Very Slow Operation [Archive] - Safer-Networking Forums

RKennedy

2012-02-12, 22:19

Hello:

My wifes laptop running very sluggishly:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by Marilyn at 15:06:02 on 2012-02-12
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.958.111 [GMT -6:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: XBTBPos00 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\my.freeze.com toolbar\freeze_us.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus CX8400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe /fu "c:\windows\temp\E_S144E.tmp" /EF "HKCU"
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\marilyn\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki...
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
TCP: Interfaces\{7D8C1777-6FBE-4F0D-BB7C-7C9DEB0C4971} : DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
AppInit_DLLs: avgrsstx.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-17 335240]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver;c:\windows\system32\drivers\avgmfx86.sys [2007-12-25 27784]
.
=============== Created Last 30 ================
.
2012-02-12 18:23:11 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a8197b0-18ef-477e-86ba-9de3fb81c52c}\mpengine.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-02-12 17:51:06 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-01-29 11:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:09:53.01 ===============

ken545

2012-02-19, 19:44

:welcome:

I believe I helped you a few years back :)

my.freeze <-- This is not recommended, please uninstall it via Programs and Features in the Control Panel.

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

RKennedy

2012-02-20, 02:13

Hello Ken.

I think you have helped on some other machines.

The my.freeze was not in the programs and features. I ran spybot last week ....I think it was after I had posted here. It did find a few things so maybe it was remvoed then?

By the way i also downloaded a lot of Windows updates since my original post here. So I should be up to date with those.

Log attached.

RKennedy

2012-02-20, 02:50

First scan did not work correctly.

Attached is a scan that made it through the entire process.

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 19:15:23
-----------------------------
19:15:23.178 OS Version: Windows 6.0.6002 Service Pack 2
19:15:23.178 Number of processors: 2 586 0x4802
19:15:23.178 ComputerName: MARILYNLAPTOP UserName: Marilyn
19:15:24.816 Initialize success
19:15:41.961 AVAST engine defs: 12021901
19:15:52.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
19:15:52.694 Disk 0 Vendor: ST912082 3.BH Size: 114473MB BusType: 8
19:15:52.740 Disk 0 MBR read successfully
19:15:52.756 Disk 0 MBR scan
19:15:52.834 Disk 0 unknown MBR code
19:15:52.865 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 107701 MB offset 63
19:15:52.912 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6769 MB offset 220572450
19:15:52.943 Disk 0 scanning sectors +234436545
19:15:53.115 Disk 0 scanning C:\Windows\system32\drivers
19:16:52.776 Service scanning
19:17:22.026 Modules scanning
19:17:28.797 Disk 0 trace - called modules:
19:17:28.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor.sys
19:17:28.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f2a3b8]
19:17:28.890 3 CLASSPNP.SYS[82ba68b3] -> nt!IofCallDriver -> [0x844aae00]
19:17:28.906 5 acpi.sys[8060b6bc] -> nt!IofCallDriver -> \Device\00000061[0x844abb88]
19:17:29.811 AVAST engine scan C:\Windows
19:17:38.500 AVAST engine scan C:\Windows\system32
19:29:27.943 AVAST engine scan C:\Windows\system32\drivers
19:30:02.622 AVAST engine scan C:\Users\Marilyn
19:42:23.719 AVAST engine scan C:\ProgramData
19:46:39.793 Scan finished successfully
19:47:08.419 Disk 0 MBR has been saved successfully to "C:\Users\Marilyn\Documents\MBR.dat"
19:47:08.419 The log file has been saved successfully to "C:\Users\Marilyn\Documents\aswMBR2.txt"

ken545

2012-02-20, 03:10

oK, we can remove leftovers from that during the cleaning.

Just copy and paste the logs and reports we ask for into this thread in lew of attaching them, its easier for us to analyse

What brand of computer is this ?

Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

RKennedy

2012-02-20, 03:46

This is HP Pavillion Laptop

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6000 (RV018UA#ABA)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 157):
0x81C36000 \SystemRoot\system32\ntkrnlpa.exe
0x81C03000 \SystemRoot\system32\hal.dll
0x80403000 \SystemRoot\system32\kdcom.dll
0x8040A000 \SystemRoot\system32\PSHED.dll
0x8041B000 \SystemRoot\system32\BOOTVID.dll
0x80423000 \SystemRoot\system32\CLFS.SYS
0x80464000 \SystemRoot\system32\CI.dll
0x80544000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\system32\drivers\acpi.sys
0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065A000 \SystemRoot\system32\drivers\pci.sys
0x80681000 \SystemRoot\System32\drivers\partmgr.sys
0x80690000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80693000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069D000 \SystemRoot\system32\drivers\volmgr.sys
0x806AC000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F6000 \SystemRoot\system32\drivers\pciide.sys
0x806FD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8070B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8071B000 \SystemRoot\system32\drivers\atapi.sys
0x80723000 \SystemRoot\system32\drivers\ataport.SYS
0x80741000 \SystemRoot\system32\drivers\nvstor.sys
0x8074E000 \SystemRoot\system32\drivers\storport.sys
0x8078F000 \SystemRoot\system32\drivers\fltmgr.sys
0x807C1000 \SystemRoot\system32\drivers\fileinfo.sys
0x807D1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8220E000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82280000 \SystemRoot\system32\drivers\ndis.sys
0x8238B000 \SystemRoot\system32\drivers\msrpc.sys
0x823B6000 \SystemRoot\system32\drivers\NETIO.SYS
0x82807000 \SystemRoot\System32\drivers\tcpip.sys
0x828F1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82A09000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82B19000 \SystemRoot\system32\drivers\volsnap.sys
0x82B52000 \SystemRoot\System32\Drivers\spldr.sys
0x82B5A000 \SystemRoot\System32\Drivers\mup.sys
0x82B69000 \SystemRoot\System32\drivers\ecache.sys
0x82B90000 \SystemRoot\system32\drivers\disk.sys
0x82BA1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82BC2000 \SystemRoot\system32\drivers\crcdisk.sys
0x82BEF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82A00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8290C000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x82BFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8291C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8291F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8292F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82936000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8293F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x89E04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8A244000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A2E4000 \SystemRoot\System32\drivers\watchdog.sys
0x8A2F0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8A2F3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A2FD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A33B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A34A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A362000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A368000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A378000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A386000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A3A0000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8A3AE000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8A409000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8A45A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A4E7000 \SystemRoot\system32\DRIVERS\nvm60x32.sys
0x8A5A9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A5BC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A5C7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A5F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A3C2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A3F1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x829C5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x829DC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x807DA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x829E7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x805CD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x805E1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A803000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A813000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A815000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A83F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A849000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A856000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A85F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A894000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8A8A5000 \SystemRoot\system32\drivers\CHDART.sys
0x8A8CE000 \SystemRoot\system32\drivers\portcls.sys
0x8A8FB000 \SystemRoot\system32\drivers\drmk.sys
0x8A920000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8AA09000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8AB0C000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8ABC0000 \SystemRoot\system32\drivers\modem.sys
0x8ABCD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8AC04000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8AF57000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8AF64000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8AF6B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8AF74000 \SystemRoot\System32\Drivers\Null.SYS
0x8AF7B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AF82000 \SystemRoot\System32\drivers\vga.sys
0x8AF8E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFAF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AFB7000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8AFBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8AFCA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AFD8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8AFE1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8A95D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8ABE4000 \SystemRoot\system32\DRIVERS\smb.sys
0x8A98F000 \SystemRoot\system32\drivers\afd.sys
0x8A9D7000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8A9ED000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8AFF7000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x90205000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90218000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90254000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9025E000 \SystemRoot\System32\Drivers\dfsc.sys
0x90275000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x9027B000 \SystemRoot\System32\Drivers\avgldx86.sys
0x902CC000 \SystemRoot\System32\Drivers\crashdmp.sys
0x902D9000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x902E3000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x98650000 \SystemRoot\System32\win32k.sys
0x902F0000 \SystemRoot\System32\drivers\Dxapi.sys
0x902FA000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98870000 \SystemRoot\System32\TSDDD.dll
0x98890000 \SystemRoot\System32\cdd.dll
0x90309000 \SystemRoot\system32\drivers\luafv.sys
0x9032C000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x9035C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9036C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x90396000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x903A0000 \SystemRoot\system32\DRIVERS\pnarp.sys
0x903AA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9E80C000 \SystemRoot\system32\drivers\HTTP.sys
0x9E879000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9E896000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9E8AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9E8C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x9E8E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9E904000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9E93D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9E955000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9E97D000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F002000 \SystemRoot\system32\drivers\spsys.sys
0x9F0B4000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9F0B8000 \SystemRoot\system32\drivers\peauth.sys
0x9F196000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F1A0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F1AC000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9F1B4000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9F1CA000 \??\C:\Users\Marilyn\AppData\Local\Temp\aswMBR.sys
0x77290000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 System
404 C:\Windows\System32\smss.exe
472 csrss.exe
520 C:\Windows\System32\wininit.exe
532 csrss.exe
580 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
632 C:\Windows\System32\winlogon.exe
872 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\audiodg.exe
1260 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\SLsvc.exe
1328 C:\Windows\System32\svchost.exe
1476 C:\Windows\System32\svchost.exe
1712 C:\Windows\System32\spoolsv.exe
1736 C:\Windows\System32\svchost.exe
1984 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2040 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
256 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
300 C:\Program Files\Bonjour\mDNSResponder.exe
316 C:\Windows\System32\svchost.exe
420 C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
536 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1472 C:\Program Files\AVG\AVG8\avgrsx.exe
724 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
684 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
732 C:\Windows\System32\svchost.exe
2068 C:\Windows\System32\svchost.exe
2096 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\SearchIndexer.exe
2248 C:\Windows\System32\drivers\XAudio.exe
2260 C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
2300 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2364 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3120 C:\Windows\System32\taskeng.exe
3288 C:\Windows\System32\taskeng.exe
3304 C:\Windows\System32\dwm.exe
3356 C:\Windows\explorer.exe
2416 C:\Program Files\Windows Defender\MSASCui.exe
3584 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3600 C:\Program Files\HP\QuickPlay\QPService.exe
2716 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
3404 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3264 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2840 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
2560 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
584 C:\Program Files\AVG\AVG8\avgtray.exe
2764 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2728 C:\Windows\vsnp2uvc.exe
1780 C:\Program Files\QuickTime\QTTask.exe
1848 C:\Program Files\iTunes\iTunesHelper.exe
576 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1484 C:\Program Files\Windows Sidebar\sidebar.exe
1444 C:\Windows\ehome\ehtray.exe
1048 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3024 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3096 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
2548 C:\Windows\System32\rundll32.exe
3316 WmiPrvSE.exe
644 C:\Program Files\iPod\bin\iPodService.exe
3028 C:\Windows\System32\svchost.exe
2984 C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
2620 C:\Program Files\Internet Explorer\iexplore.exe
4712 C:\Program Files\Internet Explorer\iexplore.exe
3112 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
3380 C:\Program Files\Windows Media Player\wmpnscfg.exe
2812 C:\Program Files\Windows Media Player\wmpnetwk.exe
4944 C:\Program Files\AVG\AVG8\avgui.exe
2640 C:\Program Files\AVG\AVG8\avgcfgex.exe
5712 C:\Windows\servicing\TrustedInstaller.exe
5200 taskeng.exe
5580 C:\Windows\System32\SearchProtocolHost.exe
4764 C:\Windows\System32\SearchFilterHost.exe
5344 C:\Users\Marilyn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001a`4b564400 (NTFS)

PhysicalDrive0 Model Number: ST9120822AS, Rev: 3.BH

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ken545

2012-02-20, 10:00

Good Morning,

Besides running sluggish, are your browsers redirecting you to sites you dont know ?

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

Click on Start > Control Panel> Administrative Tools> Computer Management> then on the left pane Disk Management, when it opens, expand it to fill the page, then press Alt. PrintScreen, open up a picture editor, Paint will be fine if thats all you have and paste the picture into it, save it to your desktop and attach the picture for me to see in your next reply.

RKennedy

2012-02-20, 16:44

I cant seem to unzip the TDSSKiller.zip file. I have tried several solutions that I found online to get Vista to open the zip with explorer.exe but it does not seem to take.

Is this connected with whatever problem I might have?

i assume I need the TDSSkiller to be on the machine?

RKennedy

2012-02-20, 18:09

Update....I was able to unzip....goofy Vista download thing.

Anyway.....NO THREATS FOUND.

And no, I don't seem to be getting any re-directs.

ken545

2012-02-20, 18:26

Let me take a quick peak at this

Click on Start > Control Panel> Administrative Tools> Computer Management> then on the left pane Disk Management, when it opens, expand it to fill the page, then press Alt. PrintScreen, open up a picture editor, Paint will be fine if thats all you have and paste the picture into it, save it to your desktop and attach the picture for me to see in your next reply.

RKennedy

2012-02-21, 01:38

Attached

ken545

2012-02-21, 02:02

The reason I asked for that screenshot was to take a look at your Master Boot Record partitions as the latest threats going around right now are infecting them , but yours look ok

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

RKennedy

2012-02-21, 04:36

Uh oh. Didnt find anything!

Do I just have a slow crappy laptop here?

ken545

2012-02-21, 10:26

Hi,

TFC cleans out all the temp files and such and when they build up after time it tends to slow you down, but no difference after running TFC ?

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

RKennedy

2012-02-22, 00:58

No threats found.

Might be somewhat better after the Temp. file cleanup.

Maybe its just kind of a slow machine.

ken545

2012-02-22, 01:02

Let me ask you, has this laptop always been sluggish or has it just started ? Think about what you may have done prior, did you install any hardware like a printer/scanner, did you install or uninstall any software ?

Let me take one more look.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

RKennedy

2012-02-22, 01:56

In answers to your questions:

I do not use this machine much (my wife does) so i do not recall if it is a lot slower than when we bought it. She claims it is.....and she is not a heavy internet user....but who knows.

I also can't say if things were installed that resulted in a slowdown or not....since I dont use it. If you see some things that might be clogging up the works....let me know...and I can see about uninstalling them if they are not used.

OTL logfile created on: 2/21/2012 6:12:09 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Marilyn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 358.64 Mb Available Physical Memory | 37.44% Memory free
2.13 Gb Paging File | 0.77 Gb Available in Paging File | 36.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 63.86 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: MARILYNLAPTOP | User Name: Marilyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marilyn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ATMsrvc) -- C:\Windows\System32\ATMsrvc.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marilyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marilyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000..\Run: [EPSON Stylus CX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D8C1777-6FBE-4F0D-BB7C-7C9DEB0C4971}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 13:58:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/21 06:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/20 22:40:40 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Apple Computer
[2012/02/19 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Adobe
[2012/02/19 18:45:46 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Users\Marilyn\Desktop\aswMBR.exe
[2012/02/19 18:12:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Marilyn\Desktop\TFC.exe
[2012/02/17 03:08:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 03:08:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:08:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 03:08:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 03:08:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 03:08:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 03:08:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 03:08:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:08:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 03:08:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 03:08:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 03:08:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 03:08:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 03:08:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:08:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 03:08:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 03:08:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 03:08:16 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 03:08:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 03:08:15 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 03:08:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 03:08:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 03:08:13 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 03:08:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 03:08:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:08:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 03:08:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 03:08:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 03:08:09 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:08:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 03:08:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 03:08:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 03:08:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 03:08:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 03:08:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 03:08:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/17 03:08:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 23:38:22 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 05:22:31 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/02/14 04:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/02/14 04:22:17 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/02/14 04:22:16 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/02/14 04:22:15 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/02/14 04:19:32 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/02/14 04:19:29 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/02/14 04:19:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/02/14 04:19:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/02/14 04:19:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/02/14 04:19:28 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/02/14 04:17:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/02/14 04:17:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/02/14 04:17:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/02/14 04:16:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012/02/14 04:16:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012/02/14 04:16:58 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/02/14 04:16:58 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/02/14 04:16:58 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/02/14 04:16:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012/02/14 04:16:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/02/14 04:16:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/02/14 04:16:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/02/13 18:27:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/13 18:27:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/13 18:27:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/13 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Apple
[2012/02/13 11:08:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/02/13 11:08:20 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/02/13 11:08:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/02/13 11:08:20 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/02/13 11:08:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/02/13 11:08:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/02/13 11:08:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/02/13 11:08:11 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/13 11:07:58 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/02/13 11:07:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/02/13 11:07:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/02/13 11:07:57 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/02/13 11:07:56 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/02/13 11:07:56 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/02/13 11:07:56 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/02/13 11:07:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/02/13 11:07:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/02/13 11:07:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/02/13 11:07:52 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/02/13 11:07:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/02/13 11:05:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/02/13 11:05:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/02/13 11:05:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/02/13 11:05:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/13 11:05:27 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/02/13 11:05:27 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/02/13 11:05:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/02/13 11:05:26 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/02/13 11:05:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/02/13 11:05:26 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/02/13 11:05:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/13 11:04:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/02/13 11:04:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/02/13 11:01:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/02/13 11:01:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/02/13 11:01:48 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/02/13 11:00:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/02/13 10:59:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/02/13 10:59:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/02/13 10:53:34 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/02/13 09:28:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/02/13 09:28:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/02/13 09:28:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/02/13 08:48:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/02/12 21:52:00 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/02/12 12:19:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/02/12 12:19:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/02/12 12:19:40 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/02/12 12:19:39 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/02/12 12:19:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/02/12 12:12:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/02/12 12:12:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/02/12 12:11:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/02/12 12:11:02 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/02/12 12:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/02/12 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/12 11:58:43 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2012/02/12 11:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/12 11:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/15 09:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/12/25 14:24:49 | 000,008,999 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/09/12 14:01:47 | 000,005,632 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 07:29:21 | 000,004,848 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\wklnhst.dat
[2007/04/17 02:49:47 | 000,013,119 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.dat
[2007/04/17 02:49:47 | 000,013,119 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.001
[2007/04/17 02:11:29 | 000,095,288 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\GDIPFONTCACHEV1.DAT
[2 C:\Users\Marilyn\Documents\*.tmp files -> C:\Users\Marilyn\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/21 17:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/21 17:50:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697633196-3140941277-4172807719-1000UA.job
[2012/02/21 17:02:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 17:02:10 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/21 15:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cce9a434b2c830.job
[2012/02/21 15:50:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697633196-3140941277-4172807719-1000Core.job
[2012/02/21 06:45:04 | 000,013,119 | ---- | M] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.dat
[2012/02/21 06:45:00 | 000,013,119 | ---- | M] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.001
[2012/02/21 03:34:31 | 090,379,648 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/21 03:00:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/20 19:23:57 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/20 19:20:47 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2012/02/20 19:20:47 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2012/02/20 19:20:09 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/20 19:18:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/20 10:52:38 | 000,000,938 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/20 10:48:48 | 000,000,221 | ---- | M] () -- C:\logfile
[2012/02/20 08:44:58 | 002,041,519 | ---- | M] () -- C:\Users\Marilyn\Desktop\tdsskiller_zip
[2012/02/19 20:37:13 | 000,080,384 | ---- | M] () -- C:\Users\Marilyn\Desktop\MBRCheck.exe
[2012/02/19 19:47:08 | 000,000,512 | ---- | M] () -- C:\Users\Marilyn\Documents\MBR.dat
[2012/02/19 18:48:55 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\Marilyn\Desktop\aswMBR.exe
[2012/02/19 18:12:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Marilyn\Desktop\TFC.exe
[2012/02/17 21:06:06 | 000,000,943 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/17 03:11:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 03:11:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/17 03:08:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/17 03:08:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/17 03:08:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 03:08:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:08:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 03:08:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 03:08:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 03:08:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 03:08:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 03:08:20 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:08:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 03:08:19 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 03:08:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 03:08:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 03:08:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 03:08:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:08:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 03:08:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 03:08:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/17 03:08:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 03:08:16 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 03:08:15 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 03:08:15 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 03:08:15 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 03:08:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 03:08:13 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 03:08:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 03:08:11 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:08:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 03:08:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 03:08:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 03:08:09 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:08:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 03:08:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 03:08:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 03:08:07 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 03:08:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 03:08:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 03:08:05 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/17 03:08:04 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/16 19:14:00 | 000,002,014 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 19:13:59 | 000,002,052 | ---- | M] () -- C:\Users\Marilyn\Desktop\Google Chrome.lnk
[2012/02/16 03:35:55 | 000,357,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 18:01:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/02/14 04:49:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/02/14 04:48:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/12 15:32:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 12:11:05 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/12 11:50:34 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/12 09:44:42 | 000,001,356 | ---- | M] () -- C:\Users\Marilyn\AppData\Local\d3d9caps.dat
[2012/02/12 09:14:51 | 000,006,601 | ---- | M] () -- C:\Windows\Marilyn8.xlb
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Users\Marilyn\Documents\*.tmp files -> C:\Users\Marilyn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 10:52:38 | 000,000,938 | ---- | C] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/20 10:48:26 | 000,000,221 | ---- | C] () -- C:\logfile
[2012/02/20 08:43:44 | 002,041,519 | ---- | C] () -- C:\Users\Marilyn\Desktop\tdsskiller_zip
[2012/02/19 20:37:13 | 000,080,384 | ---- | C] () -- C:\Users\Marilyn\Desktop\MBRCheck.exe
[2012/02/19 19:07:02 | 000,000,512 | ---- | C] () -- C:\Users\Marilyn\Documents\MBR.dat
[2012/02/17 03:08:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/14 04:49:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/02/14 04:48:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/12 15:32:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 12:11:05 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/12 11:50:34 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/12 10:34:35 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cce9a434b2c830.job
[2012/02/12 09:46:24 | 1005,174,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 09:14:51 | 000,006,601 | ---- | C] () -- C:\Windows\Marilyn8.xlb
[2010/07/29 11:33:27 | 000,001,356 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\d3d9caps.dat
[2010/05/10 16:17:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/10 16:17:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

========== LOP Check ==========

[2008/01/04 19:34:54 | 000,000,000 | ---D | M] -- C:\Users\Marilyn\AppData\Roaming\funkitron
[2009/03/04 16:33:05 | 000,000,000 | ---D | M] -- C:\Users\Marilyn\AppData\Roaming\MailWasherPro
[2007/04/19 07:29:23 | 000,000,000 | ---D | M] -- C:\Users\Marilyn\AppData\Roaming\Template
[2007/07/16 11:27:40 | 000,000,000 | ---D | M] -- C:\Users\Marilyn\AppData\Roaming\WildTangent
[2012/02/14 18:01:27 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2012/02/20 19:20:47 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job
[2012/02/20 19:20:47 | 000,000,434 | ---- | M] () -- C:\Windows\Tasks\RegPowerClean.job
[2009/03/04 17:01:47 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\RPCReminder.job
[2012/02/20 19:18:41 | 000,032,662 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 677 bytes -> C:\Users\Marilyn\Documents\HOCKEY.eml:OECustomProperty
@Alternate Data Stream - 677 bytes -> C:\Users\Marilyn\Documents\backyard waterfall 062909.eml:OECustomProperty
@Alternate Data Stream - 2821 bytes -> C:\Users\Marilyn\Documents\Montini Catholic Tournament Picture.eml:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

RKennedy

2012-02-22, 01:58

OTL Extras logfile created on: 2/21/2012 6:12:09 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Marilyn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 358.64 Mb Available Physical Memory | 37.44% Memory free
2.13 Gb Paging File | 0.77 Gb Available in Paging File | 36.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 63.86 Gb Free Space | 60.72% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: MARILYNLAPTOP | User Name: Marilyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E14655D-C98E-412D-B1D7-FEB9181C7087}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{FEDAFA54-92DD-45DA-AEF1-1716285C2E38}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A7ED7E-693A-4E42-94EF-731C2300BB91}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2817E315-5D19-4D27-B2A6-58FA2338185E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3FDB4E6D-E058-4031-BAE5-AA00ACA68994}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B737876-34B7-4739-BE81-4C54E4B8B889}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{53BF99CD-E2C7-4803-BBF0-22BE2F54AF3E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CCD770D-520F-4442-B20A-21EA38D50921}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{69766FF7-C030-44B6-941A-342BD87A0965}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}" = dir=in | app=c:\program files\hp connections\6811507\program\hp connections |
"{6B858232-CDA8-4787-BC69-95686C88817A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{847B4D9A-56A3-49A5-9521-2D7585715908}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{875DEE30-18D2-405A-AA09-7FB1E72B0ED5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9018BE3E-0E5D-4962-BD0F-5969C22318D6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{92162630-F002-4B27-832F-A13EB3E9AA47}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95ECDD01-AB84-4195-A36C-29147C571235}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{964A17A2-B864-49C4-AE05-C970AF48F245}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{C1A06A6D-B063-4610-9C45-B67073810980}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C4411EDA-062A-4669-A6C4-41AD077355DB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CE2EC65F-417C-4388-8FAE-2735AABCE104}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D3796245-BF5D-4C53-BCCC-83538D78811A}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{FC8C6238-9B63-4201-9B0C-655F8B7CDA20}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"TCP Query User{D8D1520C-34CA-4FC6-B673-17A89A16E549}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{75564965-4773-4F52-8615-2946BE7E70C6}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABFBC596-7EB3-4E4D-A1A3-D2B6806EF1FE}" = HP User Guide 0041
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B5720C2D-331A-41CA-9417-9D628A8D1C01}" = Pure Networks Platform
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Illustrator 9.0 Tryout" = Adobe Illustrator 9.0 Tryout
"Adobe PageMaker 7.0" = Adobe PageMaker 7.0
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"AVG8Uninstall" = AVG Free 8.5
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WildTangent hplaptop Master Uninstall" = My HP Games
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! IE Suggest" = Yahoo! IE Search Suggest
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1697633196-3140941277-4172807719-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2012 1:51:44 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/20/2012 1:51:44 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5023

Error - 2/20/2012 1:51:44 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5023

Error - 2/20/2012 1:52:21 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/20/2012 1:52:21 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 42135

Error - 2/20/2012 1:52:21 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 42135

Error - 2/21/2012 5:00:18 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/21/2012 5:00:19 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13698089

Error - 2/21/2012 5:00:19 AM | Computer Name = MarilynLaptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13698089

Error - 2/21/2012 8:08:39 PM | Computer Name = MarilynLaptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module YSearchSuggest.dll_unloaded, version 0.0.0.0, time
stamp 0x45df716d, exception code 0xc0000005, fault offset 0x04141509, process id
0x16b4, application start time 0x01ccf0f617333250.

[ Media Center Events ]
Error - 12/11/2007 8:45:14 PM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/22/2007 1:15:18 AM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/6/2008 1:28:57 PM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2008 12:51:01 PM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 3:23:55 PM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/7/2008 9:20:38 PM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/20/2008 3:44:24 PM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/21/2009 7:20:02 AM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/23/2010 7:03:39 AM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/10/2010 7:14:52 AM | Computer Name = MarilynLaptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/12/2009 5:13:10 PM | Computer Name = MarilynLaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 121
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/20/2012 12:49:40 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 2/20/2012 12:49:40 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7001
Description =

Error - 2/20/2012 12:50:38 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2012 12:56:47 PM | Computer Name = MarilynLaptop | Source = DCOM | ID = 10010
Description =

Error - 2/20/2012 9:07:04 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7031
Description =

Error - 2/20/2012 9:07:10 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7034
Description =

Error - 2/20/2012 9:27:02 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 2/20/2012 9:29:10 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 2/20/2012 9:31:29 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 2/20/2012 9:31:29 PM | Computer Name = MarilynLaptop | Source = Service Control Manager | ID = 7022
Description =

< End of report >

ken545

2012-02-22, 03:39

Hi,

I am looking at your Anti Virus , it looks like you have AVG , I am also looking at some entries for Symantec, did you uninstall this at one time, if so it may not have done a complete uninstall.

RegPowerClean <-- I am also looking at this and the reviews are not good
http://www.bleepingcomputer.com/startups/RegPowerClean.exe-17017.html

RKennedy

2012-02-22, 03:58

I probably uninstalled symantic when we first got the machine so that I could install AVG.

The other thing I have no idea about.

It is possible that that was installed somewhere along the way by my wife or kids.....who did not know any better.

ken545

2012-02-22, 10:14

Good Morning,

Go to Programs and Features in the Control Panel and uninstall this

LiveUpdate Notice (Symantec Corporation)

Then you can run the Norton Removal tool that will remove all entries for Norton

Norton Removal Tool
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

When your done , let me know if you see any improvement

RKennedy

2012-02-22, 16:44

I think I do detect some improvement.

Their were things left over/removed by the tool.

Anything else to get rid of? What about the regPower Clean you mentioned? I dont see that in the add/remove programs panel.

ken545

2012-02-22, 18:13

Lets try this to start

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
[2012/02/20 19:20:47 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\RegPowerClean.job
[2012/02/20 19:20:47 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

RKennedy

2012-02-22, 18:35

All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\Windows\Tasks\RegPowerClean.job moved successfully.
C:\Windows\Tasks\PCConfidential.job moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Marilyn\Downloads\cmd.bat deleted successfully.
C:\Users\Marilyn\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: All Users

RKennedy

2012-02-22, 18:47

OTL logfile created on: 2/22/2012 11:40:49 AM - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Marilyn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 236.93 Mb Available Physical Memory | 24.74% Memory free
2.13 Gb Paging File | 1.01 Gb Available in Paging File | 47.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 64.51 Gb Free Space | 61.33% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: MARILYNLAPTOP | User Name: Marilyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marilyn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmp.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommon.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBase.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxIm.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProc.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFF.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\MEshim.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ATMsrvc) -- C:\Windows\System32\ATMsrvc.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marilyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marilyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/02/22 11:22:55 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000..\Run: [EPSON Stylus CX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1697633196-3140941277-4172807719-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D8C1777-6FBE-4F0D-BB7C-7C9DEB0C4971}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 13:58:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/22 11:22:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/22 09:18:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/21 06:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/20 22:40:40 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Apple Computer
[2012/02/19 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Adobe
[2012/02/19 18:45:46 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Users\Marilyn\Desktop\aswMBR.exe
[2012/02/19 18:12:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Marilyn\Desktop\TFC.exe
[2012/02/17 03:08:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 03:08:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:08:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 03:08:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 03:08:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 03:08:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 03:08:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 03:08:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:08:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 03:08:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 03:08:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 03:08:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 03:08:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 03:08:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:08:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 03:08:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 03:08:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 03:08:16 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 03:08:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 03:08:15 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 03:08:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 03:08:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 03:08:13 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 03:08:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 03:08:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:08:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 03:08:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 03:08:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 03:08:09 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:08:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 03:08:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 03:08:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 03:08:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 03:08:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 03:08:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 03:08:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/17 03:08:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 23:38:22 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 05:22:31 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/02/14 04:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/02/14 04:22:17 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/02/14 04:22:16 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/02/14 04:22:15 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/02/14 04:19:32 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/02/14 04:19:29 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/02/14 04:19:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/02/14 04:19:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/02/14 04:19:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/02/14 04:19:28 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/02/14 04:17:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/02/14 04:17:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/02/14 04:17:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/02/14 04:16:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012/02/14 04:16:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012/02/14 04:16:58 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/02/14 04:16:58 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/02/14 04:16:58 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/02/14 04:16:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012/02/14 04:16:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/02/14 04:16:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/02/14 04:16:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/02/13 18:27:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/13 18:27:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/13 18:27:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/13 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Apple
[2012/02/13 11:08:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/02/13 11:08:20 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/02/13 11:08:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/02/13 11:08:20 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/02/13 11:08:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/02/13 11:08:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/02/13 11:08:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/02/13 11:08:11 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/13 11:07:58 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/02/13 11:07:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/02/13 11:07:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/02/13 11:07:57 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/02/13 11:07:56 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/02/13 11:07:56 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/02/13 11:07:56 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/02/13 11:07:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/02/13 11:07:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/02/13 11:07:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/02/13 11:07:52 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/02/13 11:07:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/02/13 11:05:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/02/13 11:05:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/02/13 11:05:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/02/13 11:05:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/13 11:05:27 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/02/13 11:05:27 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/02/13 11:05:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/02/13 11:05:26 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/02/13 11:05:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/02/13 11:05:26 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/02/13 11:05:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/13 11:04:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/02/13 11:04:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/02/13 11:01:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/02/13 11:01:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/02/13 11:01:48 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/02/13 11:00:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/02/13 10:59:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/02/13 10:59:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/02/13 10:53:34 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/02/13 09:28:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/02/13 09:28:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/02/13 09:28:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/02/13 08:48:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/02/12 21:52:00 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/02/12 12:19:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/02/12 12:19:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/02/12 12:19:40 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/02/12 12:19:39 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/02/12 12:19:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/02/12 12:12:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/02/12 12:12:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/02/12 12:11:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/02/12 12:11:02 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/02/12 12:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/02/12 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/12 11:58:43 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2012/02/12 11:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/12 11:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/15 09:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/09/12 14:01:47 | 000,005,632 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 07:29:21 | 000,004,848 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\wklnhst.dat
[2007/04/17 02:49:47 | 000,013,119 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.dat
[2007/04/17 02:49:47 | 000,013,119 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.001
[2007/04/17 02:11:29 | 000,095,288 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\GDIPFONTCACHEV1.DAT
[2 C:\Users\Marilyn\Documents\*.tmp files -> C:\Users\Marilyn\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/22 11:29:17 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/22 11:28:34 | 000,013,119 | ---- | M] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.001
[2012/02/22 11:26:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cce9a434b2c830.job
[2012/02/22 11:26:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 11:26:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 11:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 11:25:37 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 11:24:07 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/22 11:22:55 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/22 10:51:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/22 10:50:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697633196-3140941277-4172807719-1000UA.job
[2012/02/21 23:57:51 | 000,013,119 | ---- | M] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.dat
[2012/02/21 15:50:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697633196-3140941277-4172807719-1000Core.job
[2012/02/21 03:34:31 | 090,379,648 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/20 10:52:38 | 000,000,938 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/20 10:48:48 | 000,000,221 | ---- | M] () -- C:\logfile
[2012/02/20 08:44:58 | 002,041,519 | ---- | M] () -- C:\Users\Marilyn\Desktop\tdsskiller_zip
[2012/02/19 20:37:13 | 000,080,384 | ---- | M] () -- C:\Users\Marilyn\Desktop\MBRCheck.exe
[2012/02/19 19:47:08 | 000,000,512 | ---- | M] () -- C:\Users\Marilyn\Documents\MBR.dat
[2012/02/19 18:48:55 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Users\Marilyn\Desktop\aswMBR.exe
[2012/02/19 18:12:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Marilyn\Desktop\TFC.exe
[2012/02/17 21:06:06 | 000,000,943 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/17 03:11:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 03:11:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/17 03:08:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/17 03:08:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/17 03:08:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 03:08:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:08:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 03:08:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 03:08:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 03:08:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 03:08:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 03:08:20 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:08:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 03:08:19 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 03:08:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 03:08:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 03:08:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 03:08:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:08:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 03:08:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 03:08:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/17 03:08:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 03:08:16 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 03:08:15 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 03:08:15 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 03:08:15 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 03:08:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 03:08:13 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 03:08:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 03:08:11 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:08:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 03:08:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 03:08:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 03:08:09 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:08:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 03:08:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 03:08:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 03:08:07 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 03:08:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 03:08:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 03:08:05 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/17 03:08:04 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/16 19:14:00 | 000,002,014 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 19:13:59 | 000,002,052 | ---- | M] () -- C:\Users\Marilyn\Desktop\Google Chrome.lnk
[2012/02/16 03:35:55 | 000,357,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 18:01:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/02/14 04:49:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/02/14 04:48:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/12 15:32:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 12:11:05 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/12 11:50:34 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/12 09:44:42 | 000,001,356 | ---- | M] () -- C:\Users\Marilyn\AppData\Local\d3d9caps.dat
[2012/02/12 09:14:51 | 000,006,601 | ---- | M] () -- C:\Windows\Marilyn8.xlb
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Users\Marilyn\Documents\*.tmp files -> C:\Users\Marilyn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 10:52:38 | 000,000,938 | ---- | C] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/20 10:48:26 | 000,000,221 | ---- | C] () -- C:\logfile
[2012/02/20 08:43:44 | 002,041,519 | ---- | C] () -- C:\Users\Marilyn\Desktop\tdsskiller_zip
[2012/02/19 20:37:13 | 000,080,384 | ---- | C] () -- C:\Users\Marilyn\Desktop\MBRCheck.exe
[2012/02/19 19:07:02 | 000,000,512 | ---- | C] () -- C:\Users\Marilyn\Documents\MBR.dat
[2012/02/17 03:08:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/14 04:49:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/02/14 04:48:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/12 15:32:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 12:11:05 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/12 11:50:34 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/12 10:34:35 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cce9a434b2c830.job
[2012/02/12 09:46:24 | 1005,174,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 09:14:51 | 000,006,601 | ---- | C] () -- C:\Windows\Marilyn8.xlb
[2010/07/29 11:33:27 | 000,001,356 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\d3d9caps.dat
[2010/05/10 16:17:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/10 16:17:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 677 bytes -> C:\Users\Marilyn\Documents\HOCKEY.eml:OECustomProperty
@Alternate Data Stream - 677 bytes -> C:\Users\Marilyn\Documents\backyard waterfall 062909.eml:OECustomProperty
@Alternate Data Stream - 2821 bytes -> C:\Users\Marilyn\Documents\Montini Catholic Tournament Picture.eml:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

ken545

2012-02-22, 19:13

:bigthumb:

It looks like those two baddies where running as a task and there gone and I also don't see any entries for Symantec. Things any better ?

RKennedy

2012-02-22, 19:24

I think I'm feeling better over here.

Anything else we can kill?

ken545

2012-02-22, 19:44

What you want to do is uninstall any programs that are installed that you have not used in the last 6 months or dont plan to ever use . If you need help with this I can link you to a good windows forum as we just do malware removal on this one , let me know

RKennedy

2012-02-22, 19:50

Understood.

If you think we have cleaned up all we can clean up....then i will say thanks and let you move onto helping other people.

Thanks!

RKennedy

2012-02-22, 20:05

Follow up....

We were going to clean up the remnants of my.freeze?

I know i saw a folder somewhere with something in it.....

Is that somewhere that we can delete it?

ken545

2012-02-22, 22:39

Forgot all about that

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll File not found

:Services

:Reg

:Files
C:\Program Files\My.Freeze.com Toolbar

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

RKennedy

2012-02-23, 01:19

Here is the log after the "fix"

I forgot to copy the contents of the fix report....and then rebooted again....is that report somwhere I can get it? It did say that it killed a couple of processes...

RKennedy

2012-02-23, 01:20

OTL logfile created on: 2/22/2012 5:52:30 PM - Run 3
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Marilyn\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

957.87 Mb Total Physical Memory | 335.04 Mb Available Physical Memory | 34.98% Memory free
2.13 Gb Paging File | 1.20 Gb Available in Paging File | 56.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 105.18 Gb Total Space | 64.58 Gb Free Space | 61.41% Space Free | Partition Type: NTFS
Drive D: | 6.61 Gb Total Space | 0.63 Gb Free Space | 9.49% Space Free | Partition Type: NTFS

Computer Name: MARILYNLAPTOP | User Name: Marilyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marilyn\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll ()
MOD - C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (AddFiltr) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ATMsrvc) -- C:\Windows\System32\ATMsrvc.exe (Adobe Systems Incorporated)

========== Driver Services (SafeList) ==========

DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (pnarp) -- C:\Windows\System32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marilyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marilyn\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/02/22 11:22:55 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (HpProductDetection Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D8C1777-6FBE-4F0D-BB7C-7C9DEB0C4971}: DhcpNameServer = 68.94.156.1 68.94.157.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 13:58:05 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/22 17:25:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/22 11:22:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/21 06:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/02/20 22:40:40 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Apple Computer
[2012/02/19 20:39:28 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Adobe
[2012/02/19 18:12:50 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Marilyn\Desktop\TFC.exe
[2012/02/17 03:08:25 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 03:08:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:08:23 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 03:08:22 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 03:08:21 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 03:08:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 03:08:21 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 03:08:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:08:19 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 03:08:19 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 03:08:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 03:08:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 03:08:18 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 03:08:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:08:17 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 03:08:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 03:08:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 03:08:16 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 03:08:15 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 03:08:15 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 03:08:15 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 03:08:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 03:08:13 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 03:08:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 03:08:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:08:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 03:08:10 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 03:08:10 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 03:08:09 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:08:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 03:08:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 03:08:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 03:08:07 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 03:08:06 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 03:08:05 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 03:08:05 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/17 03:08:04 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 23:38:22 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 05:22:31 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/02/14 04:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/02/14 04:22:17 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/02/14 04:22:16 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/02/14 04:22:15 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/02/14 04:19:32 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/02/14 04:19:29 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/02/14 04:19:29 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/02/14 04:19:29 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/02/14 04:19:29 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2012/02/14 04:19:28 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/02/14 04:17:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/02/14 04:17:07 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/02/14 04:17:02 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/02/14 04:16:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012/02/14 04:16:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012/02/14 04:16:58 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/02/14 04:16:58 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/02/14 04:16:58 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/02/14 04:16:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012/02/14 04:16:58 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/02/14 04:16:58 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/02/14 04:16:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2012/02/13 18:27:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/02/13 18:27:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/02/13 18:27:49 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/02/13 18:26:26 | 000,000,000 | ---D | C] -- C:\Users\Marilyn\AppData\Local\Apple
[2012/02/13 11:08:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/02/13 11:08:20 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/02/13 11:08:20 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/02/13 11:08:20 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/02/13 11:08:17 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/02/13 11:08:14 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/02/13 11:08:12 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/02/13 11:08:11 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/02/13 11:07:58 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/02/13 11:07:58 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/02/13 11:07:58 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/02/13 11:07:57 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/02/13 11:07:56 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/02/13 11:07:56 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/02/13 11:07:56 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/02/13 11:07:55 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/02/13 11:07:55 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/02/13 11:07:54 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/02/13 11:07:52 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/02/13 11:07:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/02/13 11:05:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/02/13 11:05:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/02/13 11:05:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/02/13 11:05:27 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/02/13 11:05:27 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/02/13 11:05:27 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/02/13 11:05:27 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/02/13 11:05:26 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/02/13 11:05:26 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/02/13 11:05:26 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/02/13 11:05:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/02/13 11:04:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/02/13 11:04:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/02/13 11:01:51 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/02/13 11:01:48 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/02/13 11:01:48 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/02/13 11:00:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/02/13 10:59:44 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/02/13 10:59:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/02/13 10:53:34 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/02/13 09:28:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/02/13 09:28:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/02/13 09:28:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/02/13 08:48:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/02/12 21:52:00 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/02/12 12:19:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/02/12 12:19:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/02/12 12:19:40 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2012/02/12 12:19:39 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2012/02/12 12:19:13 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2012/02/12 12:12:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2012/02/12 12:12:20 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2012/02/12 12:11:06 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2012/02/12 12:11:02 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2012/02/12 12:11:01 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2012/02/12 12:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/02/12 11:58:43 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tscupgrd.exe
[2012/02/12 11:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/12 11:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/11/15 09:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/09/12 14:01:47 | 000,005,632 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/19 07:29:21 | 000,004,848 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\wklnhst.dat
[2007/04/17 02:49:47 | 000,013,119 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.dat
[2007/04/17 02:49:47 | 000,013,119 | ---- | C] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.001
[2007/04/17 02:11:29 | 000,095,288 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\GDIPFONTCACHEV1.DAT
[2 C:\Users\Marilyn\Documents\*.tmp files -> C:\Users\Marilyn\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/22 17:50:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697633196-3140941277-4172807719-1000UA.job
[2012/02/22 17:29:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 17:29:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/22 17:29:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/22 17:29:16 | 1005,174,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/22 17:27:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/22 17:18:34 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/22 17:17:21 | 000,013,119 | ---- | M] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.001
[2012/02/22 16:39:11 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697633196-3140941277-4172807719-1000Core.job
[2012/02/22 11:22:55 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/02/21 23:57:51 | 000,013,119 | ---- | M] () -- C:\Users\Marilyn\AppData\Roaming\nvModes.dat
[2012/02/21 03:34:31 | 090,379,648 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/20 10:52:38 | 000,000,938 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/20 10:48:48 | 000,000,221 | ---- | M] () -- C:\logfile
[2012/02/19 19:47:08 | 000,000,512 | ---- | M] () -- C:\Users\Marilyn\Documents\MBR.dat
[2012/02/19 18:12:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Marilyn\Desktop\TFC.exe
[2012/02/17 21:06:06 | 000,000,943 | ---- | M] () -- C:\Users\Marilyn\Desktop\Internet Explorer.lnk
[2012/02/17 03:11:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/17 03:11:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/17 03:08:39 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/17 03:08:39 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/17 03:08:25 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/17 03:08:24 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:08:23 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/17 03:08:22 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/17 03:08:21 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/17 03:08:21 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/17 03:08:21 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/17 03:08:20 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:08:19 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/17 03:08:19 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/17 03:08:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/17 03:08:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/17 03:08:18 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/17 03:08:17 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:08:17 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/17 03:08:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/17 03:08:17 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/17 03:08:17 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/17 03:08:16 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/17 03:08:15 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/17 03:08:15 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/17 03:08:15 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/17 03:08:14 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/17 03:08:13 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/17 03:08:13 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/17 03:08:11 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:08:11 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/17 03:08:10 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/17 03:08:10 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/17 03:08:09 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:08:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/17 03:08:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/17 03:08:08 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/17 03:08:07 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/17 03:08:06 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/17 03:08:05 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/17 03:08:05 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/17 03:08:04 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/16 19:14:00 | 000,002,014 | ---- | M] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/16 19:13:59 | 000,002,052 | ---- | M] () -- C:\Users\Marilyn\Desktop\Google Chrome.lnk
[2012/02/16 03:35:55 | 000,357,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 18:01:27 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/02/14 04:49:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/02/14 04:48:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/12 15:32:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 12:11:05 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/12 11:50:34 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/12 09:44:42 | 000,001,356 | ---- | M] () -- C:\Users\Marilyn\AppData\Local\d3d9caps.dat
[2012/02/12 09:14:51 | 000,006,601 | ---- | M] () -- C:\Windows\Marilyn8.xlb
[2012/01/29 05:10:42 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2 C:\Users\Marilyn\Documents\*.tmp files -> C:\Users\Marilyn\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 10:52:38 | 000,000,938 | ---- | C] () -- C:\Users\Marilyn\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/02/20 10:48:26 | 000,000,221 | ---- | C] () -- C:\logfile
[2012/02/19 19:07:02 | 000,000,512 | ---- | C] () -- C:\Users\Marilyn\Documents\MBR.dat
[2012/02/17 03:08:17 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/14 04:49:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2012/02/14 04:48:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/02/12 15:32:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/12 12:11:05 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/02/12 11:50:34 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/12 09:46:24 | 1005,174,784 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/12 09:14:51 | 000,006,601 | ---- | C] () -- C:\Windows\Marilyn8.xlb
[2010/07/29 11:33:27 | 000,001,356 | ---- | C] () -- C:\Users\Marilyn\AppData\Local\d3d9caps.dat
[2010/05/10 16:17:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/10 16:17:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 677 bytes -> C:\Users\Marilyn\Documents\HOCKEY.eml:OECustomProperty
@Alternate Data Stream - 677 bytes -> C:\Users\Marilyn\Documents\backyard waterfall 062909.eml:OECustomProperty
@Alternate Data Stream - 2821 bytes -> C:\Users\Marilyn\Documents\Montini Catholic Tournament Picture.eml:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

ken545

2012-02-23, 01:32

Thats fine, things running ok ?

RKennedy

2012-02-23, 01:38

I'd say so yes.

I downloaded an update to AVG and turned it back on.

So I think we are good?

ken545

2012-02-23, 01:52

Wonderful :bigthumb:

If you ever need help with your computer, none malware related, you can post at this site for help. Like Safer, its free but you need to register

http://forums.whatthetech.com/index.php?showforum=119

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken