1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Computer running 75-80% busy...no apps running.

Discussion in 'Malware and Virus Removal Archive' started by pilotgal8, 2010/08/01.

Page 2 of 2
  1. 2010/08/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I strongly suggest, you uninstall iolo technologies' System Mechanic Professional.
    Does nothing positive, but it may break something, especially on registry side.

    We need to remove couple of malicious files found by Kaspersky...

    Before we go there, there are couple of "suspicious" entries in some of your mail.
    Since I don't want to remove whole folders, because you may have something there, you need, you'll have to be careful while dealing with these mail folders:

    - C:\Documents and Settings\Rosemary\Local Settings\Application Data\Identities\{73CF0DAB-DFFF-44F7-AD5E-369260409089}\Microsoft\Outlook Express\SouthStar.dbx
    - C:\Data\Transfer to new machine files\Old email\SouthStar.dbx

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL

:Services

:Reg

:Files
C:\Data\Sysclean Utilities\kztechssuite.zip
C:\Data\Sysclean Utilities\kztechssuite\Plugins\FILEDSV.SRE

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
    broni,
    #21
  2. 2010/08/05
    pilotgal8 Lifetime Subscription

    pilotgal8 Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    459
    Likes Received:
    0
    very strange occurance!!

    I looked at your response, and ran OTL,system rebooted.
    When I tried to look at this post by clicking on the link in the email, IE gave me a DATABASE ERROR WITH a Malwarebytes logo on the page.
    Closed IE, and got the same occurance twice more. Was about to use another 'puter, when this worked????

    Here's the first log.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Data\Sysclean Utilities\kztechssuite.zip moved successfully.
    C:\Data\Sysclean Utilities\kztechssuite\Plugins\FILEDSV.SRE moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: IUSR_NMPR.PREFERRE-FDCCC9
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Rosemary
    ->Temp folder emptied: 107821274 bytes
    ->Temporary Internet Files folder emptied: 20120268 bytes
    ->Java cache emptied: 128094 bytes
    ->Flash cache emptied: 967 bytes

    User: TEMP

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49816 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 610891095 bytes

    Total Files Cleaned = 705.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: IUSR_NMPR

    User: IUSR_NMPR.PREFERRE-FDCCC9
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    User: Rosemary
    ->Flash cache emptied: 0 bytes

    User: TEMP

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.9.1 log created on 08052010_050135

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\G4Q3FQUP\ads[3].htm moved successfully.
    C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\3I2F2YGR\94355-active-computer-running-75-80-busy-no-apps-running-2[2].html moved successfully.
    C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\3I2F2YGR\audmeasure[1].gif moved successfully.
    C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\Content.IE5\3I2F2YGR\pixel[2].gif moved successfully.
    C:\Documents and Settings\Rosemary\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
    File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1478.dat not found!
    C:\WINDOWS\temp\Perflib_Perfdata_bf4.dat moved successfully.

    Registry entries deleted on Reboot...
     
    pilotgal8,
    #22


  3. to hide this advert.

  4. 2010/08/05
    pilotgal8 Lifetime Subscription

    pilotgal8 Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    459
    Likes Received:
    0
    What are you suggesting for the old mail logs? I deleted the second one 'transfer to new machine'

    OTL logfile created on: 8/5/2010 5:26:18 AM - Run 3
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Rosemary\Desktop\System
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 232.88 Gb Total Space | 198.28 Gb Free Space | 85.14% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PREFERRE-FDCCC9
    Current User Name: Rosemary
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/03 22:33:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\System\OTL.exe
    PRC - [2010/07/24 05:13:24 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2010/07/15 09:34:59 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
    PRC - [2010/07/15 09:34:54 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
    PRC - [2010/07/15 09:34:53 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
    PRC - [2010/07/15 09:34:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
    PRC - [2010/07/15 09:33:05 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
    PRC - [2010/07/15 09:33:03 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
    PRC - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    PRC - [2010/06/02 16:22:38 | 000,077,656 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken2010\bagent.exe
    PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/08/28 01:40:50 | 000,606,208 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2009/07/16 22:23:34 | 000,984,352 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2009/05/26 21:06:32 | 004,351,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2009/04/29 17:19:52 | 001,959,056 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
    PRC - [2009/04/29 17:19:50 | 000,669,840 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/04/13 20:12:28 | 000,060,416 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/10/25 16:22:05 | 000,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    PRC - [2006/11/10 11:56:38 | 000,432,600 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    PRC - [2006/11/10 11:56:28 | 000,170,456 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    PRC - [2006/11/10 11:52:40 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    PRC - [2006/11/10 11:52:34 | 000,100,824 | ---- | M] (Intel Corparation ) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    PRC - [2006/11/10 11:51:56 | 000,309,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    PRC - [2006/11/10 11:51:48 | 000,408,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    PRC - [2006/11/10 11:51:40 | 000,195,032 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    PRC - [2006/09/29 12:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2006/03/29 19:10:04 | 000,375,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
    PRC - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/03 22:33:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rosemary\Desktop\System\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/07/15 09:34:50 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
    SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
    SRV - [2010/07/06 15:08:06 | 000,711,352 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
    SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/07/16 21:03:26 | 000,024,576 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2009/04/29 17:19:52 | 001,959,056 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/08 21:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2007/10/25 16:22:05 | 000,052,736 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
    SRV - [2006/11/10 11:56:38 | 000,432,600 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
    SRV - [2006/11/10 11:56:28 | 000,170,456 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
    SRV - [2006/11/10 11:52:40 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
    SRV - [2006/11/10 11:52:34 | 000,100,824 | ---- | M] (Intel Corparation ) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
    SRV - [2006/11/10 11:51:40 | 000,195,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
    SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/07/27 08:39:04 | 000,196,608 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -- (ELService) Intel(R)
    SRV - [2004/06/15 15:29:42 | 000,380,928 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
    DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rosemary\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/15 09:34:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2010/07/15 09:33:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2010/06/02 19:18:11 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/06/02 09:15:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
    DRV - [2008/04/29 17:40:56 | 000,210,472 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5)
    DRV - [2008/04/29 17:40:56 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
    DRV - [2008/04/29 17:40:56 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2007/12/03 14:52:46 | 000,155,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Ontrack\ZipMagic\zmNTZip.sys -- (zmNTZip)
    DRV - [2007/12/03 14:52:46 | 000,005,760 | ---- | M] () [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\zmNTMon.sys -- (zmNTMon)
    DRV - [2007/10/25 16:22:04 | 000,011,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
    DRV - [2007/04/26 09:23:44 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2007/04/26 09:23:08 | 000,267,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2007/04/26 09:23:04 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2007/03/19 07:43:18 | 000,029,184 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto)
    DRV - [2006/08/22 20:53:14 | 001,723,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/07/13 18:23:54 | 000,009,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi)
    DRV - [2006/07/13 18:23:52 | 000,007,040 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon)
    DRV - [2006/07/13 18:23:32 | 000,006,912 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd)
    DRV - [2006/07/13 18:23:30 | 000,006,400 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou)
    DRV - [2006/07/13 18:23:28 | 000,010,112 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid)
    DRV - [2006/06/14 13:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2006/06/05 10:14:16 | 000,004,096 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
    DRV - [2006/04/03 08:51:06 | 000,199,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2005/12/02 15:38:04 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
    DRV - [2004/08/03 22:31:20 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/08/02 18:44:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (GhosteryBHO Class) - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll ()
    O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelAudioStudio] C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe (Intel Corporation)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [PxDotNetLoader] C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe (Fidelity Investments)
    O4 - HKCU..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken2010\bagent.exe (Intuit Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll ()
    O15 - HKLM\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Domains: bankatlantic.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: facebook.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: fundsexpress.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: ibmsecu.org ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB (CheckFileStatus.UserControl1)
    O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB (Hewlett-Packard Printer Diagnostics)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1182539247843 (WUWebControl Class)
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182539214796 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
    O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\x-atng {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll (Fidelity Investments)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/29 13:58:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/03 22:33:59 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/08/03 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2010/08/02 19:45:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/02 18:33:02 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/01 18:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\GhosteryIEplugin
    [2010/07/14 07:11:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\IECompatCache
    [2010/07/10 09:12:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\PrivacIE
    [2010/07/10 09:09:23 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
    [2010/07/10 09:09:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rosemary\IETldCache
    [2010/07/10 08:58:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/07/10 08:57:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
    [2010/07/10 08:56:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/07/10 07:35:00 | 000,000,000 | ---D | C] -- C:\7099b4e9c938745663
    [2010/06/14 12:43:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
    [2010/05/17 08:41:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/05/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rosemary\Application Data\SUPERAntiSpyware.com
    [2010/05/17 08:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/05/17 08:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

    ========== Files - Modified Within 90 Days ==========

    [2010/08/05 05:08:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/05 05:07:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/05 05:07:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/05 05:07:38 | 2144,530,432 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/05 05:06:37 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\Rosemary\NTUSER.DAT
    [2010/08/04 17:46:49 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Aug '10 ours.xls
    [2010/08/04 09:32:15 | 062,925,267 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/08/02 18:44:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/02 18:44:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/02 18:33:07 | 000,000,279 | RHS- | M] () -- C:\boot.ini
    [2010/07/30 01:57:03 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\TODO-12-09.doc
    [2010/07/30 01:08:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\LOG
    [2010/07/27 09:58:14 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\TODO1.doc
    [2010/07/23 11:14:04 | 000,150,860 | ---- | M] () -- C:\fgX0CLC0.tif
    [2010/07/20 06:55:49 | 000,107,520 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Tax clients 09.xls
    [2010/07/19 05:33:49 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosemary\Desktop\~$DO-12-09.doc
    [2010/07/15 16:20:26 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2009.lnk
    [2010/07/15 09:34:57 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/07/15 09:34:54 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/07/15 09:33:05 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/07/13 13:41:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/07/10 17:50:33 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2008.lnk
    [2010/07/07 07:08:26 | 000,000,410 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
    [2010/07/07 07:08:26 | 000,000,034 | ---- | M] () -- C:\WINDOWS\System32\BD7820N.DAT
    [2010/07/06 15:44:34 | 000,094,384 | ---- | M] (iolo technologies, LLC) -- C:\WINDOWS\System32\IncContxMenu.dll
    [2010/07/06 15:44:28 | 002,319,536 | ---- | M] () -- C:\WINDOWS\System32\Incinerator.dll
    [2010/07/05 05:30:38 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Hot-milk Sponge Cake.doc
    [2010/06/30 11:20:34 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Black Bean Dip.doc
    [2010/06/30 11:20:34 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Rosemary\My Documents\~$ack Bean Dip.doc
    [2010/06/28 21:16:38 | 000,537,532 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/28 21:16:38 | 000,467,166 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/28 21:16:38 | 000,080,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/26 11:46:39 | 000,060,573 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\FPL 7-16-10 R.pdf
    [2010/06/25 13:12:29 | 000,634,880 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Our Gardenstarting August 2009.doc
    [2010/06/24 10:43:18 | 000,043,833 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\Transfer Fidelity to IBMCU.pdf
    [2010/06/20 21:26:59 | 000,000,397 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
    [2010/06/16 05:47:37 | 000,354,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/14 12:48:28 | 000,103,832 | ---- | M] () -- C:\Documents and Settings\Rosemary\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/06/09 02:54:37 | 000,000,808 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/06/02 09:15:40 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/05/26 07:56:06 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Rosemary\My Documents\AOS TODO.doc
    [2010/05/15 09:16:14 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Rosemary\Desktop\Foreign label.doc

    ========== Files Created - No Company Name ==========

    [2010/08/02 18:33:07 | 000,000,279 | ---- | C] () -- C:\Boot.bak
    [2010/08/01 12:36:10 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\Aug '10 ours.xls
    [2010/07/30 01:08:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\LOG
    [2010/07/24 13:15:24 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Rosemary\Desktop\TODO1.doc
    [2010/07/23 11:14:04 | 000,150,860 | ---- | C] () -- C:\fgX0CLC0.tif
    [2010/07/19 05:33:49 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosemary\Desktop\~$DO-12-09.doc
    [2010/07/17 11:42:02 | 000,205,864 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/07/07 07:08:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.DAT
    [2010/07/05 05:30:37 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Hot-milk Sponge Cake.doc
    [2010/06/30 11:20:34 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Black Bean Dip.doc
    [2010/06/30 11:20:34 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Rosemary\My Documents\~$ack Bean Dip.doc
    [2010/06/26 11:46:34 | 000,060,573 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\FPL 7-16-10 R.pdf
    [2010/06/24 10:43:15 | 000,043,833 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\Transfer Fidelity to IBMCU.pdf
    [2010/05/25 23:42:11 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Rosemary\My Documents\AOS TODO.doc
    [2010/05/04 12:59:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
    [2010/04/30 13:48:59 | 000,001,407 | ---- | C] () -- C:\WINDOWS\Mpcwty02.ini
    [2010/02/18 11:59:05 | 000,001,352 | ---- | C] () -- C:\WINDOWS\PERWIN01.INI
    [2009/12/17 01:15:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
    [2009/09/11 12:53:38 | 000,000,173 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
    [2009/04/28 18:51:27 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2009/01/26 14:03:55 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
    [2008/05/03 09:16:07 | 000,000,273 | ---- | C] () -- C:\WINDOWS\SysMech7.INI
    [2008/04/24 09:37:14 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2008/03/24 07:03:14 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
    [2008/03/24 07:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
    [2008/03/24 07:03:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
    [2008/03/24 07:02:13 | 000,001,365 | ---- | C] () -- C:\WINDOWS\PERWIN00.INI
    [2008/03/18 12:19:27 | 002,319,536 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
    [2008/03/18 12:15:51 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2007/12/29 11:19:30 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
    [2007/12/25 10:16:39 | 000,000,094 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/12/03 14:52:48 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ZmNTMon.sys
    [2007/10/25 16:22:05 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
    [2007/10/25 16:22:05 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
    [2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2007/07/04 14:05:26 | 000,000,397 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2007/06/23 17:58:27 | 000,001,335 | ---- | C] () -- C:\WINDOWS\stock.INI
    [2007/06/23 03:14:00 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
    [2007/06/23 03:14:00 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
    [2007/03/19 08:23:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/03/19 07:13:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/03/19 06:52:04 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/11/17 12:34:40 | 000,091,848 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
    [2006/11/10 11:18:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
    [2006/07/17 12:11:36 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
    [2006/02/09 03:20:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
    [2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/11/08 10:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2007/06/24 11:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
    [2007/06/24 11:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2009/08/15 03:55:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
    [2007/06/23 10:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
    [2007/06/23 04:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fidelity Investments
    [2010/07/10 03:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2010/08/04 20:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
    [2009/04/28 20:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
    [2009/02/13 09:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
    [2009/04/16 12:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/10/22 07:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    [2010/04/03 16:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\AVG9
    [2008/07/06 10:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/12 14:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\iolo
    [2007/09/04 14:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Paltalk
    [2007/06/23 03:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\pdf995
    [2009/12/17 01:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\TaxCut
    [2008/07/26 12:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Desktop Search
    [2008/08/11 18:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Search

    ========== Purity Check ==========


    < End of report >
     
    pilotgal8,
    #23
  5. 2010/08/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Gremlins? :)

    If you don't have anything important there, delete.
    If you do have something important, unfortunately, you'll have to check the mail manually.
    Don't click on any unknown links and scan every attachment with your AV program.

    ==============================================================

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    ============================================================

    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     
    broni,
    #24
  6. 2010/08/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Any word about your computer?
     
    broni,
    #25
  7. 2010/08/13
    pilotgal8 Lifetime Subscription

    pilotgal8 Well-Known Member Thread Starter

    Joined:
    2002/01/07
    Messages:
    459
    Likes Received:
    0
    All's well. Thanks for the excellent help Broni. Please mark this thread 'resolved'.
     
    pilotgal8,
    #26
  8. 2010/08/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)

    Good luck and stay safe :)
     
    broni,
    #27
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...