16 00:20:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/15 23:22:30 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BleepingComputer.com Toseeka; shopica; findlinks.URL
[2010/08/15 22:40:23 | 000,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2010/08/15 22:40:23 | 000,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2010/08/15 22:40:23 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2010/08/15 22:40:23 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2010/08/14 15:51:14 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/13 03:24:24 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hulu - The Pride Of St. Louis - Watch the full feature film now..url
[2010/08/12 15:46:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\50332 pressure regulator - Google Search.URL
[2010/08/11 01:16:44 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How to Stop svchost.exe High CPU Usage.URL
[2010/08/09 21:13:41 | 000,000,069 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Office of Community Services - Low Income Home Energy Assistance (LIHEAP) Program.URL
[2010/08/09 17:47:36 | 005,864,631 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ID-2820 cordless phone.PDF
[2010/08/09 01:15:00 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Hulu - Big House, U.S.A. - Watch the full feature film now..URL
[2010/08/07 21:33:53 | 010,485,760 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.bak
[2010/08/07 21:14:15 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\secrets-to-maximizing-social-security Personal Finance News from Yahoo! Finance.URL
[2010/08/06 12:46:31 | 000,011,044 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Magic Chef Microwave Oven.docx
[2010/08/06 00:49:04 | 000,000,119 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\kb2286198 slow - Google Search.URL
[2010/08/05 12:46:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2010/08/05 08:48:57 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\12 Examples of "Mental Accounting" (And How To Avoid Them) - trademonster.com - Yahoo! Buzz.URL
[2010/08/03 22:15:13 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Supplements to consider.URL
[2010/08/01 15:09:03 | 000,034,472 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\key_art_highway_patrol.jpg
[2010/08/01 00:22:42 | 000,010,523 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Many of the liquid soap products are leaking.docx
[2010/07/28 23:39:20 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NumbersUSA For Lower Immigration Levels - For Lower Immigration Levels.URL
[2010/07/28 03:23:37 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Computer Power Supply Fan Replacement.URL
[2010/07/28 03:03:25 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Antec EarthWatts EA-500 500W Review.URL
[2010/07/27 21:08:28 | 000,012,437 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Walmart downloads.docx
[2010/07/26 19:34:16 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NC8012490 Machinist.doc
[2010/07/24 17:58:12 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Hi Ray.doc
[2010/07/23 22:36:57 | 000,178,984 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Magic Chef mcm1290a.pdf
[2010/07/23 18:15:30 | 013,525,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox 0.7.110.exe
[2010/07/23 17:08:54 | 000,014,562 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Leanness Law No 1.docx
[2010/07/23 17:06:53 | 000,014,562 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Leanness Law No 1.docx
[2010/07/23 16:44:04 | 000,000,091 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\How do you add another yahoo email address to your existing yahoo account - Yahoo! Answers.URL
[2010/07/23 01:19:35 | 000,144,379 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Maintenance Guide.pdf
[2010/07/23 01:18:55 | 001,729,313 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\1998 Explorer Manual.pdf
[2010/07/21 14:06:13 | 000,301,752 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\plugin-Slim_DVD_Writer_en_.pdf
[2010/07/20 19:52:57 | 000,073,412 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Cricket modem, MUST READ FIRST.pdf
[2010/07/18 20:14:02 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/07/15 15:58:30 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\Default.rdp
[2010/07/13 03:25:06 | 000,000,076 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Wendys Survey.URL
[2010/07/13 01:28:01 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
[2010/07/13 01:25:46 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\AD-5590A NEC Laptop DVDRW Sony Ad-5590a 8x Dvdrw Notebook Drive.URL
[2010/07/12 11:15:29 | 000,127,488 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\MicroKeyBoardShorcuts.doc
[2010/07/11 01:06:17 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/07/11 01:00:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/07/11 01:00:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/07/11 00:58:36 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/07/09 11:54:20 | 000,000,103 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Dell Documentation.URL
[2010/07/08 15:02:01 | 000,943,454 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\C139_9500A91O Elaine's old phone.pdf
[2010/06/14 12:03:39 | 000,014,211 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\'94 Dodge Gas Mileage.xlsx
[2010/06/14 09:57:14 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Installed programs & instructions on their use..doc
[2010/06/11 20:56:22 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/22 15:12:13 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/02/18 20:17:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mohinstall.dll
[2009/10/23 23:35:52 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/05/08 12:13:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/05/08 12:13:51 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/05/08 12:13:51 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/05/08 12:13:51 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/04/01 00:49:01 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.html
[2009/04/01 00:46:32 | 000,141,313 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\FASTWiz.log
[2009/03/21 11:02:14 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.log
[2009/03/21 11:02:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2009/03/21 11:02:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2009/03/12 12:06:30 | 000,000,216 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009/03/08 15:20:23 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/06 19:53:31 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/04 00:04:53 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/03/04 00:04:53 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/03/04 00:04:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/03/04 00:04:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/03/04 00:04:53 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/03/04 00:04:53 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/03/03 22:51:57 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/03/02 12:42:43 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2009/03/02 10:55:40 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/03/02 09:29:53 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/03/02 09:29:44 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2008/02/19 23:08:22 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/03/09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/04/14 16:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/05/22 15:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/06/07 23:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/02/19 18:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/23 22:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibbs
[2010/07/27 14:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoodSync
[2009/03/02 10:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/08/13 20:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/08 12:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrueCrypt
[2009/12/02 16:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.3.0
[2010/01/05 00:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.4
[2009/06/07 23:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Autodesk
[2009/03/04 00:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Copernic
[2010/05/24 00:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit
[2010/07/20 22:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Foxit Software
[2009/08/23 22:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Gibbs
[2010/07/30 01:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GoodSync
[2009/03/04 00:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2009/03/04 00:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2009/04/28 19:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeUpdate12
[2009/03/21 23:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2010/04/08 13:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TrueCrypt
[2009/03/21 11:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2009/12/15 13:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherPulse
[2009/03/02 13:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/04/17 20:33:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinFF
[2010/06/07 02:41:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/03/01 21:32:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/15 02:13:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/16 00:21:02 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/17 00:25:30 | 000,015,647 | ---- | M] () -- C:\ComboFix.txt
[2009/03/01 21:32:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/17 00:52:12 | 1039,716,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/15 01:10:44 | 000,014,107 | ---- | M] () -- C:\HijackPatrol.log
[2009/03/01 21:32:46 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/06 02:01:40 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2009/03/01 21:32:46 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/03/01 21:47:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/15 01:50:59 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/17 00:52:06 | 1558,183,936 | -HS- | M] () -- C:\pagefile.sys
[2010/08/16 20:59:05 | 000,000,369 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/06/10 15:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD58.DLL
[2004/06/10 15:00:00 | 000,048,640 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP58.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/01 16:22:32 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/01 16:22:32 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/01 16:22:32 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

broni · 2010/08/17

You're still not saying how your computer is doing....

James Martin · 2010/08/17

There was no Extra Log this time.

Ran it twice, but saw only one log.

Note: There is thumbs.db file sitting on the desktop. Not sure the origin of it.

===========================

As for PC performance, I can't really say yet. The problem was intermittent at best.

broni · 2010/08/17

One log, because you ran OTL before.

Will I know how your computer is doing?

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

James Martin · 2010/08/17

As for PC performance, I can't really say yet. The problem was intermittent at best.

I'll keep you posted about performance ASAP.

James Martin · 2010/08/17

OTL Scan 3

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\WINDOWS\SETD.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 38246124 bytes
->Flash cache emptied: 831 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 7246764 bytes
->Flash cache emptied: 649 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner
->Temp folder emptied: 428152 bytes
->Temporary Internet Files folder emptied: 724741 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32492391 bytes
->Flash cache emptied: 780 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 934 bytes

Total Files Cleaned = 76.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08172010_012830

Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\~DF2E6.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\ZLT00938.TMP not found!

Registry entries deleted on Reboot...

broni · 2010/08/17

OK. Bed time for me
I'll see you tomorrow

Log in or Sign up

Solved svchost.exe (network service) Slow - Possible Infection?

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved svchost.exe (network service) Slow - Possible Infection?

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

James Martin Geek Member Thread Starter

James Martin Geek Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches