Solved Computer running 75-80% busy...no apps running.

pilotgal8 · 2010/08/01

[Resolved] Computer running 75-80% busy...no apps running.

Ran Malware bytes with 2 bad guys foudn & removed.
Heres' the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4378

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/1/2010 7:43:32 PM
mbam-log-2010-08-01 (19-43-32).txt

Scan type: Quick scan
Objects scanned: 155970
Time elapsed: 20 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ( "%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/08/01

Any reason, you never finished this topic: http://www.windowsbbs.com/malware-virus-removal/93821-inactive-strange-virus-problem.html ?
Same computer?

If not, you know the rules...

Please, read this post, then post the requested log(s).

pilotgal8 · 2010/08/02

Broni,

The other thread is incomplete, as the friend is on vacation. It should be complete this week. Thanks for the reminder of the rules. and thanks again for your excellent help.

DDS.TXT

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rosemary at 4:11:11.26 on Mon 08/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1181 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Quicken2010\bagent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rosemary\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.goodsearch.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: GhosteryBHO Class: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PxDotNetLoader] "c:\program files\fidelity investments\fidelity active trader\system\ATPStartupAssistant.exe "
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [QuickenScheduledUpdates] c:\program files\quicken2010\bagent.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe "
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe "
mRun: [CCUTRAYICON] c:\program files\intel\inteldh\ccu\CCU_TrayIcon.exe
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: bankatlantic.com
Trusted Zone: facebook.com
Trusted Zone: fundsexpress.com
Trusted Zone: ibmsecu.org
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://echat.bellsouth.net/sdccommon/download/tgctlcm.cab
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab
DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} - hxxp://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182539247843
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182539214796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - c:\program files\fidelity investments\fidelity active trader\system\atngprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 zmNTMon;zmNTMon;c:\windows\system32\drivers\ZmNTMon.sys [2007-12-3 5760]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-4 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-6-23 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-4 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-8 308136]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-12 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-12 711352]
R2 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-11-10 170456]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 zmNTZip;zmNTZip;c:\program files\ontrack\zipmagic\zmNTZip.sys [2007-12-3 155576]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-08-01 22:36:35 0 d-----w- c:\program files\GhosteryIEplugin
2010-07-23 15:14:04 150860 ----a-w- C:\fgX0CLC0.tif
2010-07-14 11:11:42 0 d-sh--w- c:\documents and settings\rosemary\IECompatCache
2010-07-13 17:38:16 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 13:12:31 0 d-sh--w- c:\documents and settings\rosemary\PrivacIE
2010-07-10 13:09:21 0 d-sh--w- c:\documents and settings\rosemary\IETldCache
2010-07-10 12:58:43 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-10 12:58:43 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-10 12:58:43 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-10 12:58:43 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-10 12:58:43 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-10 12:58:43 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-10 12:58:43 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-10 12:58:39 0 d-----w- c:\windows\ie8updates
2010-07-10 12:57:54 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-10 12:56:29 0 dc-h--w- c:\windows\ie8
2010-07-10 11:35:00 0 d-----w- C:\7099b4e9c938745663
2010-07-07 11:08:26 34 ----a-w- c:\windows\system32\BD7820N.DAT

==================== Find3M ====================

2010-07-15 13:34:57 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:34:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:33:05 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-06 19:44:34 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-07-06 19:44:28 2319536 ----a-w- c:\windows\system32\Incinerator.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41:53 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-05-06 10:41:52 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-05-06 10:41:52 5950976 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-05-06 10:41:52 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-05-06 10:41:52 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-05-06 10:41:51 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-05-06 10:41:50 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-05-06 10:41:48 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe

============= FINISH: 4:12:19.40 ===============

leteas the friend is on vacation, due to return this week
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/22/2007 2:13:23 PM
System Uptime: 8/2/2010 3:51:02 AM (1 hours ago)

Motherboard: Intel Corporation | | D975XBX
Processor: Intel(R) Pentium(R) D CPU 3.20GHz | J3E1 | 3209/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 193.628 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1152: 4/30/2010 11:56:18 AM - System Checkpoint
RP1153: 4/30/2010 1:28:49 PM - Installed TurboTax Basic 2003
RP1154: 4/30/2010 1:49:22 PM - Removed WexTech AnswerWorks
RP1155: 4/30/2010 1:50:31 PM - Installed TurboTax Deluxe 2004
RP1156: 4/30/2010 1:53:10 PM - Installed WexTech AnswerWorks
RP1157: 5/1/2010 2:57:00 PM - System Checkpoint
RP1158: 5/1/2010 8:05:02 PM - Pre Quicken UPgrade
RP1159: 5/1/2010 8:10:47 PM - Printer Driver Amyuni Document Converter 400 Installed
RP1160: 5/3/2010 4:17:40 AM - System Checkpoint
RP1161: 5/4/2010 4:53:33 AM - System Checkpoint
RP1162: 5/4/2010 1:02:13 PM - Printer Driver Samsung CLP-310 Series Installed
RP1163: 5/5/2010 1:47:52 PM - System Checkpoint
RP1164: 5/6/2010 5:09:19 AM - Avg Update
RP1165: 5/7/2010 5:10:08 AM - System Checkpoint
RP1166: 5/8/2010 6:34:06 AM - System Checkpoint
RP1167: 5/9/2010 6:45:18 AM - System Checkpoint
RP1168: 5/10/2010 7:00:28 AM - System Checkpoint
RP1169: 5/11/2010 8:04:03 AM - System Checkpoint
RP1170: 5/11/2010 3:00:32 PM - Pre MS fixes
RP1171: 5/11/2010 3:03:20 PM - Software Distribution Service 3.0
RP1172: 5/12/2010 3:15:34 PM - System Checkpoint
RP1173: 5/13/2010 4:51:30 PM - System Checkpoint
RP1174: 5/14/2010 5:10:55 PM - System Checkpoint
RP1175: 5/15/2010 5:22:34 PM - System Checkpoint
RP1176: 5/16/2010 6:57:52 PM - System Checkpoint
RP1177: 5/17/2010 12:22:38 AM - Installed WOT for Internet Explorer
RP1178: 5/17/2010 12:37:51 AM - Installed Java(TM) 6 Update 20
RP1179: 5/17/2010 12:39:33 AM - Removed The Print Shop
RP1180: 5/17/2010 8:41:10 AM - Installed SUPERAntiSpyware Free Edition
RP1181: 5/18/2010 10:00:35 AM - System Checkpoint
RP1182: 5/19/2010 10:38:01 AM - System Checkpoint
RP1183: 5/20/2010 1:52:07 PM - System Checkpoint
RP1184: 5/25/2010 10:18:25 AM - Removed WOT for Internet Explorer
RP1185: 6/2/2010 9:15:59 AM - Avg Update
RP1186: 6/2/2010 6:29:38 PM - Software Distribution Service 3.0
RP1187: 6/9/2010 2:49:51 AM - Software Distribution Service 3.0
RP1188: 6/9/2010 3:17:33 AM - Software Distribution Service 3.0
RP1189: 6/14/2010 12:41:36 PM - Removed Avery Wizard 3.1
RP1190: 6/14/2010 12:42:24 PM - Installed Avery Wizard 3.1.
RP1191: 6/14/2010 3:50:54 PM - Removed Ask Toolbar.
RP1192: 6/16/2010 5:37:43 AM - Software Distribution Service 3.0
RP1193: 6/16/2010 5:43:29 AM - Software Distribution Service 3.0
RP1194: 6/18/2010 1:54:58 PM - Software Distribution Service 3.0
RP1195: 6/23/2010 9:03:00 AM - Software Distribution Service 3.0
RP1196: 6/24/2010 10:05:29 AM - System Checkpoint
RP1197: 6/25/2010 9:03:03 AM - Avg Update
RP1198: 6/26/2010 3:06:23 PM - System Checkpoint
RP1199: 6/27/2010 3:23:15 PM - System Checkpoint
RP1200: 6/28/2010 9:13:23 PM - System Checkpoint
RP1201: 6/28/2010 9:14:01 PM - Software Distribution Service 3.0
RP1202: 6/28/2010 10:34:45 PM - Software Distribution Service 3.0
RP1203: 6/29/2010 10:37:07 AM - Software Distribution Service 3.0
RP1204: 6/30/2010 12:43:06 PM - System Checkpoint
RP1205: 7/1/2010 7:08:35 PM - System Checkpoint
RP1206: 7/2/2010 8:00:23 PM - System Checkpoint
RP1207: 7/3/2010 8:02:52 PM - System Checkpoint
RP1208: 7/4/2010 8:51:10 PM - System Checkpoint
RP1209: 7/5/2010 9:14:09 PM - System Checkpoint
RP1210: 7/6/2010 9:31:17 PM - System Checkpoint
RP1211: 7/7/2010 10:49:49 PM - System Checkpoint
RP1212: 7/8/2010 5:22:52 AM - Software Distribution Service 3.0
RP1213: 7/10/2010 4:00:58 AM - Software Distribution Service 3.0
RP1214: 7/10/2010 7:34:50 AM - Software Distribution Service 3.0
RP1215: 7/10/2010 8:52:33 AM - Software Distribution Service 3.0
RP1216: 7/11/2010 9:05:06 AM - System Checkpoint
RP1217: 7/13/2010 1:39:31 PM - Software Distribution Service 3.0
RP1218: 7/15/2010 9:31:38 AM - Avg Update
RP1219: 7/15/2010 9:35:16 AM - Avg Update
RP1220: 7/17/2010 3:02:03 PM - System Checkpoint
RP1221: 7/18/2010 5:27:57 PM - System Checkpoint
RP1222: 7/19/2010 5:48:32 PM - System Checkpoint
RP1223: 7/20/2010 5:49:13 PM - System Checkpoint
RP1224: 7/21/2010 8:33:42 AM - Avg Update
RP1225: 7/22/2010 12:50:03 PM - System Checkpoint
RP1226: 7/23/2010 1:13:27 PM - System Checkpoint
RP1227: 7/24/2010 2:10:31 PM - System Checkpoint
RP1228: 7/25/2010 4:58:58 PM - System Checkpoint
RP1229: 7/26/2010 5:31:22 PM - System Checkpoint
RP1230: 7/27/2010 10:08:43 PM - System Checkpoint
RP1231: 7/28/2010 11:01:46 PM - System Checkpoint

==== Installed Programs ======================

2000 TurboTax for Windows
2001 TurboTax for Windows
7200
7200_Help
7200Trb
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 9.3.3
Advanced Analyzer
AiO_Scan
AiOSoftware
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
ATI Display Driver
Avery Wizard 3.1
AVG Free 9.0
Broderbund Media Manager
BufferChm
Carbonite
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Debugging Tools for Windows
Debugging Tools for Windows (x86)
Destinations
Director
DocProc
DocumentViewer
doPDF 5.0 printer
EasyCleaner
Fax
Fidelity Active Trader Pro®
Ghostery IE Plugin
Google Earth
Google Updater
GoToMeeting 4.0.0.320
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Officejet 7200 series
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 4.7
HP Update
HPSystemDiagnostics
InstantShare
Intel Audio Studio 2.0
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viivâ„¢ Software
Intuit Entitlement Client
iolo technologies' System Mechanic Professional
ItsDeductible Express
Java Auto Updater
Java(TM) 6 Update 20
LaserJet 1020 series
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
MediaShow 3.0
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Web Publishing Wizard 1.52
Microsoft Works Suite 2006 Setup Launcher
mIRC
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
OIB4 Training Install Kit
Ontrack ZipMagic 4.0
OrchidWiz Encyclopedia
OrderReminder HP LaserJet 1020
PanoStandAlone
PCI SoftV92 Modem
Pdf995
PhotoGallery
PowerDVD
PowerProducer
PowerStarter
ProductContext
ProSeries Basic Edition 2007
QFolder
QuickBooks
QuickBooks Premier: Accountant Edition 2007
QuickBooks Pro 2009
Quicken 2010
QuoteTracker
Readme
SafeCast Shared Components
Samsung CLP-310 Series
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Shockwave
SigmaTel Audio
SkinsHP1
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
SupportSoft Assisted Service
TaxCut Premium + State + Efile 2008
TrayApp
TurboTax 2008
TurboTax 2008 wgaiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 wgaiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wnciper
TurboTax 2009 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
VNC 4.0
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update

==== Event Viewer Messages From Past Week ========

8/1/2010 9:00:37 PM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x800706BB
8/1/2010 8:02:30 PM, error: System Error [1003] - Error code 1000007f, parameter1 0000000d, parameter2 00000000, parameter3 00000000, parameter4 00000000.
8/1/2010 6:28:58 PM, error: Service Control Manager [7034] - The iolo System Service service terminated unexpectedly. It has done this 1 time(s).
8/1/2010 6:28:58 PM, error: Service Control Manager [7034] - The iolo FileInfoList Service service terminated unexpectedly. It has done this 1 time(s).
7/28/2010 12:31:49 PM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library TOSHIBA TransMemory USB Device.
7/27/2010 5:06:48 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0016761F508E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/27/2010 2:09:47 AM, error: System Error [1003] - Error code 1000000a, parameter1 0000001f, parameter2 00000002, parameter3 00000001, parameter4 806e6a16.
7/27/2010 2:07:27 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep Lbd
7/27/2010 2:07:21 AM, error: Service Control Manager [7023] - The Intel(R) Quick Resume technology service terminated with the following error: The system could not find the environment option that was entered.
7/27/2010 2:07:08 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
7/27/2010 2:07:08 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
7/27/2010 2:07:08 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
7/27/2010 2:06:45 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0016761F508E has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

broni · 2010/08/02

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

pilotgal8 · 2010/08/02

ComboFix 10-08-02.01 - Rosemary 08/02/2010 18:38:41.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1341 [GMT -4:00]
Running from: c:\documents and settings\Rosemary\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rosemary\g2mdlhlpx.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-01 22:36 . 2010-08-01 22:36 -------- d-----w- c:\program files\GhosteryIEplugin
2010-07-30 21:10 . 2010-08-02 00:38 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-07-21 12:33 . 2010-07-21 12:33 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-21 12:33 . 2010-07-21 12:33 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-07-21 12:33 . 2010-07-21 12:33 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-07-17 15:42 . 2010-07-17 15:42 205864 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-15 13:35 . 2010-07-15 13:35 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-15 13:35 . 2010-07-15 13:35 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-15 13:31 . 2010-07-15 13:31 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-15 13:31 . 2010-07-15 13:31 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-15 13:31 . 2010-07-15 13:31 1038688 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-15 13:31 . 2010-07-15 13:31 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-14 11:11 . 2010-07-14 11:11 -------- d-sh--w- c:\documents and settings\Rosemary\IECompatCache
2010-07-13 17:38 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-10 13:12 . 2010-07-10 13:12 -------- d-sh--w- c:\documents and settings\Rosemary\PrivacIE
2010-07-10 13:11 . 2010-07-10 13:11 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-10 13:09 . 2010-07-10 13:09 -------- d-sh--w- c:\documents and settings\Rosemary\IETldCache
2010-07-10 12:58 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-10 12:58 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-10 12:58 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-10 12:58 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-10 12:58 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-10 12:58 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-10 12:58 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-10 12:58 . 2010-07-10 12:58 -------- d-----w- c:\windows\ie8updates
2010-07-10 12:57 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-10 12:56 . 2010-07-10 12:57 -------- dc-h--w- c:\windows\ie8
2010-07-10 11:35 . 2010-07-10 11:35 -------- d-----w- C:\7099b4e9c938745663
2010-07-07 11:08 . 2010-07-07 11:08 34 ----a-w- c:\windows\system32\BD7820N.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 22:21 . 2007-06-25 00:48 12375 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2010-08-02 22:21 . 2009-04-29 00:36 15214 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-07-31 11:07 . 2007-06-23 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-07-24 09:13 . 2010-05-17 12:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-15 13:34 . 2008-05-04 12:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 13:34 . 2008-05-04 12:43 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 13:33 . 2008-05-04 12:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-10 07:50 . 2010-01-12 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-07-08 18:15 . 2007-06-23 17:41 -------- d-----w- c:\program files\ItsDeductibleEX
2010-07-06 19:44 . 2010-01-12 18:26 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-07-06 19:44 . 2008-03-18 16:19 2319536 ----a-w- c:\windows\system32\Incinerator.dll
2010-07-02 04:22 . 2010-07-02 04:22 496944 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-07-02 04:22 . 2010-07-02 04:22 791856 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-07-02 04:22 . 2010-07-02 04:22 570672 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-07-02 04:22 . 2010-07-02 04:22 423216 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-07-02 04:22 . 2010-07-02 04:22 296240 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-07-02 04:22 . 2010-07-02 04:22 267568 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-07-02 04:22 . 2010-07-02 04:22 763184 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-07-02 04:22 . 2010-07-02 04:22 398640 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-07-02 04:22 . 2010-07-02 04:22 1152304 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-07-02 04:22 . 2010-07-02 04:22 856880 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\dblgen11.dll
2010-07-02 04:22 . 2010-07-02 04:22 2184496 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-07-02 04:22 . 2010-07-02 04:22 1372424 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-06-21 01:26 . 2010-05-02 00:09 -------- d-----w- c:\program files\Quicken2010
2010-06-21 01:23 . 2010-06-21 01:23 2812928 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\191916-191106.dll
2010-06-21 01:23 . 2010-05-02 00:14 243032 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-06-20 09:43 . 2009-04-02 15:13 -------- d-----w- c:\program files\Lavasoft
2010-06-20 09:43 . 2008-03-18 11:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-16 09:48 . 2008-07-06 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-14 16:48 . 2007-06-23 06:52 103832 -c--a-w- c:\documents and settings\Rosemary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-14 16:43 . 2010-06-14 16:43 -------- d-----w- c:\program files\Avery
2010-06-14 16:42 . 2007-06-23 07:28 -------- d-----w- c:\program files\Avery Wizard 3.1
2010-06-14 14:31 . 2006-09-29 17:55 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 07:51 . 2008-07-26 16:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 13:15 . 2007-06-23 07:55 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-23 19:38 . 2010-05-17 12:41 63488 ----a-w- c:\documents and settings\Rosemary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-23 19:38 . 2010-05-17 12:41 117760 ----a-w- c:\documents and settings\Rosemary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-22 21:32 . 2010-05-22 21:32 503808 -c--a-w- c:\documents and settings\Rosemary\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30589fc4-n\msvcp71.dll
2010-05-22 21:32 . 2010-05-22 21:32 499712 -c--a-w- c:\documents and settings\Rosemary\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30589fc4-n\jmc.dll
2010-05-22 21:32 . 2010-05-22 21:32 348160 -c--a-w- c:\documents and settings\Rosemary\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-30589fc4-n\msvcr71.dll
2010-05-22 21:32 . 2010-05-22 21:32 61440 -c--a-w- c:\documents and settings\Rosemary\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1804feb9-n\decora-sse.dll
2010-05-22 21:32 . 2010-05-22 21:32 12800 -c--a-w- c:\documents and settings\Rosemary\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1804feb9-n\decora-d3d.dll
2010-05-17 12:41 . 2010-05-17 12:41 52224 ----a-w- c:\documents and settings\Rosemary\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-06 10:41 . 2006-09-29 17:41 916480 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]
2010-05-14 18:10 561400 ----a-w- c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-04-29 21:19 583312 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PxDotNetLoader "= "c:\program files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" [2009-03-25 42336]
"Messenger (Yahoo!) "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"QuickenScheduledUpdates "= "c:\program files\Quicken2010\bagent.exe" [2010-06-02 77656]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-24 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"LanguageShortcut "= "c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"IntelAudioStudio "= "c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-04-19 9125888]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"CCUTRAYICON "= "c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-10 309720]
"NMSSupport "= "c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-04-29 669840]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-07-02 976832]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-28 606208]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-7-16 984352]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 13:34 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"\\\\H3A5D2\\E\\Program Files\\Mirc\\mirc.exe "=
"c:\\Program Files\\Mirc\\mirc.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe "=
"c:\\Program Files\\Fidelity Investments\\Fidelity Active Trader\\System\\atng.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest "= 1 (0x1)

R0 zmNTMon;zmNTMon;c:\windows\system32\drivers\ZmNTMon.sys [12/3/2007 2:52 PM 5760]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 8:43 AM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2008 8:43 AM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/8/2009 10:45 AM 308136]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/12/2010 2:26 PM 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/12/2010 2:26 PM 711352]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 zmNTZip;zmNTZip;c:\program files\Ontrack\ZipMagic\zmNTZip.sys [12/3/2007 2:52 PM 155576]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.goodsearch.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll
Trusted Zone: bankatlantic.com
Trusted Zone: facebook.com
Trusted Zone: fundsexpress.com
Trusted Zone: ibmsecu.org
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-08-02 18:47:18
ComboFix-quarantined-files.txt 2010-08-02 22:47
ComboFix2.txt 2009-12-22 17:22
ComboFix3.txt 2009-12-21 20:53
ComboFix4.txt 2009-12-21 14:38

Pre-Run: 208,402,178,048 bytes free
Post-Run: 208,512,368,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 65D135C49FAAB50CE6D3B0793E35A30F

broni · 2010/08/02

Combofix looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

================================================================

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Post the content in your next reply.

============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

pilotgal8 · 2010/08/03

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 94.70 0 K 28 K
Interrupts n/a 0 K 0 K Hardware Interrupts
DPCs n/a 3.79 0 K 0 K Deferred Procedure Calls
System 4 0 K 101,776 K
smss.exe 644 172 K 428 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
csrss.exe 696 1,732 K 4,736 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
winlogon.exe 728 8,820 K 6,488 K Windows NT Logon Application Microsoft Corporation winlogon.exe
services.exe 772 0.76 1,936 K 3,780 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
ati2evxx.exe 956 860 K 3,120 K ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 976 3,384 K 6,520 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k DcomLaunch
wmiprvse.exe 3152 3,636 K 7,500 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
CCU_Engine.exe 3592 3,616 K 5,612 K Intel® Viiv™ Settings Intel Corporation "C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe" -Embedding
svchost.exe 1044 2,424 K 6,164 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost -k rpcss
svchost.exe 1168 27,676 K 40,320 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
wuauclt.exe 4436 2,268 K 4,852 K Windows Update Microsoft Corporation "C:\WINDOWS\system32\wuauclt.exe "
svchost.exe 1232 1,424 K 3,768 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 1360 1,220 K 3,304 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
spoolsv.exe 1740 4,144 K 6,872 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
svchost.exe 416 1,360 K 3,880 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
AlertService.exe 460 1,780 K 5,280 K Intel® Alert Service Intel Corporation "C:\Program Files\Intel\IntelDH\CCU\AlertService.exe "
avgwdsvc.exe 496 5,420 K 2,040 K AVG Watchdog Service AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG9\avgwdsvc.exe "
avgnsx.exe 1244 9,184 K 588 K AVG Network scanner Service AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG9\avgnsx.exe "
CDAC11BA.EXE 532 332 K 1,228 K Macrovision RTS Service Macrovision C:\WINDOWS\system32\drivers\CDAC11BA.EXE
CarboniteService.exe 556 6,908 K 17,668 K Carbonite Secure Backup Engine Carbonite, Inc. (www.carbonite.com) "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe "
IAANTmon.exe 700 412 K 1,500 K RAID Monitor Intel Corporation "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "
IntuitUpdateService.exe 1000 27,724 K 1,364 K Intuit Update Service Intuit Inc. "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe "
ioloServiceManager.exe 1132 23,836 K 14,204 K "C:\Program Files\iolo\common\lib\ioloServiceManager.exe "
jqs.exe 1452 2,248 K 1,408 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf "
RichVideo.exe 1864 840 K 3,060 K RichVideo Module "C:\Program Files\CyberLink\Shared Files\RichVideo.exe "
svchost.exe 2076 1,516 K 4,004 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
svchost.exe 2180 2,468 K 4,368 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
winvnc4.exe 2344 924 K 3,280 K VNC Server for Win32 RealVNC Ltd. "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
searchindexer.exe 2480 21,772 K 26,712 K Microsoft Windows Search Indexer Microsoft Corporation C:\WINDOWS\system32\SearchIndexer.exe /Embedding
YahooAUService.exe 2732 5,768 K 8,416 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe "
fxssvc.exe 2788 1,640 K 3,832 K Fax Service Microsoft Corporation C:\WINDOWS\system32\fxssvc.exe
ISSM.exe 2808 3,064 K 4,008 K Intel Software services manager Intel Corparation "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe "
MCLServiceATL.exe 2880 3,092 K 4,148 K MCL Application Tracker Intel Corparation "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe "
mcrdsvc.exe 2912 864 K 3,120 K MCRD Device Service Microsoft Corporation C:\WINDOWS\ehome\mcrdsvc.exe
mediaserver.exe 3644 17,364 K 21,740 K "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe "
Remote UI Service.exe 3672 3,976 K 6,328 K Remote UI Service Intel Corparation "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe "
alg.exe 3904 1,220 K 3,688 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
rsvp.exe 4008 3,456 K 1,100 K Microsoft RSVP Microsoft Corporation C:\WINDOWS\system32\rsvp.exe
dllhost.exe 5088 3,000 K 8,300 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
msdtc.exe 5192 1,932 K 5,208 K MS DTC console program Microsoft Corporation C:\WINDOWS\system32\msdtc.exe
vssvc.exe 4144 2,428 K 6,464 K Microsoft® Volume Shadow Copy Service Microsoft Corporation C:\WINDOWS\System32\vssvc.exe
dllhost.exe 4292 1,740 K 5,600 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{B39B0FF9-66C2-4338-AD59-B333F07B1791}
lsass.exe 784 4,260 K 2,472 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
ati2evxx.exe 1372 1,008 K 3,704 K ATI External Event Utility EXE Module ATI Technologies Inc. Ati2evxx.exe -Client
avgchsvx.exe 1380 23,120 K 344 K AVG Cache Server AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG9\avgchsvx.exe "
avgrsx.exe 1388 1,568 K 528 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. "C:\Program Files\AVG\AVG9\avgrsx.exe "
avgcsrvx.exe 1512 8,000 K 368 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. /pipeName=e0dc11e6-3e1f-4091-a5ef-ae0f3f20dc80 /coreSdkOptions=30 /logConfFile= "C:\Documents and Settings\All Users\Application Data\avg9\temp\e0c1b408-b810-4bd6-a198-dd04dae8bb41-56c-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath= "C:\Program Files\AVG\AVG9\" /tempPath= "C:\Documents and Settings\All Users\Application Data\avg9\temp\ "
explorer.exe 2004 28,056 K 37,336 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
ehtray.exe 332 2,332 K 10,760 K Media Center Tray Applet Microsoft Corporation "C:\WINDOWS\ehome\ehtray.exe"
IAAnotif.exe 1928 3,692 K 5,380 K Event Monitor User Notification Tool Intel Corporation "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
CCU_TrayIcon.exe 432 1,124 K 4,248 K Intel® Viiv™ Settings Intel Corporation "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"
IntelHCTAgent.exe 516 5,816 K 8,164 K Network monitor for Intel® Hub Connect Technology Intel Corporation "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
CarboniteUI.exe 360 14,812 K 25,284 K Carbonite User Interface Carbonite, Inc. "C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe"
avgtray.exe 924 4,100 K 4,044 K AVG Tray Monitor AVG Technologies CZ, s.r.o. "C:\PROGRA~1\AVG\AVG9\avgtray.exe"
jusched.exe 2568 824 K 2,876 K Java(TM) Update Scheduler Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
SSMMgr.exe 2924 2,680 K 4,396 K "C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" /autorun
YahooMessenger.exe 3184 48,928 K 52,360 K Yahoo! Messenger Yahoo! Inc. "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
bagent.exe 2784 6,216 K 11,788 K Quicken Background Agent Intuit Inc. "C:\Program Files\Quicken2010\bagent.exe"
SUPERANTISPYWARE.EXE 3400 72,632 K 568 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
ctfmon.exe 3512 940 K 3,472 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
hpqtra08.exe 2208 2,004 K 6,548 K HP Digital Imaging Monitor Hewlett-Packard Co. "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
qbupdate.exe 788 12,896 K 20,876 K QuickBooks Automatic Update Intuit Inc. "C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe"
WindowsSearch.exe 1216 6,016 K 12,016 K Windows Search System Tray Microsoft Corporation "C:\Program Files\Windows Desktop Search\WindowsSearch.exe" /startup
procexp.exe 2000 0.76 14,800 K 19,860 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\Rosemary\Desktop\ProcessExplorer\procexp.exe"
hpqgalry.exe 1944 18,456 K 9,368 K Hewlett-Packard Co. "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
iexplore.exe 4980 15,644 K 22,548 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
iexplore.exe 4544 49,088 K 55,584 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4980 CREDAT:79873
iexplore.exe 5840 54,532 K 66,092 K Internet Explorer Microsoft Corporation "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:4980 CREDAT:14339

pilotgal8 · 2010/08/03

OTL logfile created on: 8/3/2010 6:03:16 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Rosemary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 197.97 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PREFERRE-FDCCC9
Current User Name: Rosemary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/02 20:49:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
PRC - [2010/07/24 05:13:24 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/15 09:34:59 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 09:34:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:34:53 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:34:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:33:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:33:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/06/02 16:22:38 | 000,077,656 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken2010\bagent.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/16 22:23:34 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2009/04/29 17:19:52 | 001,959,056 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/04/29 17:19:50 | 000,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 16:22:05 | 000,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/11/10 11:56:38 | 000,432,600 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2006/11/10 11:56:28 | 000,170,456 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2006/11/10 11:52:40 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2006/11/10 11:52:34 | 000,100,824 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
PRC - [2006/11/10 11:51:56 | 000,309,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/10 11:51:48 | 000,408,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/10 11:51:40 | 000,195,032 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/29 19:10:04 | 000,375,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/08/02 20:49:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/07/15 09:34:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/04/29 17:19:52 | 001,959,056 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/10/25 16:22:05 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/11/10 11:56:38 | 000,432,600 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/11/10 11:56:28 | 000,170,456 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/11/10 11:52:40 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/11/10 11:52:34 | 000,100,824 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/11/10 11:51:40 | 000,195,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/07/27 08:39:04 | 000,196,608 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rosemary\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:34:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:33:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:18:11 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/02 09:15:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/29 17:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008/04/29 17:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/04/29 17:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/03 14:52:46 | 000,155,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Ontrack\ZipMagic\zmNTZip.sys -- (zmNTZip)
DRV - [2007/12/03 14:52:46 | 000,005,760 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\zmNTMon.sys -- (zmNTMon)
DRV - [2007/10/25 16:22:04 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2007/04/26 09:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 09:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 09:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/19 07:43:18 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2006/08/22 20:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/13 18:23:54 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/07/13 18:23:52 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/07/13 18:23:32 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/07/13 18:23:30 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/07/13 18:23:28 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/06/14 13:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/06/05 10:14:16 | 000,004,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/04/03 08:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/12/02 15:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/08/02 18:44:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GhosteryBHO Class) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll ()
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken2010\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll ()
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: bankatlantic.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: fundsexpress.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibmsecu.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Reg Error: Key error.)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182539247843 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182539214796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/29 13:58:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/03 05:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosemary\Desktop\ProcessExplorer
[2010/08/03 03:30:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/08/02 20:49:51 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
[2010/08/02 19:45:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/02 18:33:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 18:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\GhosteryIEplugin
[2010/07/14 07:11:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\IECompatCache
[2010/07/10 09:12:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\PrivacIE
[2010/07/10 09:09:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/10 09:09:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\IETldCache
[2010/07/10 08:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/10 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/10 08:56:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/10 07:35:00 | 000,000,000 | ---D | C] -- C:\7099b4e9c938745663
[2010/06/14 12:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2010/05/17 08:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosemary\Application Data\SUPERAntiSpyware.com
[2010/05/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/17 08:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/02 20:53:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 20:52:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 20:52:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 20:52:32 | 2144,530,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/02 20:51:34 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Rosemary\NTUSER.DAT
[2010/08/02 20:50:40 | 001,729,668 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\ProcessExplorer.zip
[2010/08/02 20:49:54 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
[2010/08/02 18:44:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 18:44:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/02 18:33:07 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/08/02 17:55:20 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Aug '10 ours.xls
[2010/08/02 08:19:20 | 062,865,213 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/02 04:10:54 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\dds.scr
[2010/07/30 01:57:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\TODO-12-09.doc
[2010/07/30 01:08:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\LOG
[2010/07/27 09:58:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\TODO1.doc
[2010/07/23 11:14:04 | 000,150,860 | ---- | M] () -- C:\fgX0CLC0.tif
[2010/07/20 06:55:49 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Tax clients 09.xls
[2010/07/19 05:33:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosemary\Desktop\~$DO-12-09.doc
[2010/07/15 16:20:26 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/07/15 09:34:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 09:34:54 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 09:33:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 13:41:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 17:50:33 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/07/07 07:08:26 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/07/07 07:08:26 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD7820N.DAT
[2010/07/06 15:44:34 | 000,094,384 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/07/06 15:44:28 | 002,319,536 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/07/05 05:30:38 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Hot-milk Sponge Cake.doc
[2010/06/30 11:20:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Black Bean Dip.doc
[2010/06/30 11:20:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosemary\My Documents\~$ack Bean Dip.doc
[2010/06/28 21:16:38 | 000,537,532 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:16:38 | 000,467,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/28 21:16:38 | 000,080,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 11:46:39 | 000,060,573 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\FPL 7-16-10 R.pdf
[2010/06/25 13:12:29 | 000,634,880 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Our Gardenstarting August 2009.doc
[2010/06/24 10:43:18 | 000,043,833 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Transfer Fidelity to IBMCU.pdf
[2010/06/20 21:26:59 | 000,000,397 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/16 05:47:37 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 12:48:28 | 000,103,832 | ---- | M] () -- C:\Documents and Settings\Rosemary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/09 02:54:37 | 000,000,808 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/02 09:15:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/26 07:56:06 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\AOS TODO.doc
[2010/05/15 09:16:14 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Foreign label.doc
[2010/05/06 05:52:25 | 000,001,365 | ---- | M] () -- C:\WINDOWS\PERWIN00.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/02 20:50:35 | 001,729,668 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\ProcessExplorer.zip
[2010/08/02 18:33:07 | 000,000,279 | ---- | C] () -- C:\Boot.bak
[2010/08/02 04:10:54 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\dds.scr
[2010/08/01 12:36:10 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\Aug '10 ours.xls
[2010/07/30 01:08:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\LOG
[2010/07/24 13:15:24 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\TODO1.doc
[2010/07/23 11:14:04 | 000,150,860 | ---- | C] () -- C:\fgX0CLC0.tif
[2010/07/19 05:33:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosemary\Desktop\~$DO-12-09.doc
[2010/07/17 11:42:02 | 000,205,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 07:08:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.DAT
[2010/07/05 05:30:37 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Hot-milk Sponge Cake.doc
[2010/06/30 11:20:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Black Bean Dip.doc
[2010/06/30 11:20:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosemary\My Documents\~$ack Bean Dip.doc
[2010/06/26 11:46:34 | 000,060,573 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\FPL 7-16-10 R.pdf
[2010/06/24 10:43:15 | 000,043,833 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Transfer Fidelity to IBMCU.pdf
[2010/05/25 23:42:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\AOS TODO.doc
[2010/05/04 12:59:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/04/30 13:48:59 | 000,001,407 | ---- | C] () -- C:\WINDOWS\Mpcwty02.ini
[2010/02/18 11:59:05 | 000,001,352 | ---- | C] () -- C:\WINDOWS\PERWIN01.INI
[2009/12/17 01:15:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/09/11 12:53:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/04/28 18:51:27 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/26 14:03:55 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/03 09:16:07 | 000,000,273 | ---- | C] () -- C:\WINDOWS\SysMech7.INI
[2008/04/24 09:37:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/03/24 07:03:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/03/24 07:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/03/24 07:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/03/24 07:02:13 | 000,001,365 | ---- | C] () -- C:\WINDOWS\PERWIN00.INI
[2008/03/18 12:19:27 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/03/18 12:15:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/12/29 11:19:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2007/12/25 10:16:39 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/03 14:52:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ZmNTMon.sys
[2007/10/25 16:22:05 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2007/10/25 16:22:05 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/04 14:05:26 | 000,000,397 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/23 17:58:27 | 000,001,335 | ---- | C] () -- C:\WINDOWS\stock.INI
[2007/06/23 03:14:00 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/06/23 03:14:00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/19 08:23:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/19 07:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/19 06:52:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/11/10 11:18:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/08 10:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/06/24 11:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2007/06/24 11:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/08/15 03:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2007/06/23 10:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/06/23 04:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2010/07/10 03:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/08/02 19:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/04/28 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/02/13 09:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/04/16 12:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 07:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/04/03 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\AVG9
[2008/07/06 10:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/12 14:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\iolo
[2007/09/04 14:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Paltalk
[2007/06/23 03:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\pdf995
[2009/12/17 01:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\TaxCut
[2008/07/26 12:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Desktop Search
[2008/08/11 18:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Search

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/16 05:47:35 | 000,017,107 | ---- | M] () -- C:\aaw7boot.log
[2009/09/24 21:20:18 | 003,459,310 | ---- | M] () -- C:\AOS 1-3.zip
[2009/09/24 21:21:38 | 003,725,959 | ---- | M] () -- C:\AOS 10-12.zip
[2009/09/24 21:22:16 | 003,810,098 | ---- | M] () -- C:\AOS 13 - 15.zip
[2009/09/24 21:22:41 | 003,613,622 | ---- | M] () -- C:\AOS 16-18.zip
[2009/09/24 21:23:06 | 002,403,528 | ---- | M] () -- C:\AOS 18-20.zip
[2009/09/24 21:20:47 | 003,776,086 | ---- | M] () -- C:\AOS 4-6.zip
[2009/09/24 21:21:13 | 003,991,357 | ---- | M] () -- C:\AOS 7-9.zip
[2009/09/24 08:28:16 | 024,779,828 | ---- | M] () -- C:\archive.zip
[2006/09/29 13:58:02 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/11/25 09:09:49 | 000,000,116 | ---- | M] () -- C:\badreg.htm
[2009/12/21 10:29:51 | 000,000,279 | ---- | M] () -- C:\Boot.bak
[2010/08/02 18:33:07 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/02 18:47:19 | 000,019,416 | ---- | M] () -- C:\ComboFix.txt
[2006/09/29 13:58:02 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/11 10:14:18 | 000,019,853 | ---- | M] () -- C:\debuglog.txt
[2007/03/19 06:53:42 | 000,000,037 | ---- | M] () -- C:\DISEBKUP.FLG
[2010/07/23 11:14:04 | 000,150,860 | ---- | M] () -- C:\fgX0CLC0.tif
[2010/08/02 20:52:32 | 2144,530,432 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/29 13:58:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/29 13:58:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/03/15 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/04 11:36:38 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/08 15:48:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/06/08 15:48:19 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/08/02 20:52:31 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/06/24 19:01:34 | 000,000,039 | ---- | M] () -- C:\Program1
[2007/12/03 15:11:57 | 000,592,972 | ---- | M] () -- C:\QT files 12-3-07.exe
[2007/06/24 11:34:21 | 000,000,199 | ---- | M] () -- C:\setup.log
[2004/01/12 02:35:16 | 000,059,878 | ---- | M] () -- C:\SIGNED.TXT
[2004/01/12 02:35:16 | 000,089,436 | ---- | M] () -- C:\SIGVERIF.TXT
[2007/06/24 11:34:13 | 000,000,851 | ---- | M] () -- C:\tempbmm.iss
[2004/01/12 02:35:16 | 000,000,172 | ---- | M] () -- C:\TOTALS.TXT
[2004/01/12 02:35:16 | 000,029,560 | ---- | M] () -- C:\UNSCANNED.TXT
[2004/01/12 02:33:20 | 000,000,002 | ---- | M] () -- C:\UNSIGNED.TXT
[2009/03/24 20:34:40 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2007/06/24 08:29:09 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2007/08/13 05:40:19 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cl31cpc.dll
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2002/01/10 11:08:34 | 000,046,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpprn02.dll
[2006/01/30 05:00:00 | 000,049,152 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2006/03/15 05:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\eventcls.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/09/29 13:47:22 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/09/29 13:47:22 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/09/29 13:47:22 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

pilotgal8 · 2010/08/03

OTL Extras logfile created on: 8/3/2010 6:03:16 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Rosemary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 197.97 Gb Free Space | 85.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PREFERRE-FDCCC9
Current User Name: Rosemary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe" = C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM -- ()
"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe" = C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel(R) Viiv(TM) Media Server -- ()
"C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" = C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel(R) Remoting Service -- (Intel Corparation )
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"\\H3A5D2\E\Program Files\Mirc\mirc.exe" = \\H3A5D2\E\Program Files\Mirc\mirc.exe:*:Enabled:mirc.exe
"C:\Program Files\Mirc\mirc.exe" = C:\Program Files\Mirc\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atng.exe" = C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atng.exe:*:Enabled:Fidelity Active Trader Pro Application -- (Fidelity Investments)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNetisabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{16DDE3E0-98D6-40AC-BCF0-5EAB81965AE3}" =
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = PowerStarter
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{26346FB6-4F69-453D-95CE-B6BA3A5382F8}" = Broderbund Media Manager
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 20
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2F487272-B153-4D9B-8F30-266FA9442850}" = Intel® Viiv™ Software
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{374256A0-EAA2-012B-AD60-000000000000}" = TurboTax 2009 wgaiper
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper
"{3BF1390E-9EAE-4C2A-B30C-3992233FBCBA}" =
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5D6EC6F7-9B38-4a02-B063-97C2048B56A2}" = 7200_Help
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E545666-F423-45FD-B3DF-C0B99A1A579F}" = QuickBooks Premier: Accountant Edition 2007
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A7391302-FADF-4314-80DC-C757DAE45178}" = 7200
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC966B90-53CA-4710-8EEE-57ED25387872}" = 7200Trb
"{AF397F20-24BB-11D7-AC6F-0050DA09345C}" = Advanced Analyzer
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BCFEF7FD-DA6D-4A14-8F44-FB290D96A804}" = OrchidWiz Encyclopedia
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C01D798D-FD08-48C9-A1AA-7D98EF467A0F}" = OIB4 Training Install Kit
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CDEFD989-469E-421D-A8B1-EC7AB25C8CB2}" = TurboTax 2008 wgaiper
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE8C3BD6-6AF3-4DAA-A15C-21FF2E16F57C}" = Intel Audio Studio 2.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E31BF0CC-B6BC-4570-B9A3-729F2CC73D3B}" = Fidelity Active Trader Pro®
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3ECED46-91CC-4F44-9917-9A20085D5D26}" = Debugging Tools for Windows
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{FA0092C2-C0FE-40DA-A79E-E4C0FCA129F9}" = Intuit Entitlement Client
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"2000 TurboTax for Windows" = 2000 TurboTax for Windows
"2001 TurboTax for Windows" = 2001 TurboTax for Windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Carbonite Backup" = Carbonite
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Connection Manager" =
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"doPDF 5 printer_is1" = doPDF 5.0 printer
"DXM_Runtime" =
"EL" = Intel(R) Quick Resume Technology Drivers
"Ghostery IE Plugin_is1" = Ghostery IE Plugin
"Google Updater" = Google Updater
"HP Officejet 7200 series_Driver" = HP Officejet 7200 series
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"HP-LaserJet 1020 series" = LaserJet 1020 series
"ie8" = Windows Internet Explorer 8
"InstallShield Uninstall Information" =
"InstallShield_{EB7A2041-6A16-4BAC-8079-43B985673C2C}" = Avery Wizard 3.1
"Intel(R) Configuration Center" = Intel® Viiv™ Software
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"NetMeeting" =
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PCHealth" =
"Pdf995" = Pdf995
"PictureItPrem_v11" = Microsoft Digital Image Standard 2006
"ProSeries Basic Edition 2007" = ProSeries Basic Edition 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"QuoteTracker_is1" = QuoteTracker
"RealVNC_is1" = VNC 4.0
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.1
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"Tweak UI 2.10" = Tweak UI
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZipMagic3.0" = Ontrack ZipMagic 4.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/2/2010 4:55:30 PM | Computer Name = PREFERRE-FDCCC9 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks ": Returning NULL QBWinInstance
Hand

Error - 8/2/2010 4:56:38 PM | Computer Name = PREFERRE-FDCCC9 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2009 ": An attempt
to LogOff without a logo

Error - 8/2/2010 6:40:43 PM | Computer Name = PREFERRE-FDCCC9 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP0700> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 8/2/2010 6:42:42 PM | Computer Name = PREFERRE-FDCCC9 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP4600> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 8/2/2010 6:42:42 PM | Computer Name = PREFERRE-FDCCC9 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 8/2/2010 6:42:42 PM | Computer Name = PREFERRE-FDCCC9 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\COMBOFIX\TEMP4700> in the hash map cannot be updated.

Context:
Application, SystemIndex Catalog Details: A device attached to the system is not
functioning. (0x8007001f)

Error - 8/2/2010 6:51:32 PM | Computer Name = PREFERRE-FDCCC9 | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\IUSR_NMPR\ntuser.dat

Error - 8/2/2010 6:51:32 PM | Computer Name = PREFERRE-FDCCC9 | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 8/2/2010 6:51:32 PM | Computer Name = PREFERRE-FDCCC9 | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 8/2/2010 6:51:32 PM | Computer Name = PREFERRE-FDCCC9 | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ IntelDH Events ]
Error - 7/17/2010 11:43:58 AM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/24/2010 5:08:19 AM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/25/2010 8:27:28 AM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/27/2010 2:07:21 AM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/27/2010 5:07:14 PM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/1/2010 7:59:52 PM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/1/2010 8:35:26 PM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/2/2010 3:52:19 AM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/2/2010 6:51:29 PM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 8/2/2010 8:53:04 PM | Computer Name = PREFERRE-FDCCC9 | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ System Events ]
Error - 8/2/2010 6:51:25 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 8/2/2010 6:51:29 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7023
Description = The Intel(R) Quick Resume technology service terminated with the following
error: %%203

Error - 8/2/2010 6:51:45 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep Lbd

Error - 8/2/2010 8:53:02 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%2

Error - 8/2/2010 8:53:02 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/2/2010 8:53:02 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 8/2/2010 8:53:04 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7023
Description = The Intel(R) Quick Resume technology service terminated with the following
error: %%203

Error - 8/2/2010 8:53:22 PM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep Lbd

Error - 8/3/2010 6:03:36 AM | Computer Name = PREFERRE-FDCCC9 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/3/2010 6:03:36 AM | Computer Name = PREFERRE-FDCCC9 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >

broni · 2010/08/03

Your CPU usage looks perfectly fine.
System Idle Process (CPU NOT used) is listed at 94.70%.
Where did you get 75-80% number from?

================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - Reg Error: Value error. File not found
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon...ad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} https://h50203.www5.hp.com/HPISWeb/C...ataManager.CAB (Reg Error: Key error.)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/S...dObjSigned.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

pilotgal8 · 2010/08/03

The 75% -80% was the 'performance' tab reading on WIN task manager whn I began this thread. Sometimes it would peg at 100%, and I'd have to force the system to close. I Was running 2 versions of QuickBooks, but that doesn't usually present a problem. My first post said 'Malwarebytes found an killed 2 bad guys'. That helped the performance somewhat. It's now down below 15%.

Lots of old JAVA stuff deleted.

broni · 2010/08/03

If you ever see another CPU usage spike, quickly run PE again and post fresh log.

pilotgal8 · 2010/08/03

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}\ not found.
Starting removal of ActiveX control {01113300-3E00-11D2-8470-0060089874ED}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01113300-3E00-11D2-8470-0060089874ED}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{01113300-3E00-11D2-8470-0060089874ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01113300-3E00-11D2-8470-0060089874ED}\ not found.
Starting removal of ActiveX control {14C1B87C-3342-445F-9B5E-365FF330A3AC}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14C1B87C-3342-445F-9B5E-365FF330A3AC}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14C1B87C-3342-445F-9B5E-365FF330A3AC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14C1B87C-3342-445F-9B5E-365FF330A3AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{14C1B87C-3342-445F-9B5E-365FF330A3AC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14C1B87C-3342-445F-9B5E-365FF330A3AC}\ not found.
Starting removal of ActiveX control {A796D216-2DE1-4EA8-BABB-FE6E7C959098}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A796D216-2DE1-4EA8-BABB-FE6E7C959098}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A796D216-2DE1-4EA8-BABB-FE6E7C959098}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A796D216-2DE1-4EA8-BABB-FE6E7C959098}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A796D216-2DE1-4EA8-BABB-FE6E7C959098}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A796D216-2DE1-4EA8-BABB-FE6E7C959098}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4224762 bytes
->Flash cache emptied: 499 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98304 bytes
->Flash cache emptied: 83 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: IUSR_NMPR.PREFERRE-FDCCC9
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98304 bytes
->Flash cache emptied: 83 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Rosemary
->Temp folder emptied: 22254189 bytes
->Temporary Internet Files folder emptied: 63193420 bytes
->Java cache emptied: 30889567 bytes
->Flash cache emptied: 59765 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49816 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 14386711 bytes
RecycleBin emptied: 158791 bytes

Total Files Cleaned = 129.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: IUSR_NMPR

User: IUSR_NMPR.PREFERRE-FDCCC9
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Rosemary
->Flash cache emptied: 0 bytes

User: TEMP

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08032010_223359

Files\Folders moved on Reboot...
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\WE7926O4\11669271739@x90[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\WE7926O4\94355-active-computer-running-75-80-busy-no-apps-running[1].html moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\WE7926O4\audmeasure[1].gif moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\WE7926O4\L[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\WE7926O4\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\SEMMMS73\1657523127@x23[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\SEMMMS73\ads[1].htm moved successfully.
C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_15fc.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_ac0.dat moved successfully.

Registry entries deleted on Reboot...

pilotgal8 · 2010/08/03

If you ever see another CPU usage spike, quickly run PE again and post fresh log.

Shall do PE is an incredible tool. I'm going to save that one.

Thanks again for your help, for me and others.

broni · 2010/08/03

You're very welcome
I still need:

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Click to expand...

pilotgal8 · 2010/08/03

Broni......OTL log posted above at 22:57

pilotgal8 · 2010/08/03

Result of Quick Scan.

OTL logfile created on: 8/3/2010 11:01:44 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Rosemary\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 198.07 Gb Free Space | 85.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PREFERRE-FDCCC9
Current User Name: Rosemary
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/03 22:33:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
PRC - [2010/07/24 05:13:24 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/07/15 09:34:59 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 09:34:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:34:53 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:34:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:33:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:33:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2010/06/02 16:22:38 | 000,077,656 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken2010\bagent.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/07/16 22:23:34 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/04/29 17:19:52 | 001,959,056 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2009/04/29 17:19:50 | 000,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 20:12:28 | 000,060,416 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/25 16:22:05 | 000,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/11/10 11:56:38 | 000,432,600 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2006/11/10 11:56:28 | 000,170,456 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2006/11/10 11:52:40 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2006/11/10 11:52:34 | 000,100,824 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
PRC - [2006/11/10 11:51:56 | 000,309,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
PRC - [2006/11/10 11:51:48 | 000,408,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
PRC - [2006/11/10 11:51:40 | 000,195,032 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2006/03/29 19:10:04 | 000,375,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe

========== Modules (SafeList) ==========

MOD - [2010/08/03 22:33:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/07/15 09:34:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/04/29 17:19:52 | 001,959,056 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/10/25 16:22:05 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/11/10 11:56:38 | 000,432,600 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/11/10 11:56:28 | 000,170,456 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/11/10 11:52:40 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/11/10 11:52:34 | 000,100,824 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/11/10 11:51:40 | 000,195,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/07/27 08:39:04 | 000,196,608 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rosemary\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:34:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:33:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/02 19:18:11 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/02 09:15:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/29 17:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
DRV - [2008/04/29 17:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2008/04/29 17:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/12/03 14:52:46 | 000,155,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Ontrack\ZipMagic\zmNTZip.sys -- (zmNTZip)
DRV - [2007/12/03 14:52:46 | 000,005,760 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\zmNTMon.sys -- (zmNTMon)
DRV - [2007/10/25 16:22:04 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2007/04/26 09:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 09:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2007/04/26 09:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/19 07:43:18 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
DRV - [2006/08/22 20:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/07/13 18:23:54 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
DRV - [2006/07/13 18:23:52 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
DRV - [2006/07/13 18:23:32 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
DRV - [2006/07/13 18:23:30 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
DRV - [2006/07/13 18:23:28 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
DRV - [2006/06/14 13:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/06/05 10:14:16 | 000,004,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/04/03 08:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2005/12/02 15:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/08/02 18:44:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (GhosteryBHO Class) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll ()
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken2010\bagent.exe (Intuit Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll ()
O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: bankatlantic.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: fundsexpress.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ibmsecu.org ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182539247843 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182539214796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/29 13:58:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/03 22:33:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/03 22:33:19 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
[2010/08/03 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/03 05:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosemary\Desktop\ProcessExplorer
[2010/08/02 19:45:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/02 18:33:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/01 18:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\GhosteryIEplugin
[2010/07/14 07:11:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\IECompatCache
[2010/07/10 09:12:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\PrivacIE
[2010/07/10 09:09:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/10 09:09:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\IETldCache
[2010/07/10 08:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/10 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/10 08:56:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/10 07:35:00 | 000,000,000 | ---D | C] -- C:\7099b4e9c938745663
[2010/06/14 12:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2010/05/17 08:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/05/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosemary\Application Data\SUPERAntiSpyware.com
[2010/05/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/05/17 08:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

========== Files - Modified Within 90 Days ==========

[2010/08/03 22:36:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 22:36:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 22:36:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 22:36:05 | 2144,530,432 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/03 22:35:06 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Rosemary\NTUSER.DAT
[2010/08/03 22:33:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\OTL.exe
[2010/08/03 22:26:00 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\JavaRa.zip
[2010/08/03 14:57:36 | 000,098,304 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Aug '10 ours.xls
[2010/08/03 14:45:22 | 062,910,174 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/02 18:44:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/02 18:44:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/02 18:33:07 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2010/07/30 01:57:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\TODO-12-09.doc
[2010/07/30 01:08:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\LOG
[2010/07/27 09:58:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\TODO1.doc
[2010/07/23 11:14:04 | 000,150,860 | ---- | M] () -- C:\fgX0CLC0.tif
[2010/07/20 06:55:49 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Tax clients 09.xls
[2010/07/19 05:33:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosemary\Desktop\~$DO-12-09.doc
[2010/07/15 16:20:26 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
[2010/07/15 09:34:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 09:34:54 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 09:33:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 13:41:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/10 17:50:33 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
[2010/07/07 07:08:26 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/07/07 07:08:26 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD7820N.DAT
[2010/07/06 15:44:34 | 000,094,384 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
[2010/07/06 15:44:28 | 002,319,536 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
[2010/07/05 05:30:38 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Hot-milk Sponge Cake.doc
[2010/06/30 11:20:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Black Bean Dip.doc
[2010/06/30 11:20:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosemary\My Documents\~$ack Bean Dip.doc
[2010/06/28 21:16:38 | 000,537,532 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/28 21:16:38 | 000,467,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/28 21:16:38 | 000,080,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/26 11:46:39 | 000,060,573 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\FPL 7-16-10 R.pdf
[2010/06/25 13:12:29 | 000,634,880 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Our Gardenstarting August 2009.doc
[2010/06/24 10:43:18 | 000,043,833 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Transfer Fidelity to IBMCU.pdf
[2010/06/20 21:26:59 | 000,000,397 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/06/16 05:47:37 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/14 12:48:28 | 000,103,832 | ---- | M] () -- C:\Documents and Settings\Rosemary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/09 02:54:37 | 000,000,808 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/02 09:15:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/26 07:56:06 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\AOS TODO.doc
[2010/05/15 09:16:14 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Foreign label.doc
[2010/05/06 05:52:25 | 000,001,365 | ---- | M] () -- C:\WINDOWS\PERWIN00.INI

========== Files Created - No Company Name ==========

[2010/08/03 22:26:00 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\JavaRa.zip
[2010/08/02 18:33:07 | 000,000,279 | ---- | C] () -- C:\Boot.bak
[2010/08/01 12:36:10 | 000,098,304 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\Aug '10 ours.xls
[2010/07/30 01:08:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\LOG
[2010/07/24 13:15:24 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\TODO1.doc
[2010/07/23 11:14:04 | 000,150,860 | ---- | C] () -- C:\fgX0CLC0.tif
[2010/07/19 05:33:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosemary\Desktop\~$DO-12-09.doc
[2010/07/17 11:42:02 | 000,205,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/07 07:08:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.DAT
[2010/07/05 05:30:37 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Hot-milk Sponge Cake.doc
[2010/06/30 11:20:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Black Bean Dip.doc
[2010/06/30 11:20:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosemary\My Documents\~$ack Bean Dip.doc
[2010/06/26 11:46:34 | 000,060,573 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\FPL 7-16-10 R.pdf
[2010/06/24 10:43:15 | 000,043,833 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Transfer Fidelity to IBMCU.pdf
[2010/05/25 23:42:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\AOS TODO.doc
[2010/05/04 12:59:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/04/30 13:48:59 | 000,001,407 | ---- | C] () -- C:\WINDOWS\Mpcwty02.ini
[2010/02/18 11:59:05 | 000,001,352 | ---- | C] () -- C:\WINDOWS\PERWIN01.INI
[2009/12/17 01:15:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/09/11 12:53:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/04/28 18:51:27 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/01/26 14:03:55 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/05/03 09:16:07 | 000,000,273 | ---- | C] () -- C:\WINDOWS\SysMech7.INI
[2008/04/24 09:37:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/03/24 07:03:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2008/03/24 07:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2008/03/24 07:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2008/03/24 07:02:13 | 000,001,365 | ---- | C] () -- C:\WINDOWS\PERWIN00.INI
[2008/03/18 12:19:27 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/03/18 12:15:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2007/12/29 11:19:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2007/12/25 10:16:39 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/03 14:52:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ZmNTMon.sys
[2007/10/25 16:22:05 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2007/10/25 16:22:05 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/04 14:05:26 | 000,000,397 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/06/23 17:58:27 | 000,001,335 | ---- | C] () -- C:\WINDOWS\stock.INI
[2007/06/23 03:14:00 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/06/23 03:14:00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/19 08:23:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/03/19 07:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/19 06:52:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2006/11/10 11:18:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/11/08 10:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/06/24 11:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2007/06/24 11:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/08/15 03:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2007/06/23 10:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2007/06/23 04:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
[2010/07/10 03:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/08/03 17:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/04/28 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/02/13 09:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/04/16 12:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/22 07:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/04/03 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\AVG9
[2008/07/06 10:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/01/12 14:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\iolo
[2007/09/04 14:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Paltalk
[2007/06/23 03:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\pdf995
[2009/12/17 01:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\TaxCut
[2008/07/26 12:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Desktop Search
[2008/08/11 18:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Search

========== Purity Check ==========

< End of report >

broni · 2010/08/03

Good

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

pilotgal8 · 2010/08/04

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
iolo technologies' System Mechanic Professional
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
EasyCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.0.42.34
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 9.3.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
iolo common lib ioloServiceManager.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

pilotgal8 · 2010/08/04

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, August 4, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, August 04, 2010 10:17:27
Records in database: 4147434
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 134728
Threats found: 12
Infected objects found: 21
Suspicious objects found: 2
Scan duration: 06:12:43

File name / Threat / Threats count
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll/C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Data\Download\Coupon Printer\CouponPrinter.exe Infected: not-a-virus:AdWare.Win32.Coupons 1
C:\Data\Download\MIRC\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Data\Download\MIRC\mirc62.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Data\Download\MIRC\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Data\Download\MIRC\TFMS.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
C:\Data\Download\MIRC\tfmsmirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
C:\Data\Download\Password cracker\ophcrack-livecd-1.1.2.iso Infected: not-a-virusSWTool.Win32.PWDump.2 1
C:\Data\Download\Password cracker\ophcrack-livecd-1.1.2.iso Infected: not-a-virusSWTool.Win32.PWDump.w 1
C:\Data\Download\Password cracker\ophcrack-livecd-1.1.2.iso Infected: not-a-virusSWTool.Win32.PWDump.r 1
C:\Data\Download\Password cracker\ophcrack-livecd-1.1.2.iso Infected: not-a-virusSWTool.Win32.PWDump.d 1
C:\Data\Download\TFMS\TFMS.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 1
C:\Data\Sysclean Utilities\kztechssuite\Plugins\FILEDSV.SRE Infected: Trojan-Downloader.Win32.Agent.ecky 1
C:\Data\Sysclean Utilities\kztechssuite.zip Infected: Trojan-Downloader.Win32.Agent.ecky 1
C:\Data\Transfer to new machine files\Old email\SouthStar.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Rosemary\Local Settings\Application Data\Identities\{73CF0DAB-DFFF-44F7-AD5E-369260409089}\Microsoft\Outlook Express\SouthStar.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Mirc\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\Mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\Mirc631\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

Selected area has been scanned.

Log in or Sign up

Solved Computer running 75-80% busy...no apps running.

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Computer running 75-80% busy...no apps running.

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

broni Moderator Malware Analyst

pilotgal8 Well-Known Member Thread Starter

pilotgal8 Well-Known Member Thread Starter

Share This Page

Useful Searches