LDTate, before I ran this latest scan I went into gpedit.msc and turned off "run scripts after logon" or something like that and it stop the desktop pic slow scroll and it stop the slow scroll on application shut downs.... so to me that means there is some script associated with my profile that is trying to run with everystartup and then periodically until it crashes a svcprocess. Here is the scan results of OLT OTL logfile created on: 12/18/2011 9:39:46 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Internet Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 703.48 Mb Total Physical Memory | 461.37 Mb Available Physical Memory | 65.58% Memory free 2.71 Gb Paging File | 2.45 Gb Available in Paging File | 90.42% Paging File free Paging file location(s): C:\pagefile.sys 0 0E:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.05 Gb Total Space | 95.43 Gb Free Space | 64.02% Space Free | Partition Type: NTFS Drive E: | 74.52 Gb Total Space | 18.17 Gb Free Space | 24.39% Space Free | Partition Type: NTFS Computer Name: HIGHLANDER | User Name: Wyatt Evans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Internet Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - (MaxSch2Svc) -- File not found SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) ========== Driver Services (SafeList) ========== DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\rtl8139.sys (Realtek Semiconductor Corporation) DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://www.yahoo.com/ext/search/search.html'>http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.2: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/14 03:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/18 11:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/18 10:41:26 | 000,000,000 | ---D | M] [2010/04/19 18:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Extensions [2011/12/18 21:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\scc6u8gm.default\extensions [2011/12/18 21:15:21 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Sonia Evans\Application Data\Mozilla\Firefox\Profiles\scc6u8gm.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011/12/18 11:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/04/20 08:40:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/08/17 15:39:27 | 000,693,048 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npybrowserplus_2.4.17.dll [2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2011/12/12 07:12:37 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableBkGndGroupPolicy = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Feeds present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1318504715250 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318649841562 (MUWebControl Class) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29B64B33-71B6-48DC-9796-9058471823B5}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEA6E8D-6780-4CBD-B697-934D4F39934C}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: VIDC.JPGL - C:\WINDOWS\jpgl.dll () Drivers32: VIDC.TMPX - C:\WINDOWS\System32\TMPXVFW.DLL () Drivers32: VIDC.TVTA - C:\WINDOWS\System32\TVTACODEC.DLL (tvt) Drivers32: VIDC.TVTX - C:\WINDOWS\System32\TVTXTDEC.DLL (tvt) Drivers32: VIDC.XVID - C:\WINDOWS\System32\XVIDVFW.DLL () CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011/12/13 21:37:10 | 000,000,000 | -HSD | C] -- C:\found.000 [2011/12/11 21:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\DoctorWeb [2011/12/10 23:31:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/12/09 07:21:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2011/12/07 22:38:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/12/03 08:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/03 08:13:29 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe [2011/12/03 07:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item_files [2011/12/02 07:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Application Data\AVG [2011/12/02 07:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG PC Tuneup 2011 [2011/12/02 06:52:49 | 000,000,000 | ---D | C] -- C:\$AVG [2011/12/02 06:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/12/02 06:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Application Data\AVG2012 [2011/12/02 06:29:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012 [2011/12/02 06:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2011/12/02 06:29:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2011/12/02 06:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011/12/02 06:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData [2011/12/02 06:23:20 | 003,903,528 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe [2011/12/01 22:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller [2011/12/01 21:39:19 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Documents\TDSSKiller.exe [2011/11/30 00:30:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011/11/29 23:25:00 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2011/11/27 23:07:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011/11/22 03:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2011/11/22 02:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Malware Fix Folder [2011/11/20 23:12:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Sonia Evans\IECompatCache [2011/11/19 10:52:35 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2011/11/19 01:05:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Start Menu\Programs\DriverGuide DriverScan [2011/11/19 01:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\Apple [2011/11/19 01:05:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer [2011/11/19 01:05:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE [2011/11/19 01:05:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple [2011/11/19 01:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/11/19 01:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\PackageAware [2011/11/19 01:04:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2011/11/19 01:04:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2011/11/19 00:52:53 | 000,000,000 | ---D | C] -- C:\Config.Msi [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/18 11:17:27 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/18 11:17:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/18 11:16:01 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/12/18 11:16:01 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/12/18 09:18:13 | 000,002,732 | RHS- | M] () -- C:\Documents and Settings\Sonia Evans\ntuser.pol [2011/12/18 09:17:32 | 000,003,906 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/12/18 03:58:31 | 084,460,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/12/18 00:55:45 | 000,107,134 | ---- | M] () -- C:\fraglist.luar [2011/12/14 03:38:03 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2011/12/12 07:12:37 | 000,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/12/08 21:52:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/12/05 20:18:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111208-214322.backup [2011/12/04 08:39:19 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AnyDVD.lnk [2011/12/04 08:32:45 | 000,000,327 | -HS- | M] () -- C:\boot.ini [2011/12/03 17:20:56 | 000,025,532 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2011/12/03 08:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe [2011/12/03 08:03:27 | 000,266,123 | ---- | M] () -- C:\Boot Item.jpg [2011/12/03 07:59:26 | 000,002,877 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item.htm [2011/12/02 07:29:16 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Desktop\AVG PC Tuneup 2011.lnk [2011/12/02 06:23:38 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe [2011/12/01 22:15:08 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller.zip [2011/12/01 21:23:13 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\All Users\Documents\TDSSKiller.exe [2011/11/28 23:42:07 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011/11/22 08:39:35 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/11/20 23:25:45 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/19 12:04:48 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2011/11/19 10:08:20 | 000,226,596 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic host list 11-19-11.jpg [2011/11/19 10:06:14 | 009,751,798 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic process list 11-19-11.rtf [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/18 11:16:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/12/18 11:16:01 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/12/18 11:16:01 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/12/18 03:58:31 | 084,460,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2011/12/18 00:55:45 | 000,107,134 | ---- | C] () -- C:\fraglist.luar [2011/12/18 00:01:18 | 000,002,732 | RHS- | C] () -- C:\Documents and Settings\Sonia Evans\ntuser.pol [2011/12/17 23:22:24 | 000,003,906 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/12/03 17:20:56 | 000,025,532 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm [2011/12/03 08:03:27 | 000,266,123 | ---- | C] () -- C:\Boot Item.jpg [2011/12/03 07:59:26 | 000,002,877 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\Boot Item.htm [2011/12/02 07:29:16 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Desktop\AVG PC Tuneup 2011.lnk [2011/12/02 06:29:40 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk [2011/12/01 22:14:49 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Desktop\tdsskiller.zip [2011/11/19 10:44:35 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2011/11/19 10:08:20 | 000,226,596 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic host list 11-19-11.jpg [2011/11/19 10:06:13 | 009,751,798 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\My Documents\generic process list 11-19-11.rtf [2011/11/13 23:00:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/10/13 22:57:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2011/10/11 20:22:23 | 000,233,472 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe [2011/10/11 20:22:23 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll [2011/10/11 20:22:22 | 001,900,544 | R--- | C] () -- C:\WINDOWS\System32\cmiwcnfg.dll [2009/08/29 00:22:30 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\dm.ini [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2009/04/24 08:36:35 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe [2009/03/02 22:20:48 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGat.gif [2009/03/02 22:20:48 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGcn.gif [2009/03/02 22:20:48 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\Qzefy6xGby.gif [2008/12/19 21:31:59 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\RmDigSSD Prefs [2008/12/05 20:08:55 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\TMPXCORE.DLL [2008/12/05 20:08:55 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\TMPXVFW.DLL [2008/12/05 19:53:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\XVIDCORE.DLL [2008/12/05 19:53:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\XVIDVFW.DLL [2008/12/05 19:53:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\AMD422CODEC.DLL [2008/11/23 19:21:26 | 000,005,383 | ---- | C] () -- C:\WINDOWS\Racer30.INI [2008/06/04 20:48:10 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll [2008/06/04 20:48:08 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll [2007/11/28 23:08:17 | 000,000,303 | ---- | C] () -- C:\WINDOWS\EMPro3D.INI [2007/08/25 15:47:17 | 000,374,784 | ---- | C] () -- C:\WINDOWS\3dg32.dll [2007/08/25 15:47:17 | 000,000,250 | ---- | C] () -- C:\WINDOWS\3dr.ini [2007/03/19 19:54:20 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2007/03/18 08:18:27 | 000,001,299 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007/03/16 00:57:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Sonia Evans.ini [2007/03/06 20:15:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007/02/12 17:27:41 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007/02/12 17:27:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2006/12/31 19:31:26 | 000,009,475 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2006/12/31 06:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/09/24 12:29:56 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/09/21 21:13:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2006/08/12 21:14:08 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\FixVTS.ini [2006/06/20 21:20:02 | 000,000,488 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/06/20 21:20:01 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini [2006/06/20 21:19:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2006/06/19 21:21:22 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Biblerp.ini [2006/06/17 07:27:39 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2006/06/10 07:02:50 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/06/09 20:32:01 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\Sonia Evans\Application Data\.zreglib [2006/06/09 19:50:06 | 000,000,223 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2006/06/09 19:23:47 | 000,001,015 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2006/06/09 19:23:47 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2006/06/09 19:23:47 | 000,000,152 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2006/06/09 19:23:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat [2006/06/09 19:23:47 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006/06/09 19:23:35 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2006/06/09 19:23:33 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2006/06/09 19:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2006/06/09 19:21:59 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/06/09 19:07:49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2006/06/09 19:07:49 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2006/06/09 19:07:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2006/06/09 19:07:43 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe [2006/06/09 19:07:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll [2006/06/09 19:04:06 | 000,002,893 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2006/06/09 19:04:05 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2006/06/09 18:44:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/06/09 18:39:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/06/09 14:31:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/06/09 14:30:00 | 000,126,912 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004/05/19 12:33:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe [2002/08/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2002/08/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2002/08/29 07:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2002/08/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2002/08/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2002/08/29 07:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2002/08/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2002/08/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2002/08/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2002/08/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2002/08/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001/08/13 13:33:12 | 000,032,768 | ---- | C] () -- C:\WINDOWS\div_iyuv.dll [2001/08/13 13:33:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\jpgl.dll [1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1997/06/09 21:24:30 | 000,104,448 | ---- | C] () -- C:\WINDOWS\System32\Winhrt32.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2011/12/03 08:03:27 | 000,266,123 | ---- | M] () -- C:\Boot Item.jpg [2011/12/03 08:05:32 | 000,162,304 | ---- | M] () -- C:\Boot Item2.doc [2010/06/14 21:34:46 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2011/12/04 08:32:45 | 000,000,327 | -HS- | M] () -- C:\boot.ini [2011/11/29 00:02:37 | 000,000,929 | ---- | M] () -- C:\CFScript.txt [2004/08/03 22:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2011/12/07 22:38:09 | 000,013,553 | ---- | M] () -- C:\ComboFix.txt [2006/06/09 18:41:52 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2011/12/10 08:18:35 | 000,000,426 | ---- | M] () -- C:\DiskReport.txt [2011/06/11 06:01:36 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt [2009/10/24 13:44:19 | 000,754,668 | ---- | M] () -- C:\EasyShare.dmp [2011/12/18 00:55:45 | 000,107,134 | ---- | M] () -- C:\fraglist.luar [2011/12/18 00:55:45 | 000,067,528 | ---- | M] () -- C:\fraglist.txt [2006/06/09 18:41:52 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005/07/10 15:38:18 | 000,000,285 | ---- | M] () -- C:\Key for AnyDVD.AnyDVD [2006/06/09 18:41:52 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2006/09/22 18:58:28 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2011/10/16 11:24:01 | 000,250,048 | RHS- | M] () -- C:\ntldr [2009/06/21 17:01:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat [2009/06/21 17:01:18 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG [2011/12/18 11:17:11 | 1106,485,248 | -HS- | M] () -- C:\pagefile.sys [2006/09/17 09:35:40 | 000,075,925 | ---- | M] () -- C:\SpeedQueen 2006.jpg [2011/11/19 09:53:13 | 000,001,967 | ---- | M] () -- C:\svchost.exe.txt [2011/11/19 08:55:19 | 000,048,988 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_19.11.2011_08.53.07_log.txt [2011/11/27 23:03:04 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_27.11.2011_23.02.59_log.txt [2011/11/29 00:09:29 | 000,048,450 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_29.11.2011_00.08.18_log.txt [2011/11/29 00:18:23 | 000,053,232 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_29.11.2011_00.13.31_log.txt [2011/12/01 21:44:24 | 000,045,142 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.43.10_log.txt [2011/12/01 21:48:31 | 000,045,138 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.46.49_log.txt [2011/12/01 22:00:54 | 000,045,216 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_21.57.32_log.txt [2011/12/01 22:17:20 | 000,045,142 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_01.12.2011_22.15.29_log.txt [2011/12/06 07:26:36 | 000,046,356 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_06.12.2011_07.25.55_log.txt [2011/12/07 19:48:52 | 000,135,694 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_07.12.2011_19.43.54_log.txt [2011/12/16 20:58:41 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_16.12.2011_20.58.38_log.txt [2011/11/27 23:08:20 | 000,103,908 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_27.11.2011_23.05.17_log.txt [2011/11/29 07:14:20 | 000,054,298 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_07.11.22_log.txt [2011/11/29 23:27:39 | 000,046,752 | ---- | M] () -- C:\TDSSKiller.2.6.21.0_29.11.2011_23.26.50_log.txt [2011/12/16 21:00:35 | 000,046,376 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_20.59.40_log.txt [2011/12/16 22:53:46 | 000,046,372 | ---- | M] () -- C:\TDSSKiller.2.6.23.0_16.12.2011_22.52.02_log.txt [2008/04/30 17:32:00 | 000,107,596 | ---- | M] () -- C:\toolkit_widget.gif [2007/03/14 08:34:32 | 000,502,170 | ---- | M] () -- C:\wedding.jpg [2008/04/28 15:36:50 | 000,000,146 | ---- | M] () -- C:\YServer.txt < %systemroot%\Fonts\*.com > [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2006/06/09 18:41:29 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\Fonts\*.exe > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll [2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.jpg > < %systemroot%\*.png > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\System32\config\*.sav > [2006/06/09 14:29:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/06/09 14:29:16 | 000,626,688 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/06/09 14:29:15 | 000,409,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\bak. /s > < %systemroot%\system32\bak. /s > < %ALLUSERSPROFILE%\Start Menu\*.lnk /x > [2011/10/16 11:30:20 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini < %systemroot%\system32\config\systemprofile\*.dat /x > < %systemroot%\*.config > < %systemroot%\system32\*.db > < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x > [2007/03/11 10:05:15 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini [2008/12/06 10:42:15 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Go to Next page.URL [2006/06/09 18:48:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf < %USERPROFILE%\Desktop\*.exe > [2011/12/02 06:23:38 | 003,903,528 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Sonia Evans\Desktop\avg_free_stb_all_2012_1873_cnet.exe [2011/12/03 08:13:49 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Sonia Evans\Desktop\esetsmartinstaller_enu.exe [2009/05/27 17:41:21 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Sonia Evans\Desktop\setup-spybotsd162.exe < %PROGRAMFILES%\Common Files\*.* > < %systemroot%\*.src > < %systemroot%\install\*.* > < %systemroot%\system32\DLL\*.* > < %systemroot%\system32\HelpFiles\*.* > < %systemroot%\system32\rundll\*.* > < %systemroot%\winn32\*.* > < %systemroot%\Java\*.* > [2006/06/18 20:36:43 | 000,563,712 | ---- | M] (Citrix Online) -- C:\WINDOWS\Java\370_gotomypc.exe [2008/11/21 08:33:55 | 000,563,712 | ---- | M] (Citrix Online) -- C:\WINDOWS\Java\gotomypc_370.exe [2007/10/18 14:58:09 | 000,724,984 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\WINDOWS\Java\gotomypc_437.exe [2009/02/05 12:02:03 | 000,001,668 | ---- | M] () -- C:\WINDOWS\Java\javalog.txt < %systemroot%\system32\test\*.* > < %systemroot%\system32\Rundll32\*.* > < %systemroot%\AppPatch\Custom\*.* > < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x > < %PROGRAMFILES%\PC-Doctor\Downloads\*.* > < %PROGRAMFILES%\Internet Explorer\*.tmp > < %PROGRAMFILES%\Internet Explorer\*.dat > < %USERPROFILE%\My Documents\*.exe > < %USERPROFILE%\*.exe > [2009/05/26 15:58:31 | 000,563,712 | ---- | M] (Citrix Online) -- C:\Documents and Settings\Sonia Evans\gotomypc_370.exe [2010/01/16 13:55:07 | 001,063,320 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Sonia Evans\gotomypc_533.exe < %systemroot%\ADDINS\*.* > < %systemroot%\assembly\*.bak2 > < %systemroot%\Config\*.* > < %systemroot%\REPAIR\*.bak2 > < %systemroot%\SECURITY\Database\*.sdb /x > < %systemroot%\SYSTEM\*.bak2 > < %systemroot%\Web\*.bak2 > < %systemroot%\Driver Cache\*.* > < %PROGRAMFILES%\Mozilla Firefox\0*.exe > < %ProgramFiles%\Microsoft Common\*.* > < %ProgramFiles%\TinyProxy. > < %USERPROFILE%\Favorites\*.url /x > [2006/09/22 21:04:00 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Sonia Evans\Favorites\Desktop.ini < %systemroot%\system32\*.bk > < %systemroot%\*.te > < %systemroot%\system32\system32\*.* > < %ALLUSERSPROFILE%\*.dat /x > [2011/12/18 09:17:32 | 000,003,906 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol < %systemroot%\system32\drivers\*.rmv > < dir /b "%systemroot%\system32\*.exe" | find /i " " /c > < dir /b "%systemroot%\*.exe" | find /i " " /c > < %PROGRAMFILES%\Microsoft\*.* > < %systemroot%\System32\Wbem\proquota.exe > < %PROGRAMFILES%\Mozilla Firefox\*.dat > < %USERPROFILE%\Cookies\*.txt /x > [2011/12/18 21:15:32 | 000,376,832 | ---- | M] () -- C:\Documents and Settings\Sonia Evans\Cookies\index.dat < %SystemRoot%\system32\fonts\*.* > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > "AutoInstallMinorUpdates" = 0 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >