You guys have helped before, giving it another shot. My PC seems to get slower daily. Things like videos and music (both online and from media) are choppy and unreliable

DDS Log

DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Jeff Graham at 12:23:24 on 2011-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.568 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feetfirstconsulting.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{16ACAD41-E1B8-414D-BC42-F8C4549DE2A2} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ECE21F76-8576-48A0-9483-AEE4056E7F03} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{ECE21F76-8576-48A0-9483-AEE4056E7F03}\D40594 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jeff Graham\AppData\Roaming\Mozilla\Firefox\Profiles\2y4i0398.default\
FF - prefs.js: browser.startup.homepage - hxxps://apps.rackspace.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2011-6-17 1263200]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-6-17 3246040]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-6-17 72216]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-6-17 285280]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2010-4-8 292864]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-13 227896]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-8 215040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-8 136176]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-6-17 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-6-17 9096]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-8 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-3-13 216064]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-17 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-14 15:22:43 388096 ----a-r- C:\Users\Jeff Graham\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-14 15:22:41 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-14 15:08:28 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{896F6C12-C528-49FE-98B8-B17D5469570C}\mpengine.dll
2011-07-14 14:58:22 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{9C73000B-E58B-4A47-9170-982E529A2383}
2011-07-13 16:54:11 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-13 16:54:04 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-13 16:54:04 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-07-13 16:54:03 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-13 16:54:02 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-13 16:54:02 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-13 16:54:02 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-13 16:54:02 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-13 16:54:01 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-13 16:54:01 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-13 16:54:01 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-13 16:53:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-13 14:37:45 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{C8372683-4541-4DD1-BA22-96EC62911DEE}
2011-07-11 13:04:22 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{D06E9D8A-A5A4-4880-A18A-D61DCAC45E7E}
2011-07-08 12:57:30 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{5D9E46FB-8C89-4092-B3FD-9ED1FA92B7EF}
2011-07-07 13:26:19 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{D035D280-9F54-47EF-A24B-AC942C5679E9}
2011-07-06 12:52:17 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{EC3324BE-7403-47FC-9DE0-45B17A586E18}
2011-07-05 12:50:14 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{8087D424-87CC-44A5-8519-F63279113B75}
2011-07-01 12:48:28 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{F2640312-DAB9-484E-B0A7-62F0409BF2AB}
2011-06-30 12:45:26 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{7B4A8DE8-D00F-4692-8EBD-27F4C850D534}
2011-06-28 17:54:06 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\ElevatedDiagnostics
2011-06-28 17:48:48 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{4B091B5D-6F6E-46EE-B91E-D67E9A034E97}
2011-06-28 17:48:04 -------- d-----w- C:\Windows\en
2011-06-28 17:47:00 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\61b205911cc35bb02\MeshBetaRemover.exe
2011-06-27 15:21:29 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-27 15:21:28 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-18 00:21:17 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-17 21:57:55 -------- d-----w- C:\Windows\System32\SPReview
2011-06-17 21:57:16 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-17 21:53:59 864256 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
2011-06-17 21:52:59 921600 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dll
2011-06-17 21:51:59 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-06-17 21:51:59 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-06-17 21:51:48 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
2011-06-17 21:51:47 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
2011-06-17 21:51:35 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-06-17 21:51:35 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-06-17 21:51:31 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-06-17 21:51:31 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-06-17 21:49:04 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-17 21:49:04 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-17 21:49:04 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-17 21:48:55 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-17 21:48:49 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-17 21:48:25 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-17 21:48:24 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-17 20:57:39 3106144 ----a-w- C:\Windows\System32\AutoPartNt.exe
2011-06-17 20:56:05 2784608 ----a-w- C:\Windows\System32\auto_reactivate.exe
2011-06-17 20:54:26 -------- d-sh--r- C:\bootwiz
2011-06-17 20:42:03 -------- d-----w- C:\b366138b9b96e2b285c417ce
2011-06-17 20:34:16 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-06-17 20:34:06 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-06-17 20:34:02 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-06-17 20:33:52 277088 ----a-w- C:\Windows\System32\drivers\snapman.sys
2011-06-17 20:21:57 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\LogMeIn
2011-06-17 20:21:52 87456 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2011-06-17 20:21:52 72216 ----a-w- C:\Windows\System32\drivers\LMIRfsDriver.sys
2011-06-17 20:21:52 60800 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\LMIproc.dll
2011-06-17 20:21:52 33152 ----a-w- C:\Windows\System32\LMIport.dll
2011-06-17 20:21:49 80768 ----a-w- C:\Windows\System32\LMIinit.dll
2011-06-17 20:21:46 -------- d-----w- C:\ProgramData\LogMeIn
2011-06-17 20:21:34 -------- d-----w- C:\Program Files (x86)\LogMeIn
2011-06-17 20:17:49 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-06-17 20:14:39 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\Apple Computer
2011-06-17 20:14:29 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-06-17 20:14:29 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-06-17 20:14:29 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-06-17 20:12:13 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\Apple
2011-06-17 20:11:32 -------- d-----w- C:\Program Files\Bonjour
2011-06-17 20:11:32 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-06-17 19:46:00 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2011-06-17 19:46:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-06-17 19:46:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-06-17 19:46:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-17 15:14:41 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4354B912-261F-4B25-94D3-F4EE26C264AE}\gapaengine.dll
2011-06-17 15:12:20 2807936 ----a-w- C:\Windows\System32\BootMan.exe
2011-06-17 15:12:20 14848 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2011-06-17 15:12:20 11264 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2011-06-17 15:12:19 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2011-06-17 15:12:19 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2011-06-17 15:12:19 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2011-06-17 15:12:19 2217088 ----a-w- C:\Windows\SysWow64\BootMan.exe
2011-06-17 15:12:19 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
2011-06-17 15:12:19 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2011-06-17 15:12:19 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2011-06-17 15:11:38 -------- d-----w- C:\Program Files (x86)\EASEUS
2011-06-17 15:08:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-06-17 15:07:43 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-17 15:05:01 8718160 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AB7CC747-B8CC-405C-84E6-ECF810368D03}\mpengine.dll
2011-06-17 14:57:52 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-06-17 14:57:52 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-06-17 14:57:52 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-06-17 14:57:52 1850328 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-06-17 14:57:52 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-06-17 14:57:52 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-17 14:56:27 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2011-06-17 14:55:12 -------- d-----w- C:\Users\Jeff Graham\AppData\Roaming\Malwarebytes
2011-06-17 14:55:11 -------- d-----w- C:\Program Files (x86)\2BrightSparks
2011-06-17 14:54:24 -------- d-----w- C:\Users\Jeff Graham\AppData\Roaming\Auslogics
2011-06-17 14:54:18 -------- d-----w- C:\Program Files (x86)\Auslogics
2011-06-17 14:54:09 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-17 14:54:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-17 14:54:05 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-17 14:54:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-17 14:53:28 -------- d-----w- C:\Program Files\CCleaner
2011-06-17 14:47:58 -------- d-----w- C:\Users\Jeff Graham\AppData\Local\{A2754128-EEAF-4905-9918-C22B32C87FC2}
2011-06-17 14:36:48 -------- d-----w- C:\Seans Support Utils
2011-06-15 15:44:26 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-15 15:44:26 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-15 15:44:26 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-15 15:44:25 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-15 15:44:05 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 15:44:05 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 15:44:05 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 15:41:09 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 15:41:08 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-15 15:41:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 15:40:58 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-06-15 15:40:41 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 15:40:40 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-15 15:31:30 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 15:28:50 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 15:28:48 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-14 21:08:22 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-14 21:08:16 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-14 18:29:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-14 18:29:37 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-14 18:00:12 -------- d-----w- C:\Program Files (x86)\Spyware Cease 2011
2011-06-14 17:30:53 -------- d-----w- C:\Program Files\Registry Easy
.
==================== Find3M ====================
.
2011-06-17 22:07:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-17 22:07:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
.
============= FINISH: 12:23:50.25 ===============

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome back to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Create a System Restore Point:


Right click on Computer and select Properties >> System protection >> Create.
Give this restore point a descriptive name and click Create.
When done, click Apply >> OK.

Scan with OTL:

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) and save it to your Desktop.

Alternate downloads are here (http://oldtimer.geekstogo.com/OTL.com) and here (http://oldtimer.geekstogo.com/OTL.scr).

Right-click on OTL.exe and select Run as Administrator to start OTL.
Ensure Include 64bit Scans is selected.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Thanks for the reply, Dakeryras. My PC continues to be slower on what seems to be a daily basis. It is slowly getting worse.

Per your request, the otl.txt file:

OTL logfile created on: 7/20/2011 10:19:37 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jeff Graham\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.84% Memory free
3.87 Gb Paging File | 1.86 Gb Available in Paging File | 48.22% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 182.69 Gb Total Space | 148.74 Gb Free Space | 81.42% Space Free | Partition Type: NTFS

Computer Name: JEFFGRAHAM-PC | User Name: Jeff Graham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jeff Graham\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\WordPerfect Office 12\Programs\wpwin12.exe (Corel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Jeff Graham\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (LMIMaint) -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (LogMeIn) -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (LogMeIn, Inc.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (LMIInfo) -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys (LogMeIn, Inc.)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feetfirstconsulting.com/
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://apps.rackspace.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledItems: {DCBD1271-D228-4082-9FBC-36D9B7660B03}:1.1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/11 14:37:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/27 11:21:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/17 16:13:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/11 14:37:36 | 000,000,000 | ---D | M]

[2010/05/11 15:47:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff Graham\AppData\Roaming\Mozilla\Extensions
[2011/07/11 14:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff Graham\AppData\Roaming\Mozilla\Firefox\Profiles\2y4i0398.default\extensions
[2011/07/11 14:53:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Jeff Graham\AppData\Roaming\Mozilla\Firefox\Profiles\2y4i0398.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/30 13:10:41 | 000,001,820 | ---- | M] () -- C:\Users\Jeff Graham\AppData\Roaming\Mozilla\Firefox\Profiles\2y4i0398.default\searchplugins\bing.xml
[2011/06/17 10:57:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/13 10:40:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/12 09:49:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/07 10:13:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/20 11:40:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/05/10 10:31:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/15 11:43:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/27 11:21:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogOff = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{09E1294F-991C-11E0-9393-806E6F6E6963}\bootwiz\asrm.bin) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/20 10:09:41 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{A07EAE3D-22D4-4C8C-9FE7-708605587062}
[2011/07/19 14:07:35 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{D1535452-0D9D-42DB-AD8F-F25BD948708C}
[2011/07/18 08:55:48 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{965C94F3-2DDE-4425-9A39-C6BAFEED31E6}
[2011/07/15 08:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{90B11547-1DB3-4801-98F3-1314666F0CE8}
[2011/07/14 12:20:24 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/07/14 12:19:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/14 12:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/07/14 12:18:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/07/14 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/14 11:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/14 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{9C73000B-E58B-4A47-9170-982E529A2383}
[2011/07/13 12:55:30 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/13 12:55:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 12:55:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/13 12:55:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 12:55:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 12:55:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/13 12:55:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 12:55:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 12:55:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/13 12:55:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 12:55:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 12:55:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 12:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 12:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 12:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 12:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 12:55:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 12:55:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 12:55:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 12:55:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/13 12:55:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/13 12:55:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/13 12:55:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 12:55:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/13 12:55:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/13 12:55:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 12:55:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 12:55:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/13 12:54:04 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/13 12:54:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/13 12:54:04 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/13 12:54:03 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/13 12:54:02 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/13 12:54:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/13 12:54:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/13 12:54:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/13 12:54:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/13 12:54:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/13 12:54:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/13 12:53:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/13 10:37:45 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{C8372683-4541-4DD1-BA22-96EC62911DEE}
[2011/07/11 14:52:32 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\Desktop\time
[2011/07/11 14:52:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\Desktop\New folder
[2011/07/11 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{D06E9D8A-A5A4-4880-A18A-D61DCAC45E7E}
[2011/07/08 08:57:30 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{5D9E46FB-8C89-4092-B3FD-9ED1FA92B7EF}
[2011/07/07 09:26:19 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{D035D280-9F54-47EF-A24B-AC942C5679E9}
[2011/07/06 08:52:17 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{EC3324BE-7403-47FC-9DE0-45B17A586E18}
[2011/07/05 08:50:14 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{8087D424-87CC-44A5-8519-F63279113B75}
[2011/07/01 14:07:54 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Roaming\Yahoo!
[2011/07/01 14:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/07/01 08:48:28 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{F2640312-DAB9-484E-B0A7-62F0409BF2AB}
[2011/06/30 08:45:26 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{7B4A8DE8-D00F-4692-8EBD-27F4C850D534}
[2011/06/29 08:59:51 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/06/29 08:59:50 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/06/29 08:59:46 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/06/29 08:59:45 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/06/29 08:59:44 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/06/29 08:59:43 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/06/29 08:59:42 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/06/29 08:59:41 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/06/29 08:59:40 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/06/29 08:59:40 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/06/29 08:59:40 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/06/29 08:59:40 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/06/29 08:59:40 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/06/29 08:59:39 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/06/29 08:59:39 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/06/29 08:59:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/06/28 14:04:39 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/06/28 13:54:06 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\ElevatedDiagnostics
[2011/06/28 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{4B091B5D-6F6E-46EE-B91E-D67E9A034E97}
[2011/06/28 13:48:04 | 000,000,000 | ---D | C] -- C:\Windows\en

========== Files - Modified Within 30 Days ==========

[2011/07/20 10:24:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/20 10:24:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/20 10:08:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/19 14:22:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/19 14:22:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/14 12:54:06 | 000,187,629 | ---- | M] () -- C:\Users\Jeff Graham\Desktop\ExpungementStatutes.pdf
[2011/07/14 12:26:45 | 000,002,883 | ---- | M] () -- C:\Users\Jeff Graham\Desktop\attach.zip
[2011/07/14 12:18:43 | 000,000,932 | ---- | M] () -- C:\Users\Jeff Graham\Desktop\NTREGOPT.lnk
[2011/07/14 12:18:43 | 000,000,913 | ---- | M] () -- C:\Users\Jeff Graham\Desktop\ERUNT.lnk
[2011/07/14 11:22:44 | 000,003,003 | ---- | M] () -- C:\Users\Jeff Graham\Desktop\HiJackThis.lnk
[2011/07/13 13:06:59 | 000,426,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/01 14:06:41 | 000,001,169 | ---- | M] () -- C:\Users\Jeff Graham\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/30 17:08:20 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/30 17:08:20 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/30 17:08:20 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/27 11:21:44 | 000,002,052 | ---- | M] () -- C:\Users\Jeff Graham\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/07/14 12:54:06 | 000,187,629 | ---- | C] () -- C:\Users\Jeff Graham\Desktop\ExpungementStatutes.pdf
[2011/07/14 12:26:45 | 000,002,883 | ---- | C] () -- C:\Users\Jeff Graham\Desktop\attach.zip
[2011/07/14 12:18:43 | 000,000,932 | ---- | C] () -- C:\Users\Jeff Graham\Desktop\NTREGOPT.lnk
[2011/07/14 12:18:43 | 000,000,913 | ---- | C] () -- C:\Users\Jeff Graham\Desktop\ERUNT.lnk
[2011/07/14 11:22:44 | 000,003,003 | ---- | C] () -- C:\Users\Jeff Graham\Desktop\HiJackThis.lnk
[2011/07/01 14:06:41 | 000,001,169 | ---- | C] () -- C:\Users\Jeff Graham\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/06/17 11:12:20 | 000,014,848 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/06/17 11:12:19 | 002,217,088 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/06/17 11:12:19 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/06/17 11:12:19 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/06/17 11:12:19 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/17 11:08:07 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/17 11:03:25 | 000,005,036 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk
[2011/01/19 10:04:38 | 000,001,854 | ---- | C] () -- C:\Users\Jeff Graham\AppData\Roaming\GhostObjGAFix.xml
[2010/09/21 09:05:27 | 000,001,808 | ---- | C] () -- C:\Users\Jeff Graham\AppData\Roaming\wklnhst.dat
[2010/08/25 20:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 20:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 20:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/05/11 16:11:12 | 000,201,445 | ---- | C] () -- C:\Windows\hpoins43.dat
[2010/05/11 14:37:08 | 000,023,117 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/05/11 14:35:18 | 000,061,678 | ---- | C] () -- C:\Users\Jeff Graham\AppData\Roaming\PFP120JPR.{PB
[2010/05/11 14:35:18 | 000,012,358 | ---- | C] () -- C:\Users\Jeff Graham\AppData\Roaming\PFP120JCM.{PB
[2010/04/08 20:24:21 | 000,000,333 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/04/08 20:24:21 | 000,000,274 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2009/09/29 19:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/13 18:51:30 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 06:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Extras.txt:

OTL Extras logfile created on: 7/20/2011 10:19:37 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Jeff Graham\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.84% Memory free
3.87 Gb Paging File | 1.86 Gb Available in Paging File | 48.22% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 182.69 Gb Total Space | 148.74 Gb Free Space | 81.42% Space Free | Partition Type: NTFS

Computer Name: JEFFGRAHAM-PC | User Name: Jeff Graham | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}" = HP User Guides 0156
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{803259ED-7A67-4CB5-B6D7-281ED371091B}" = LogMeIn
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3D88A98-506E-4CFC-B294-E256C679B0EE}" = Microsoft Store Download Manager
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"DiskRedactor_is1" = DiskRedactor
"EASEUS Partition Master Professional Edition_is1" = EASEUS Partition Master 6.5.1 Professional
"ERUNT_is1" = ERUNT 1.1j
"FaceMorpher Lite" = FaceMorpher Lite 2.5
"FileHippo.com" = FileHippo.com Update Checker
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Indiana Support Master" = Professional Software Corporation Indiana Support Master 2011
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"OUTLOOKR" = Microsoft Office Outlook 2007
"Picasa 3" = Picasa 3
"SyncBack_is1" = SyncBack
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2296138937-3299933978-1104254673-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"518146a4c3c47c7c" = Indiana Child Support Calculator

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2011 4:06:22 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/28/2011 4:06:22 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/28/2011 4:06:22 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/28/2011 4:06:53 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/28/2011 4:06:53 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/28/2011 4:06:53 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/28/2011 4:07:24 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/28/2011 4:07:24 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 11606
Description =

Error - 1/28/2011 4:07:24 AM | Computer Name = JeffGraham-PC | Source = MsiInstaller | ID = 1024
Description =

Error - 1/29/2011 1:32:48 AM | Computer Name = JeffGraham-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

[ Hewlett-Packard Events ]
Error - 12/13/2010 10:05:14 AM | Computer Name = JeffGraham-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 12/29/2010 10:03:38 AM | Computer Name = JeffGraham-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\121029090327.xml
File not created by asset agent

Error - 1/19/2011 10:04:32 AM | Computer Name = JeffGraham-PC | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\011119090427.xml
File not created by asset agent

[ System Events ]
Error - 4/25/2011 8:51:27 AM | Computer Name = JeffGraham-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 4/25/2011 8:56:52 AM | Computer Name = JeffGraham-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).

Error - 4/26/2011 10:55:35 AM | Computer Name = JeffGraham-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).

Error - 4/26/2011 1:46:02 PM | Computer Name = JeffGraham-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.

Error - 4/27/2011 9:13:43 AM | Computer Name = JeffGraham-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 4/27/2011 9:18:13 AM | Computer Name = JeffGraham-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).

Error - 4/27/2011 12:50:15 PM | Computer Name = JeffGraham-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WSearch service.

Error - 4/27/2011 5:47:50 PM | Computer Name = JeffGraham-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft Works 9 (KB2431831).

Error - 4/27/2011 5:48:22 PM | Computer Name = JeffGraham-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for the 2007 Microsoft Office System (KB967642).

Error - 4/27/2011 5:49:05 PM | Computer Name = JeffGraham-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for the 2007 Microsoft Office System (KB951944).


< End of report >

Hi. :)


Thanks for the reply, Dakeryras. My PC continues to be slower on what seems to be a daily basis. It is slowly getting worse.
You're welcome and thanks for the update also!

Random Access Memory Advice:

1.93 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 34.84% Memory free
Though Microsoft claims Windows 7 64 Bit will run with a mere 2 MB installed in my opinion a minimum of 4 GB is far better.

Reason being the actual architecture of a 64 bit Operating System is designed to utilise most of the installed memory on a machine to improve overall performance. The downside being on a machine with the bare minimum installed this can affect performance.

If you wish to upgrade the installed memory, Crucial (http://www.crucial.com) have a small scanner(CrucialScan.exe)which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

Next:

Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

HiJackThis <-- Not 64 bit Operating System compatible.

To do so click once on the above, then click on Uninstall/Change and follow the prompts.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start(Windows 7 Orb) >> All Programs >> ERUNT >> right click on Erunt and select Run as Administrator.


Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Custom OTL Script:

Right-click OTL.exe and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-2296138937-3299933978-1104254673-1002\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
[2011/07/20 10:09:41 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{A07EAE3D-22D4-4C8C-9FE7-708605587062}
[2011/07/19 14:07:35 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{D1535452-0D9D-42DB-AD8F-F25BD948708C}
[2011/07/18 08:55:48 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{965C94F3-2DDE-4425-9A39-C6BAFEED31E6}
[2011/07/15 08:55:35 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{90B11547-1DB3-4801-98F3-1314666F0CE8}
[2011/07/14 11:22:44 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/07/14 11:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/07/14 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{9C73000B-E58B-4A47-9170-982E529A2383}
[2011/07/13 10:37:45 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{C8372683-4541-4DD1-BA22-96EC62911DEE}
[2011/07/11 09:04:22 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{D06E9D8A-A5A4-4880-A18A-D61DCAC45E7E}
[2011/07/08 08:57:30 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{5D9E46FB-8C89-4092-B3FD-9ED1FA92B7EF}
[2011/07/07 09:26:19 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{D035D280-9F54-47EF-A24B-AC942C5679E9}
[2011/07/06 08:52:17 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{EC3324BE-7403-47FC-9DE0-45B17A586E18}
[2011/07/05 08:50:14 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{8087D424-87CC-44A5-8519-F63279113B75}
[2011/07/01 08:48:28 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{F2640312-DAB9-484E-B0A7-62F0409BF2AB}
[2011/06/30 08:45:26 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{7B4A8DE8-D00F-4692-8EBD-27F4C850D534}
[2011/06/28 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\Jeff Graham\AppData\Local\{4B091B5D-6F6E-46EE-B91E-D67E9A034E97}
[2011/07/14 11:22:44 | 000,003,003 | ---- | M] () -- C:\Users\Jeff Graham\Desktop\HiJackThis.lnk
[2011/06/17 11:03:25 | 000,005,036 | ---- | C] () -- C:\ProgramData\ihfeumzb.qzk

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

Launch the application, Check for Updates >> Perform quick scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

Good morning. Things are still quite slow with the PC, although perhaps a big faster since the scan.

OTL log:

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-2296138937-3299933978-1104254673-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ not found.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
Folder C:\Users\Jeff Graham\AppData\Local\{A07EAE3D-22D4-4C8C-9FE7-708605587062}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{D1535452-0D9D-42DB-AD8F-F25BD948708C}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{965C94F3-2DDE-4425-9A39-C6BAFEED31E6}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{90B11547-1DB3-4801-98F3-1314666F0CE8}\ not found.
Folder C:\Users\Jeff Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\ not found.
Folder C:\Program Files (x86)\Trend Micro\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{9C73000B-E58B-4A47-9170-982E529A2383}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{C8372683-4541-4DD1-BA22-96EC62911DEE}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{D06E9D8A-A5A4-4880-A18A-D61DCAC45E7E}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{5D9E46FB-8C89-4092-B3FD-9ED1FA92B7EF}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{D035D280-9F54-47EF-A24B-AC942C5679E9}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{EC3324BE-7403-47FC-9DE0-45B17A586E18}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{8087D424-87CC-44A5-8519-F63279113B75}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{F2640312-DAB9-484E-B0A7-62F0409BF2AB}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{7B4A8DE8-D00F-4692-8EBD-27F4C850D534}\ not found.
Folder C:\Users\Jeff Graham\AppData\Local\{4B091B5D-6F6E-46EE-B91E-D67E9A034E97}\ not found.
File C:\Users\Jeff Graham\Desktop\HiJackThis.lnk not found.
File C:\ProgramData\ihfeumzb.qzk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jeff Graham\Downloads\cmd.bat deleted successfully.
C:\Users\Jeff Graham\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jeff Graham
->Flash cache emptied: 863 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff Graham
->Temp folder emptied: 1046101 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66195607 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 860586 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 55430 bytes

Total Files Cleaned = 65.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.26.1 log created on 07212011_100212

Files\Folders moved on Reboot...
C:\Users\Jeff Graham\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7221

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

7/21/2011 10:15:37 AM
mbam-log-2011-07-21 (10-15-37).txt

Scan type: Quick scan
Objects scanned: 170540
Time elapsed: 6 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi. :)


Things are still quite slow with the PC, although perhaps a big faster since the scan.
OK, lets proceed as follows shall we...

OTL reported there was a error creating a system restore point. Please check it is active as follows:-

Right click on Computer and select Properties >> System protection

StartUpLite:

Please download this small application from here (http://www.malwarebytes.org/startuplite.php).

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.


Please go here (http://www.eset.com/onlinescan/) click on Run ESET Online Scanner.
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at : C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

No nasties found:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=6d4ebb59d029414d8d87769f432f8fd5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-22 07:24:06
# local_time=2011-07-22 03:24:06 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 2096848 62884999 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=195973
# found=0
# cleaned=0
# scan_time=21095

The system is running much, much faster now since the reboot.

Could it have something to do with changing the system protection settings? That's the only thing that has changed?! :confused:

Hi. :)

What you mentioned is feasible as the feature with Windows 7 can be somewhat resource intensive at times. Though it would probably still be a good idea to install some upgraded Memmory Modules when you are able to do so.

My W7 Laptop has 4GB of RAM and my Desktop W7 machine has 6GB of RAM and both perform very well for what I use them for.

Any further issues remaining? If not we will clean up the tools used during the course of the Malware Removal process and I will provides some advice about online safety etc.

As the machine is still working quickly, I think we are done! Thank much. When you can, please advise as to how I can safely remove the tools.

Thanks much.

Strange. After working for about 15 minutes today, the PC returned to its slow ways. Very puzzling and frustrating. Any ideas? Thanks again!

Hi. :)


Strange. After working for about 15 minutes today, the PC returned to its slow ways. Very puzzling and frustrating. Any ideas? Thanks again!
Well it not Malware related as far as I can tell so you could try turning off some unnecessary Windows 7 features as follows...

Windows Features - Turn On or Off (http://www.sevenforums.com/tutorials/5023-windows-features-turn-off.html)

A list about such can be found here (http://www.bleepingcomputer.com/tutorials/tutorial134.html), even though says for Vista it is still compatible. <-- Scroll down to Windows Vista Feature List

Thanks again. It doesn't appear that's the problem, and as you said, it's likely not malware either!

I may have to put the old computer out to pasture. Thanks again for having this great site!

Hi. :)


Thanks again. It doesn't appear that's the problem, and as you said, it's likely not malware either!
You're welcome!


I may have to put the old computer out to pasture.
May be a option if the system is unable to support any upgraded memory modules...Though I am wondering if the Acronis backup software is the culprit as that can be quite resource intensive and might be a idea to say launch it manually once per week rather than leaving it to run automatically.

If you wish to try this option create/run the custom batch file below to set the Acronis backup software as manual use only...

Custom Batch File:

Create a Registry Backup with Erunt before creating/running the below batch file...

Via Start(Windows 7 Orb) >> All Programs >> ERUNT >> Right-click on ERUNT and select Run as Administrator >> Follow the prompts.

Open Notepad.
Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK

@Echo off
SC Stop AcrSch2Svc
SC Config AcrSch2Svc Start= Demand
Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V schedhlp /F
Reg Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" /V TrueImageMonitor /F
CMD /C CHKDSK C: |Find /V "Percent" >> "%userprofile%\desktop\checkhd.txt"
Shutdown -R -T 1
Del %0
Go to File >> Save As
Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
Change Save as Type to All Files and save the file to your Desktop.
It should look similar to this: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/vista-rh.gif
Now right-click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed and your machine should automatically reboot. If it does not reboot your machine manually.

Note: There will be a notepad file on the desktop afterwards, please post the contents of this in your next reply as this will provide myself with a brief analysis about your machines Hard-Drive current health etc.

Next

Also what exactly are you using LogMeIn for and inform myself if any further issues remaining, thank you.

Thanks again for the response.

I'm a little unsure about that Acronis software myself, and as such, I've given it back to my "PC guy" to remove/fix it. Hopefully that fixes it.

Thanks again for your help, this site is amazing. Feel free to archive this thread.

Hi. :)


I'm a little unsure about that Acronis software myself, and as such, I've given it back to my "PC guy" to remove/fix it. Hopefully that fixes it.
Fair play.


Thanks again for your help, this site is amazing.
You're welcome, it would be prudent to follow the instructions/advice below when able.

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow! (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)

Also so is this:

What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Reset SR Points/Clean up with OTL:


Right-click OTL and select Run as Administrator to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[ClearAllRestorePoints]
Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered. When finished click on OK and close the log that appears.
Note: I do not need to review the log produced.
Now close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, depress the CleanUp button.
Say Yes to the prompt and then allow the program to reboot your computer.

The above process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:

Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
In the navigation pane, click Check for updates.
After Windows Update has finished checking for updates, click View available updates.
Click to select the check box for any found, then click Install.
When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
hpHosts (http://hosts-file.net/?s=Download)
Only use one of the above!

Install WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here (http://www.winpatrol.com/download.html).

You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html).

Next:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center (http://www.microsoft.com/security/default.aspx)

Any questions? Feel free to ask, if not stay safe!

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.