Something has infected me, not sure what

**y_molina** · 2012-09-27, 02:26

Ok everything seems to run fine. The desktop /menu items are back to normal. I can access everything that I tested (the important things.) So it seems like all is running great!

After running OTL, the files in the programdata file that were labled with random charcters and numbers were still there.

One question, when I shut down that computer, it said that Windows is installing 2 updates. This is the first time it's been connected to the internet in a week. Do you think it was a normal windows update or something that I should be concerned about?

Thanks for your patience and help!
Tammy

OTL Log

Error: Unable to interpret <Code:> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\ProgramData\9CB2PVYe52Lx0U.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.68.0 log created on 09272012_004248

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aswmbr log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 00:46:27
-----------------------------
00:46:27.192 OS Version: Windows x64 6.1.7601 Service Pack 1
00:46:27.192 Number of processors: 2 586 0x2A07
00:46:27.192 ComputerName: TAMS-PC UserName: Tams
00:46:28.721 Initialize success
00:47:54.805 AVAST engine defs: 12092601
00:48:03.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:48:03.915 Disk 0 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
00:48:03.931 Disk 0 MBR read successfully
00:48:03.931 Disk 0 MBR scan
00:48:03.931 Disk 0 Windows VISTA default MBR code
00:48:03.946 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
00:48:03.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
00:48:03.993 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461717 MB offset 31145984
00:48:04.055 Disk 0 scanning C:\Windows\system32\drivers
00:48:19.858 Service scanning
00:49:19.575 Modules scanning
00:49:19.575 Disk 0 trace - called modules:
00:49:19.591 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:49:19.591 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c20060]
00:49:19.591 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80045c5dc0]
00:49:19.591 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800471a060]
00:49:26.938 AVAST engine scan C:\Windows
00:49:37.220 AVAST engine scan C:\Windows\system32
18:53:29.947 AVAST engine scan C:\Windows\system32\drivers
18:53:44.814 AVAST engine scan C:\Users\Tams
19:11:36.556 AVAST engine scan C:\ProgramData
19:13:19.064 Scan finished successfully
19:14:43.819 Disk 0 MBR has been saved successfully to "C:\Users\Tams\Desktop\MBR.dat"
19:14:43.834 The log file has been saved successfully to "C:\Users\Tams\Desktop\aswMBR.txt"
19:14:55.272 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
19:14:55.335 The log file has been saved successfully to "G:\aswMBR.txt"

**y_molina** · 2012-09-27, 02:28

Sorry, I thought I attached the zip file but I guess I didn't do it right. Here is is..

**TechieRanger** · 2012-09-28, 20:06

One question, when I shut down that computer, it said that Windows is installing 2 updates. This is the first time it's been connected to the internet in a week. Do you think it was a normal windows update or something that I should be concerned about?

I think those could be legitimate updates.

Run OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
- You may need two posts to fit them both in.

In your next reply, please provide the following:

OTL log.
Description of how your PC is running.

Regards,

Richard

**y_molina** · 2012-09-30, 18:29

Here are the logs

OTL logfile created on: 9/30/2012 10:56:41 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.84% Memory free
7.83 Gb Paging File | 6.42 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 339.94 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 104.93 Mb Free Space | 87.27% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()

========== Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=d63dbf97000000000000d4bed9bf6bad
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=64bd786b&tbp=rbox&toolbarid=blekkotb_soc&u=97AB09412D1039368722484FC640A3F6&q={searchTerms}
IE - HKCU\..\SearchScopes\{41E10EB8-CA40-4091-9298-7425CCABFA95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/26 04:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/05 16:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/07 12:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tams\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/09/27 00:42:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/C...ngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubles.../Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 10:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/27 00:49:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/27 00:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/27 00:42:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/27 00:40:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/26 19:18:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/26 19:18:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/26 19:18:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/26 19:18:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/26 19:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/26 19:18:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/26 19:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/26 19:18:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/26 19:18:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/26 19:18:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/26 19:18:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/26 19:18:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/26 19:18:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/26 19:18:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/26 19:18:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/20 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\Tams\Desktop\RK_Quarantine
[2012/09/18 08:30:39 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:30:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Tams\Desktop\New folder
[2012/09/14 14:29:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/09/14 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/09/14 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/14 13:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/09/14 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Citrix
[2012/09/12 08:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 08:28:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 08:28:32 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 08:28:32 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 21:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark
[2012/09/10 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Aeria Games
[2012/09/10 18:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/09/10 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/10 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Akamai
[2012/09/10 17:31:36 | 000,000,000 | ---D | C] -- C:\AeriaGames
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/30 11:00:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 11:00:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 10:53:11 | 000,001,932 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/09/30 10:53:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 10:52:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 10:52:52 | 3152,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/28 09:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/28 08:26:01 | 000,002,971 | ---- | M] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/27 00:42:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/26 19:15:43 | 000,000,567 | ---- | M] () -- C:\Users\Tams\Desktop\MBR.zip
[2012/09/26 19:14:43 | 000,000,512 | ---- | M] () -- C:\Users\Tams\Desktop\MBR.dat
[2012/09/26 18:37:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/26 18:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/24 19:43:38 | 000,001,051 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 07:29:52 | 001,382,912 | ---- | M] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:42:32 | 000,080,384 | ---- | M] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:27:44 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:27:38 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 22:03:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 22:03:33 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 22:03:33 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/14 14:48:29 | 000,001,264 | ---- | M] () -- C:\Users\Tams\Desktop\Spybot - Search & Destroy.lnk
[2012/09/14 14:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/09/14 13:46:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 13:46:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 13:16:05 | 000,000,592 | ---- | M] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/13 14:12:04 | 000,000,024 | ---- | M] () -- C:\Users\Tams\random.dat
[2012/09/13 13:52:52 | 000,000,043 | ---- | M] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/09/11 08:39:47 | 000,002,116 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/10 21:35:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/09 17:12:37 | 000,013,541 | ---- | M] () -- C:\Users\Tams\Desktop\ringingbulldiag.jpg
[2012/09/05 08:48:54 | 000,002,062 | ---- | M] () -- C:\Users\Tams\Documents\Default.rdp
[2012/08/31 18:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 08:26:01 | 000,002,971 | ---- | C] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/26 19:15:43 | 000,000,567 | ---- | C] () -- C:\Users\Tams\Desktop\MBR.zip
[2012/09/26 19:14:43 | 000,000,512 | ---- | C] () -- C:\Users\Tams\Desktop\MBR.dat
[2012/09/24 19:43:38 | 000,001,051 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 08:57:06 | 001,382,912 | ---- | C] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:53:54 | 000,080,384 | ---- | C] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:48:17 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/18 08:48:17 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon Deluxe.lnk
[2012/09/18 08:48:17 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\musicmatch JUKEBOX.lnk
[2012/09/18 08:48:17 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/09/18 08:48:17 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon.lnk
[2012/09/18 08:48:17 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/18 08:48:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/18 08:48:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/18 08:48:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/18 08:48:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/18 08:48:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/09/18 08:48:17 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Launch School.exe.lnk
[2012/09/18 08:48:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/09/18 08:48:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/09/18 08:48:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/18 08:48:16 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/09/18 08:48:16 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/09/18 08:48:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/18 08:48:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/18 08:48:15 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/09/18 08:48:15 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2012/09/16 21:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/09/14 12:29:07 | 000,000,160 | ---- | C] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 12:29:07 | 000,000,144 | ---- | C] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | C] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/14 12:28:58 | 000,000,592 | ---- | C] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/09 17:14:37 | 000,013,541 | ---- | C] () -- C:\Users\Tams\Desktop\ringingbulldiag.jpg
[2012/08/31 17:00:18 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/07/26 22:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/06/09 17:26:21 | 000,002,741 | ---- | C] () -- C:\Users\Tams\.recently-used.xbel
[2012/05/22 18:07:10 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE2.dat
[2012/05/19 20:15:05 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/05/05 14:40:03 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE1.dat
[2012/04/26 12:22:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 13:16:39 | 000,000,396 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/03/09 13:15:28 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/03/01 20:37:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/03/01 20:37:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/02/24 22:55:40 | 000,000,043 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/02/24 22:55:40 | 000,000,024 | ---- | C] () -- C:\Users\Tams\random.dat
[2012/02/24 15:43:58 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\D5uninst.dll
[2012/02/24 15:43:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IDUNINST.DLL
[2012/02/24 14:08:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/24 13:24:20 | 000,007,590 | ---- | C] () -- C:\Users\Tams\AppData\Local\Resmon.ResmonCfg
[2012/02/21 14:47:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/21 14:47:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/21 14:47:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/10 11:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/10 15:16:23 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\.minecraft
[2012/09/30 10:53:44 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Dropbox
[2012/06/02 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\DVDVideoSoft
[2012/04/29 14:03:24 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/13 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\EurekaLog
[2012/09/05 08:46:38 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\FileZilla
[2012/02/24 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Fingertapps
[2012/03/01 17:16:32 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\FOG Downloader
[2012/06/09 17:26:21 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\gtk-2.0
[2012/09/01 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\IcoFX2X
[2012/08/30 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\LolClient
[2012/03/09 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\MyHeritage
[2012/04/29 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\OpenCandy
[2012/02/24 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\PADGen
[2012/07/11 12:35:02 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\PCDr
[2012/03/02 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\RIFT
[2012/03/12 12:16:51 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\RootsMagic
[2012/09/05 08:48:44 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Tams11
[2012/08/07 01:48:43 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\TeamViewer
[2012/03/09 13:15:27 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/03/07 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Thunderbird
[2012/06/26 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Ulead Systems
[2012/06/15 13:24:14 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\WildTangent

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1999/06/25 10:55:30 | 000,149,504 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: EXPLORER.EXE >
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2012/09/14 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp
[2012/09/14 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp\1
[2012/09/14 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp\4

< %temp%\smtmp\*.* /s > >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500413AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: OTi Flash Disk USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15946743808
Hidden sectors: 0

DeviceID: Disk #2, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 120.00MB
Starting Offset: 16384
Hidden sectors: 0

< End of report >

**y_molina** · 2012-09-30, 18:30

OTL Extras logfile created on: 9/30/2012 10:56:41 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.84% Memory free
7.83 Gb Paging File | 6.42 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 339.94 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 104.93 Mb Free Space | 87.27% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1464B388-08F8-46F6-AD60-A7469DA607B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{167AF688-37C4-4477-961D-598878AB1642}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36F71FF8-672D-4251-B39E-815A21E9CD6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CF9A17E-0DBF-494B-AC56-E3D206EFC3EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{406CBF8C-37C3-4321-B683-D50287CB7A0A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57A7311C-E0D7-45CC-A09D-E9DDBD4D794C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64BFADA2-7E8B-449D-8F6F-EAECF9BF9553}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67EC299D-0562-4F84-967C-C3E53A9C0C29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7046522E-35D9-4DED-B095-1E89D7B0A130}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7488E346-4552-4631-932A-7323A838D3ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7919F9BB-734A-462F-8A93-752274C3B1AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B51ACF6-35CA-413E-A63A-E7D1734E9C19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83622AF4-D04A-4FDF-BB73-48762248C5A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8AD3186E-39BA-40E5-9000-0EC9E9C3AAA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91136997-DECC-4CBA-B2F1-94CF0212822D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{942086F9-26F5-4E13-A66B-A4DB33B6802F}" = rport=138 | protocol=17 | dir=out | app=system |
"{AABDCCC1-DF7C-4181-BE03-9A39EB443617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD639C33-6BC1-48A5-B108-8A0C3C807825}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{CA130D11-6658-41C6-BB91-DFC72AE19E9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD16550B-CD35-46BA-864F-F9A8F66490EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5BFB73E-011E-4C1B-AC55-153B3BB71FE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{D916F3E8-172C-4586-822F-EE1846C03122}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE5AAC2B-EA4D-44D9-85CB-C7857C6DF260}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF56BE71-5CC0-4BB0-9ABB-DA2935D6AAFA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E12BA499-862D-49F8-9F03-1D0E4C81A545}" = rport=445 | protocol=6 | dir=out | app=system |
"{E277ECA2-4742-4493-BE11-BF5BB9F587E5}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{E55DC234-34B9-4761-AD6B-D1791CD4288E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E84AAF86-24E8-4A27-BC82-DDB0EFA67648}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{FC4F3DE9-796F-4617-A230-B1050ACB06C9}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{FCE8ECB6-C5E4-4609-B30B-16A381FAD9EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D4932C-63BA-4B2D-8A7D-9357BBDB6C81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02518F73-F3A7-43DC-A9F1-884F64C6E0F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03659674-33BD-4A43-B7BC-FF404CC0AFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{063FCA6F-CFA7-4061-B1C5-4E1A4D803C55}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{09C889EE-8AAC-45B9-ABCD-EA62C538A315}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{14D1399B-33E4-453B-8CF6-6383E48A4A9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{225FE529-1328-4ADD-9FD4-9A3DC8B21C08}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{22DD4444-857E-4AC1-A8A5-B483844243AF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{23A1370E-58C0-4087-84CF-CD16C1405A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24A602D2-9491-4257-B339-DEF3CF9B8B92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{29509A13-47E2-46E1-8425-B07A77681F1F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{29EA3BB8-F022-4003-9779-7B5AE27010AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D64A147-0081-4C92-A22B-00F375D6C4CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3DE110B4-85AE-40BF-A057-132A1E943577}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FC49A4C-AFF2-4495-838A-5F680679A34F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{4CD0C206-6927-4F76-9189-C7310044E303}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5066007F-C8A4-4C95-98F3-E8C3DAB50519}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5543EABD-86DC-4C81-B706-71F49C926B19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60FB9BED-BD29-47F9-913B-290275F708A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66018CE4-9C3E-446F-B42E-A98045140480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{679CE841-BBBE-4E20-BF05-E6D877B03850}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{67AA25AA-174F-43DD-91AB-FA9C461C7A99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{68AABA27-5644-4EAF-977D-82517AE738E9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{7AEE3632-1B5C-412A-8224-9DDB211F9092}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D5EB9BF-6EF4-4111-86C8-4556C867D74D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{857324FE-6F63-4E61-A8D3-DF269A505FAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AEE6261-76E9-42B9-95B0-BC36D0833FB4}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{8C2C479F-2872-4DA7-9E4D-690057709194}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{8ED8B386-5572-4F4D-B080-56F550C1A463}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{9072A8DB-166B-4C42-AD36-3DEE4C3DE954}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{91A9F05F-2828-4601-A3EF-6D9D55A63C8A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{9620D541-3579-4120-A711-816373B4B446}" = protocol=6 | dir=in | app=c:\users\tams\appdata\roaming\dropbox\bin\dropbox.exe |
"{9738CF3F-AD7D-4347-B6FB-2ED61B38BD58}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E6EBBB2-326E-4437-B196-AC8634D18402}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1370E2F-1C1C-4DC5-8B24-07D0E34001D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A64733E8-2384-4CAD-8F41-8721D9FB6BFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB0C5F2A-CE98-4989-966E-BEABBCC7D4EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B35FF2B2-75E9-4BD5-ADE1-A59FEE18EA32}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{B842E036-1719-4BBF-AA42-C41865D78FE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD0222EA-E184-4CF9-80AD-B09390E6CED8}" = protocol=6 | dir=out | app=system |
"{BFA858F3-B6E0-40C7-A090-9AC1AD74BCBB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C28330CD-A07C-42B9-9C2A-74F375342C41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C437E09C-16DF-4F5C-92A7-9E657FC63410}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{CCA354D9-32C7-4B06-B459-A59DC698D90D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CD181354-77AC-4DC4-8CF8-CD289212186E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CDE531D0-1EAA-418D-A1DA-C355DCE8E669}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{D4AB81F3-A55E-4C5A-AF6C-6306237F7A73}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{DCEB27CE-E898-4B62-8E64-6CC1A27F2843}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E318DA92-68F7-4F2A-BB45-B83F896FA004}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E420A768-176B-4DBD-838C-565662BC75E7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F4757A97-E6E0-4E6D-ACEF-B382D7D3CF37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6E8C4FF-10AC-426B-BFEC-F99EA4162850}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F79115CE-2924-40BC-AF4C-759D44E0DF46}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{F7C0FBDD-EF59-4BCB-8E29-B40E97B14B01}" = protocol=17 | dir=in | app=c:\users\tams\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB74FB17-B215-4D8C-9574-22A77DC00F14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE09249-10A4-43E2-924D-869B5B50F42F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE5F7762-F686-4D5D-8838-DD57975E80AF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A696A783-CE10-4920-A03F-82FC6EE9C759}" = Aeria Ignite
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1689DDD-6378-4966-8865-6292D7141A6A}_is1" = RootsMagic 5.0.2.1
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C5B047B0-E71E-4CF8-8A3F-4793E677B0B7}" = SI Lead Manager - Beta 5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.1.50
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0591-8077-9297-0833" = FamilySearch Indexing 3.12.1
"Acesup_is1" = Acesup 1.0.0.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.9.1511" = Aeria Ignite
"Big Biz Tycoon 2" = Big Biz Tycoon 2
"Block Drop_is1" = Block Drop 1.0.0.0
"Clue" = Clue
"Cribbage_is1" = Cribbage 2.0.8.14
"Delphi5" = Borland Delphi 5
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"EADM" = EA Download Manager
"Family Tree Builder" = MyHeritage Family Tree Builder
"Farkle Solo_is1" = Farkle Solo 1.0.2.3
"Farkle_is1" = Farkle 3.0.13.10
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Google Chrome Frame" = Google Chrome Frame
"HandAndFoot_is1" = Hand And Foot 1.0.11.10
"IcoFX 2_is1" = IcoFX 2.1
"Inno Setup 5_is1" = Inno Setup version 5.4.3
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kings in the Corner_is1" = Kings in the Corner 1.0.2.0
"Laredo Client" = Laredo Client
"Lemonade Tycoon for Windows" = Lemonade Tycoon for Windows
"Mall Tycoon" = Mall Tycoon
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MumboJumbo_is1" = MumboJumbo 1.0.15.17
"Office14.SingleImage" = Microsoft Office Professional 2010
"SimCity 3000" = SimCity 3000
"Switch_is1" = UpStage 1.0.2.0
"Tams11 Software Gaming Lobby_is1" = Tams11 Software Gaming Lobby 1.7.8.24
"TriPeaks_is1" = TriPeaks 1.0.2.5
"Unlimited_is1" = Unlimited 1.0.3.0
"UpStage_is1" = UpStage 1.0.4.5
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Video Converter" = Video Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2012 11:08:14 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2012 4:36:09 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Sims3LauncherW.exe, version: 0.2.0.177,
time stamp: 0x4fc52077 Faulting module name: CmdPortalClient.dll, version: 2.0.0.1,
time stamp: 0x49ce8e3c Exception code: 0xc0000005 Fault offset: 0x0001d158 Faulting
process id: 0x27b4 Faulting application start time: 0x01cd83ca6370db98 Faulting application
path: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\Sims3LauncherW.exe
Faulting
module path: C:\Program Files (x86)\Electronic Arts\EADM\CmdPortalClient.dll Report
Id: aa93ad26-efbd-11e1-b2ce-d4bed9bf6bad

Error - 8/27/2012 1:11:39 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 14.0.6117.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2900 Start
Time: 01cd846bf207651b Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\EXCEL.EXE Report Id: 28d4b4d0-f06a-11e1-b2ce-d4bed9bf6bad

Error - 8/27/2012 1:12:22 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 14.0.6117.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2b14 Start
Time: 01cd847705bda835 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\EXCEL.EXE Report Id: 5637edc1-f06a-11e1-b2ce-d4bed9bf6bad

Error - 8/28/2012 8:37:05 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2012 3:32:21 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Corel PaintShop Pro.exe, version: 14.2.0.88,
time stamp: 0x4faccf07 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161,
time stamp: 0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x00056b1d Faulting
process id: 0x153c Faulting application start time: 0x01cd854ac2ef57dd Faulting application
path: C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: 155de630-f147-11e1-8884-d4bed9bf6bad

Error - 8/29/2012 8:36:10 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 1:53:52 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: Flash32_11_3_300_270.ocx, version: 11.3.300.270,
time stamp: 0x50197f98 Exception code: 0xc0000005 Fault offset: 0x001cfc96 Faulting
process id: 0x2f58 Faulting application start time: 0x01cd86bc53340734 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_270.ocx Report Id: a88c8ed4-f2cb-11e1-8649-d4bed9bf6bad

Error - 8/30/2012 8:07:44 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program LolClient.exe version 2.0.2.12610 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2de0 Start
Time: 01cd86fdd8d27c26 Termination Time: 7 Application Path: C:\Riot Games\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.198\deploy\LolClient.exe

Report
Id: d92921ce-f2ff-11e1-8649-d4bed9bf6bad

Error - 8/30/2012 8:43:59 PM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/18/2012 12:13:26 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/19/2012 9:44:36 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/20/2012 9:37:55 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 9:48:45 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 10:22:08 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 12:46:01 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:29:25 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:48:33 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:49:42 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 5:34:53 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

< End of report >

**TechieRanger** · 2012-10-01, 06:52

Please run OTL.exe.

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=d63dbf97000000000000d4bed9bf6bad
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=64bd786b&tbp=rbox&toolbarid=blekkotb_soc&u=97AB09412D1039368722484FC640A3F6&q={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/09/14 13:46:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 13:46:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 13:16:05 | 000,000,592 | ---- | M] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/04/29 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\OpenCandy

:Files
xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C
xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\4" C:\Users\Public\Desktop /H /I /S /Y /C

:Commands
[purity]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot when it is done.
Then post the results of the log it produces.

In your next reply, please provide the following:

OTL Fix log.
Description of how your PC is running.

Regards,

Richard

**y_molina** · 2012-10-01, 16:33

Ok I ran OTL as directed. When it was done it asked to reboot and I did. But I didn't see a log of any kind.

After the reboot, there are two new files on my desktop both called desktop.ini. Also, some of the folders have a lock on them (like the my documents and setting folder)

I'm not sure what I do now.

Thanks,
Tammy

**TechieRanger** · 2012-10-01, 20:28

No worries

After the reboot, there are two new files on my desktop both called desktop.ini. Also, some of the folders have a lock on them (like the my documents and setting folder)

These items were unhidden by OTL.

The folders that have locks are junction points. We will re-hide the desktop.ini files and junction points later.

You should find some logs in the following location:

C:\_OTL\MovedFiles

The logs will be named MMDDYYYY_HHMMSS.log where MDYHMS are numbers indicating the date and time the log was created.

Please post the last one created, which could be from the fix you've just run.

In your next reply, please provide the following:

OTL log.
Description of how your PC is running.

Regards,

Richard

**y_molina** · 2012-10-01, 20:44

Ok good good. I was worried there for a minute.

Thanks,
Tammy

Here is the log

========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\-9CB2PVYe52Lx0Ur moved successfully.
C:\ProgramData\-9CB2PVYe52Lx0U moved successfully.
C:\ProgramData\9CB2PVYe52Lx0U moved successfully.
C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy\OpenCandy_9616FAD7AA2F4DECA30969CF31AD1E28 folder moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy\9616FAD7AA2F4DECA30969CF31AD1E28 folder moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy folder moved successfully.
========== FILES ==========
< xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\My Identity Protection.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Stage Remote.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Help Documentation.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\EA Download Manager.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\AeriaGames\Ignite.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Delphi 5 .lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Delphi 5 Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Image Editor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Register Now!.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Creating Custom Components.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Developing COM-based Applications.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Image Editor Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Object Pascal Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Programming with Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Using Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Visual Component Library Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\What's New in Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\ISAPI Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\MAPI Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Multimedia Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Programmer's Guide to Windows 95.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Tools Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Windows Developers Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Windows Performance Data Helper Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\MIDL Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Multimedia API Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\OLE Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\OpenGL Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Pen API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Remote Procedure Call Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 Programming Techniques.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 SDK Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32s Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows SDK and OLE Knowledge Base.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Setup API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Sockets 2 Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Telephony API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Cat Daddy Games\School Tycoon\Launch Readme.doc.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Cat Daddy Games\School Tycoon\Launch School.exe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Corel PaintShop Pro X4\Corel PaintShop Pro X4.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Corel PaintShop Pro X4\Restore Database.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Digital Delivery.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\SyncUP.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Software & Utilities\Dell Getting Started Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe\Dell DataSafe Local Backup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe Online\Dell DataSafe Online.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Dell Stage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\MusicStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\PhotoStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Stage Remote.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\VideoStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Weather.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\PC Checkup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Tools\Free YouTube Download Lite.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Tools\System Report.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FamilySearch\FamilySearch Indexing Uninstaller.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FamilySearch\FamilySearch Indexing.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\FileZilla.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Hexacto.com.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\FAQ.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Install AOL FREE Trial!.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Lemonade Tycoon for Windows.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Register Lemonade Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Remove Lemonade Tycoon for Windows.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Casual Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Enthusiast Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Kids Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All MMO Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\FATE.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Plants vs. Zombies - Game of the Year.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\The SimsT 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - dell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\GIMP\GIMP 2.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\GIMP\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\Clue.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\DirectX Setup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\DXMWrap Setup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\Readme.txt .lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\UnInstall Clue.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Officejet Pro 8600.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Product Improvement Study.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Scan.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Printer Setup & Software.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Product Support Website.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Shop for Supplies.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Update IP Address.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Wireless Printing Online Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\IcoFX on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\IcoFX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\Uninstall\Uninstall IcoFX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT Deluxe Install Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT Deluxe PDF Manual.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RollerCoaster Tycoon Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\Uninstall RCT Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\www.rollercoastertycoon.com.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Compiler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Documentation.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Example Scripts.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup FAQ.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Revision History.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Animation Shop 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Paint Shop Pro 7.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Utilites\Jasc Tube Converter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Play Mall Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\View Manual.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\View Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit Holistic Design.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit Take2 Interactive.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit the Mall Tycoon site.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Contact Support.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Electronic Registration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\SimCity 3000.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Uninstall SimCity 3000.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\McAfee\McAfee SecurityCenter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\MUSICMATCH\MUSICMATCH Jukebox.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 10\Nero ControlCenter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Outspark\Fiesta.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\Uninstall PADGen.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Perfect World Entertainment\Perfect World International\Uninstall Perfect World International.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RIFT\RIFT Game Website.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RIFT\Uninstall RIFT.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic 5 To-Go.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic 5.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic Chart.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn Options.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Tams11Lobby.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Uninstall Tams11Lobby.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Cribbage\Cribbage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Cribbage\Uninstall Cribbage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Farkle\Farkle.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Farkle\Uninstall Farkle.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Hand And Foot\Hand And Foot.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Hand And Foot\Uninstall Hand And Foot.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\KingsintheCorner\KingsintheCorner.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\KingsintheCorner\Uninstall KingsintheCorner.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\MumboJumbo\MumboJumbo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\MumboJumbo\Uninstall MumboJumbo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Switch\Switch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Switch\Uninstall Switch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Unlimited\Uninstall Unlimited.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Unlimited\Unlimited.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\UpStage\Uninstall UpStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\UpStage\UpStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\BlockDrop\BlockDrop.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\BlockDrop\Uninstall BlockDrop.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\FarkleSolo\FarkleSolo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\FarkleSolo\Uninstall FarkleSolo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\TriPeaks\TriPeaks.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\TriPeaks\Uninstall TriPeaks.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mesh.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\Web site.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter Help.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter.lnk
268 File(s) copied
C:\Users\Tams\Desktop\cmd.bat deleted successfully.
C:\Users\Tams\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\4" C:\Users\Public\Desktop /H /I /S /Y /C >
C:\Users\Tams\AppData\Local\Temp\smtmp\4\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Fiesta.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Launch School.exe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\musicmatch JUKEBOX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\RollerCoaster Tycoon Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\The SimsT 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Zoo Tycoon.lnk
7 File(s) copied
C:\Users\Tams\Desktop\cmd.bat deleted successfully.
C:\Users\Tams\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.68.0 log created on 10012012_091604

**TechieRanger** · 2012-10-03, 00:35

Nice work

MALWAREBYTES' ANTI-MALWARE
-------------------------------------------
Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your Desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Next

ADWCLEANER
----------------------------
Download AdwCleaner from here and save it to your desktop.

Run AdwCleaner and select Delete.
Once done it will ask to reboot, allow the reboot.
On reboot a log will be produced, please attach the content of the log to your next reply.

Next

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the green ESET Online Scanner button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps):
- Click on Download to download the ESET Smart Installer. Save it to your desktop.
- Double click on the esetsmartinstaller_enu.exe icon on your desktop.
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Check Scan archives.
Ensure that the option "Remove found threats" is Unchecked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats.
Push Export to text file..., and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
Push the Back button.
Push Finish.

Next

Please post a fresh OTL scan log so I can review it.

In your next reply, please provide the following:

MBAM log.
AdwCleaner log.
ESET log.
OTL log.
Update on how your PC is running.

Regards,

Richard

Thread: Something has infected me, not sure what

Thread Tools

Display

Posting Permissions