Something has infected me, not sure what

[y_molina]

Ok everything seems to run fine. The desktop /menu items are back to normal. I can access everything that I tested (the important things.) So it seems like all is running great!

After running OTL, the files in the programdata file that were labled with random charcters and numbers were still there.

One question, when I shut down that computer, it said that Windows is installing 2 updates. This is the first time it's been connected to the internet in a week. Do you think it was a normal windows update or something that I should be concerned about?

Thanks for your patience and help!
Tammy

OTL Log

Error: Unable to interpret <Code:> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\ProgramData\9CB2PVYe52Lx0U.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.68.0 log created on 09272012_004248

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


aswmbr log

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-27 00:46:27
-----------------------------
00:46:27.192 OS Version: Windows x64 6.1.7601 Service Pack 1
00:46:27.192 Number of processors: 2 586 0x2A07
00:46:27.192 ComputerName: TAMS-PC UserName: Tams
00:46:28.721 Initialize success
00:47:54.805 AVAST engine defs: 12092601
00:48:03.915 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:48:03.915 Disk 0 Vendor: ST3500413AS JC49 Size: 476940MB BusType: 3
00:48:03.931 Disk 0 MBR read successfully
00:48:03.931 Disk 0 MBR scan
00:48:03.931 Disk 0 Windows VISTA default MBR code
00:48:03.946 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
00:48:03.962 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15168 MB offset 81920
00:48:03.993 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461717 MB offset 31145984
00:48:04.055 Disk 0 scanning C:\Windows\system32\drivers
00:48:19.858 Service scanning
00:49:19.575 Modules scanning
00:49:19.575 Disk 0 trace - called modules:
00:49:19.591 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:49:19.591 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c20060]
00:49:19.591 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa80045c5dc0]
00:49:19.591 5 ACPI.sys[fffff88000efa7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800471a060]
00:49:26.938 AVAST engine scan C:\Windows
00:49:37.220 AVAST engine scan C:\Windows\system32
18:53:29.947 AVAST engine scan C:\Windows\system32\drivers
18:53:44.814 AVAST engine scan C:\Users\Tams
19:11:36.556 AVAST engine scan C:\ProgramData
19:13:19.064 Scan finished successfully
19:14:43.819 Disk 0 MBR has been saved successfully to "C:\Users\Tams\Desktop\MBR.dat"
19:14:43.834 The log file has been saved successfully to "C:\Users\Tams\Desktop\aswMBR.txt"
19:14:55.272 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
19:14:55.335 The log file has been saved successfully to "G:\aswMBR.txt"

 

[y_molina]

Sorry, I thought I attached the zip file but I guess I didn't do it right. Here is is..

 

[TechieRanger]

One question, when I shut down that computer, it said that Windows is installing 2 updates. This is the first time it's been connected to the internet in a week. Do you think it was a normal windows update or something that I should be concerned about?

I think those could be legitimate updates.:bigthumb:

Run OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.

• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  services.exe
  /md5stop
  %systemroot%\*. /rp /s
  %systemdrive%\$Recycle.Bin|@;true;true;true
  %USERPROFILE%\..|smtmp;true;true;true /FP
  %temp%\smtmp\*.* /s >
  DRIVES
  CREATERESTOREPOINT
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

In your next reply, please provide the following:

• OTL log.
• Description of how your PC is running.

Regards,

Richard:greeting:

 

[y_molina]

Here are the logs

OTL logfile created on: 9/30/2012 10:56:41 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.84% Memory free
7.83 Gb Paging File | 6.42 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 339.94 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 104.93 Mb Free Space | 87.27% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=d63dbf97000000000000d4bed9bf6bad
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=64bd786b&tbp=rbox&toolbarid=blekkotb_soc&u=97AB09412D1039368722484FC640A3F6&q={searchTerms}
IE - HKCU\..\SearchScopes\{41E10EB8-CA40-4091-9298-7425CCABFA95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/26 04:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/05 16:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/07 12:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tams\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/09/27 00:42:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - Startup: C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 10:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/27 00:49:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/27 00:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/27 00:42:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/27 00:40:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/26 19:18:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/26 19:18:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/26 19:18:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/26 19:18:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/26 19:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/26 19:18:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/26 19:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/26 19:18:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/26 19:18:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/26 19:18:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/26 19:18:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/26 19:18:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/26 19:18:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/26 19:18:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/26 19:18:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/20 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\Tams\Desktop\RK_Quarantine
[2012/09/18 08:30:39 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:30:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 20:50:46 | 000,000,000 | ---D | C] -- C:\Users\Tams\Desktop\New folder
[2012/09/14 14:29:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/09/14 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/09/14 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/14 13:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/09/14 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Citrix
[2012/09/12 08:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 08:28:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 08:28:32 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 08:28:32 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 21:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark
[2012/09/10 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Aeria Games
[2012/09/10 18:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/09/10 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/10 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Akamai
[2012/09/10 17:31:36 | 000,000,000 | ---D | C] -- C:\AeriaGames
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/30 11:00:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 11:00:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 10:53:11 | 000,001,932 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/09/30 10:53:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 10:52:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 10:52:52 | 3152,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/28 09:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/28 08:26:01 | 000,002,971 | ---- | M] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/27 00:42:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/26 19:15:43 | 000,000,567 | ---- | M] () -- C:\Users\Tams\Desktop\MBR.zip
[2012/09/26 19:14:43 | 000,000,512 | ---- | M] () -- C:\Users\Tams\Desktop\MBR.dat
[2012/09/26 18:37:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/26 18:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/24 19:43:38 | 000,001,051 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 07:29:52 | 001,382,912 | ---- | M] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:42:32 | 000,080,384 | ---- | M] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:27:44 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:27:38 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 22:03:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 22:03:33 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 22:03:33 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/14 14:48:29 | 000,001,264 | ---- | M] () -- C:\Users\Tams\Desktop\Spybot - Search & Destroy.lnk
[2012/09/14 14:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/09/14 13:46:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 13:46:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 13:16:05 | 000,000,592 | ---- | M] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/13 14:12:04 | 000,000,024 | ---- | M] () -- C:\Users\Tams\random.dat
[2012/09/13 13:52:52 | 000,000,043 | ---- | M] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/09/11 08:39:47 | 000,002,116 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/10 21:35:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/09 17:12:37 | 000,013,541 | ---- | M] () -- C:\Users\Tams\Desktop\ringingbulldiag.jpg
[2012/09/05 08:48:54 | 000,002,062 | ---- | M] () -- C:\Users\Tams\Documents\Default.rdp
[2012/08/31 18:30:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/28 08:26:01 | 000,002,971 | ---- | C] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/26 19:15:43 | 000,000,567 | ---- | C] () -- C:\Users\Tams\Desktop\MBR.zip
[2012/09/26 19:14:43 | 000,000,512 | ---- | C] () -- C:\Users\Tams\Desktop\MBR.dat
[2012/09/24 19:43:38 | 000,001,051 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 08:57:06 | 001,382,912 | ---- | C] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:53:54 | 000,080,384 | ---- | C] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:48:17 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/18 08:48:17 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon Deluxe.lnk
[2012/09/18 08:48:17 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\musicmatch JUKEBOX.lnk
[2012/09/18 08:48:17 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/09/18 08:48:17 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon.lnk
[2012/09/18 08:48:17 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/18 08:48:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/18 08:48:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/18 08:48:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/18 08:48:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/18 08:48:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/09/18 08:48:17 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Launch School.exe.lnk
[2012/09/18 08:48:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/09/18 08:48:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/09/18 08:48:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/18 08:48:16 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/09/18 08:48:16 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/09/18 08:48:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/18 08:48:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/18 08:48:15 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/09/18 08:48:15 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2012/09/16 21:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/09/14 12:29:07 | 000,000,160 | ---- | C] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 12:29:07 | 000,000,144 | ---- | C] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | C] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/14 12:28:58 | 000,000,592 | ---- | C] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/09 17:14:37 | 000,013,541 | ---- | C] () -- C:\Users\Tams\Desktop\ringingbulldiag.jpg
[2012/08/31 17:00:18 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/07/26 22:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/06/09 17:26:21 | 000,002,741 | ---- | C] () -- C:\Users\Tams\.recently-used.xbel
[2012/05/22 18:07:10 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE2.dat
[2012/05/19 20:15:05 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/05/05 14:40:03 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE1.dat
[2012/04/26 12:22:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 13:16:39 | 000,000,396 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/03/09 13:15:28 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/03/01 20:37:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/03/01 20:37:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/02/24 22:55:40 | 000,000,043 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/02/24 22:55:40 | 000,000,024 | ---- | C] () -- C:\Users\Tams\random.dat
[2012/02/24 15:43:58 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\D5uninst.dll
[2012/02/24 15:43:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IDUNINST.DLL
[2012/02/24 14:08:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/24 13:24:20 | 000,007,590 | ---- | C] () -- C:\Users\Tams\AppData\Local\Resmon.ResmonCfg
[2012/02/21 14:47:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/21 14:47:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/21 14:47:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/10 11:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/10 15:16:23 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\.minecraft
[2012/09/30 10:53:44 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Dropbox
[2012/06/02 22:17:41 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\DVDVideoSoft
[2012/04/29 14:03:24 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/03/13 14:01:02 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\EurekaLog
[2012/09/05 08:46:38 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\FileZilla
[2012/02/24 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Fingertapps
[2012/03/01 17:16:32 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\FOG Downloader
[2012/06/09 17:26:21 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\gtk-2.0
[2012/09/01 12:11:25 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\IcoFX2X
[2012/08/30 17:17:56 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\LolClient
[2012/03/09 13:24:54 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\MyHeritage
[2012/04/29 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\OpenCandy
[2012/02/24 19:38:01 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\PADGen
[2012/07/11 12:35:02 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\PCDr
[2012/03/02 22:02:05 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\RIFT
[2012/03/12 12:16:51 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\RootsMagic
[2012/09/05 08:48:44 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Tams11
[2012/08/07 01:48:43 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\TeamViewer
[2012/03/09 13:15:27 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2012/03/07 12:20:53 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Thunderbird
[2012/06/26 15:09:42 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\Ulead Systems
[2012/06/15 13:24:14 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1999/06/25 10:55:30 | 000,149,504 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: EXPLORER.EXE >
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/02/21 15:08:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/02/21 15:08:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %USERPROFILE%\..|smtmp;true;true;true /FP >
[2012/09/14 12:28:20 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp
[2012/09/14 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp\1
[2012/09/14 12:29:13 | 000,000,000 | ---D | M] -- C:\Users\Tams\..\Tams\AppData\Local\Temp\smtmp\4

< %temp%\smtmp\*.* /s > >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3500413AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: OTi Flash Disk USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 41943040
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 451.00GB
Starting Offset: 15946743808
Hidden sectors: 0


DeviceID: Disk #2, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 120.00MB
Starting Offset: 16384
Hidden sectors: 0


< End of report >

 

[y_molina]

OTL Extras logfile created on: 9/30/2012 10:56:41 AM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 66.84% Memory free
7.83 Gb Paging File | 6.42 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 339.94 Gb Free Space | 75.39% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 104.93 Mb Free Space | 87.27% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1464B388-08F8-46F6-AD60-A7469DA607B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{167AF688-37C4-4477-961D-598878AB1642}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36F71FF8-672D-4251-B39E-815A21E9CD6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CF9A17E-0DBF-494B-AC56-E3D206EFC3EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{406CBF8C-37C3-4321-B683-D50287CB7A0A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{57A7311C-E0D7-45CC-A09D-E9DDBD4D794C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{64BFADA2-7E8B-449D-8F6F-EAECF9BF9553}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67EC299D-0562-4F84-967C-C3E53A9C0C29}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7046522E-35D9-4DED-B095-1E89D7B0A130}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7488E346-4552-4631-932A-7323A838D3ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7919F9BB-734A-462F-8A93-752274C3B1AC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B51ACF6-35CA-413E-A63A-E7D1734E9C19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83622AF4-D04A-4FDF-BB73-48762248C5A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{8AD3186E-39BA-40E5-9000-0EC9E9C3AAA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{91136997-DECC-4CBA-B2F1-94CF0212822D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{942086F9-26F5-4E13-A66B-A4DB33B6802F}" = rport=138 | protocol=17 | dir=out | app=system |
"{AABDCCC1-DF7C-4181-BE03-9A39EB443617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD639C33-6BC1-48A5-B108-8A0C3C807825}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{CA130D11-6658-41C6-BB91-DFC72AE19E9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD16550B-CD35-46BA-864F-F9A8F66490EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5BFB73E-011E-4C1B-AC55-153B3BB71FE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{D916F3E8-172C-4586-822F-EE1846C03122}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE5AAC2B-EA4D-44D9-85CB-C7857C6DF260}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF56BE71-5CC0-4BB0-9ABB-DA2935D6AAFA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E12BA499-862D-49F8-9F03-1D0E4C81A545}" = rport=445 | protocol=6 | dir=out | app=system |
"{E277ECA2-4742-4493-BE11-BF5BB9F587E5}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{E55DC234-34B9-4761-AD6B-D1791CD4288E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E84AAF86-24E8-4A27-BC82-DDB0EFA67648}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{FC4F3DE9-796F-4617-A230-B1050ACB06C9}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{FCE8ECB6-C5E4-4609-B30B-16A381FAD9EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D4932C-63BA-4B2D-8A7D-9357BBDB6C81}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02518F73-F3A7-43DC-A9F1-884F64C6E0F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03659674-33BD-4A43-B7BC-FF404CC0AFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{063FCA6F-CFA7-4061-B1C5-4E1A4D803C55}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{09C889EE-8AAC-45B9-ABCD-EA62C538A315}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{14D1399B-33E4-453B-8CF6-6383E48A4A9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{225FE529-1328-4ADD-9FD4-9A3DC8B21C08}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{22DD4444-857E-4AC1-A8A5-B483844243AF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{23A1370E-58C0-4087-84CF-CD16C1405A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24A602D2-9491-4257-B339-DEF3CF9B8B92}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{29509A13-47E2-46E1-8425-B07A77681F1F}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{29EA3BB8-F022-4003-9779-7B5AE27010AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D64A147-0081-4C92-A22B-00F375D6C4CF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3DE110B4-85AE-40BF-A057-132A1E943577}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3FC49A4C-AFF2-4495-838A-5F680679A34F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{4CD0C206-6927-4F76-9189-C7310044E303}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5066007F-C8A4-4C95-98F3-E8C3DAB50519}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5543EABD-86DC-4C81-B706-71F49C926B19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{60FB9BED-BD29-47F9-913B-290275F708A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66018CE4-9C3E-446F-B42E-A98045140480}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{679CE841-BBBE-4E20-BF05-E6D877B03850}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{67AA25AA-174F-43DD-91AB-FA9C461C7A99}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{68AABA27-5644-4EAF-977D-82517AE738E9}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{7AEE3632-1B5C-412A-8224-9DDB211F9092}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D5EB9BF-6EF4-4111-86C8-4556C867D74D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{857324FE-6F63-4E61-A8D3-DF269A505FAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8AEE6261-76E9-42B9-95B0-BC36D0833FB4}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{8C2C479F-2872-4DA7-9E4D-690057709194}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{8ED8B386-5572-4F4D-B080-56F550C1A463}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{9072A8DB-166B-4C42-AD36-3DEE4C3DE954}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{91A9F05F-2828-4601-A3EF-6D9D55A63C8A}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{9620D541-3579-4120-A711-816373B4B446}" = protocol=6 | dir=in | app=c:\users\tams\appdata\roaming\dropbox\bin\dropbox.exe |
"{9738CF3F-AD7D-4347-B6FB-2ED61B38BD58}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{9E6EBBB2-326E-4437-B196-AC8634D18402}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1370E2F-1C1C-4DC5-8B24-07D0E34001D5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A64733E8-2384-4CAD-8F41-8721D9FB6BFD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AB0C5F2A-CE98-4989-966E-BEABBCC7D4EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B35FF2B2-75E9-4BD5-ADE1-A59FEE18EA32}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{B842E036-1719-4BBF-AA42-C41865D78FE3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BD0222EA-E184-4CF9-80AD-B09390E6CED8}" = protocol=6 | dir=out | app=system |
"{BFA858F3-B6E0-40C7-A090-9AC1AD74BCBB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C28330CD-A07C-42B9-9C2A-74F375342C41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C437E09C-16DF-4F5C-92A7-9E657FC63410}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{CCA354D9-32C7-4B06-B459-A59DC698D90D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CD181354-77AC-4DC4-8CF8-CD289212186E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{CDE531D0-1EAA-418D-A1DA-C355DCE8E669}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{D4AB81F3-A55E-4C5A-AF6C-6306237F7A73}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{DCEB27CE-E898-4B62-8E64-6CC1A27F2843}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E318DA92-68F7-4F2A-BB45-B83F896FA004}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E420A768-176B-4DBD-838C-565662BC75E7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F4757A97-E6E0-4E6D-ACEF-B382D7D3CF37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F6E8C4FF-10AC-426B-BFEC-F99EA4162850}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F79115CE-2924-40BC-AF4C-759D44E0DF46}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{F7C0FBDD-EF59-4BCB-8E29-B40E97B14B01}" = protocol=17 | dir=in | app=c:\users\tams\appdata\roaming\dropbox\bin\dropbox.exe |
"{FB74FB17-B215-4D8C-9574-22A77DC00F14}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FBE09249-10A4-43E2-924D-869B5B50F42F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FE5F7762-F686-4D5D-8838-DD57975E80AF}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0015DE8E-8D9F-403E-8E5A-4098410E6125}" = PSPPro64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2D5E3D2B-919F-407C-8757-E64827518BB6}" = HP Officejet Pro 8600 Basic Device Software
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F792E5B0-11C4-4C68-8A63-FB5F52749180}" = HP Officejet Pro 8600 Product Improvement Study
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{266F34CA-580F-4615-80FE-BDFBD56B748F}" = School Tycoon
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH Jukebox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{924EAD66-F854-4605-8493-696DD59A113B}" = RollerCoaster Tycoon Deluxe
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A696A783-CE10-4920-A03F-82FC6EE9C759}" = Aeria Ignite
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFC08A81-D3C5-46F4-8F08-876E4BA606EA}" = Dell Digital Delivery
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1689DDD-6378-4966-8865-6292D7141A6A}_is1" = RootsMagic 5.0.2.1
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C5B047B0-E71E-4CF8-8A3F-4793E677B0B7}" = SI Lead Manager - Beta 5
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EFE356A6-91C3-450F-A469-504ACA655A7A}_is1" = PADGen 3.1.1.50
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0591-8077-9297-0833" = FamilySearch Indexing 3.12.1
"Acesup_is1" = Acesup 1.0.0.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.9.1511" = Aeria Ignite
"Big Biz Tycoon 2" = Big Biz Tycoon 2
"Block Drop_is1" = Block Drop 1.0.0.0
"Clue" = Clue
"Cribbage_is1" = Cribbage 2.0.8.14
"Delphi5" = Borland Delphi 5
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"EADM" = EA Download Manager
"Family Tree Builder" = MyHeritage Family Tree Builder
"Farkle Solo_is1" = Farkle Solo 1.0.2.3
"Farkle_is1" = Farkle 3.0.13.10
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.22.508
"Google Chrome Frame" = Google Chrome Frame
"HandAndFoot_is1" = Hand And Foot 1.0.11.10
"IcoFX 2_is1" = IcoFX 2.1
"Inno Setup 5_is1" = Inno Setup version 5.4.3
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kings in the Corner_is1" = Kings in the Corner 1.0.2.0
"Laredo Client" = Laredo Client
"Lemonade Tycoon for Windows" = Lemonade Tycoon for Windows
"Mall Tycoon" = Mall Tycoon
"Mozilla Thunderbird 15.0.1 (x86 en-US)" = Mozilla Thunderbird 15.0.1 (x86 en-US)
"MSC" = McAfee SecurityCenter
"MumboJumbo_is1" = MumboJumbo 1.0.15.17
"Office14.SingleImage" = Microsoft Office Professional 2010
"SimCity 3000" = SimCity 3000
"Switch_is1" = UpStage 1.0.2.0
"Tams11 Software Gaming Lobby_is1" = Tams11 Software Gaming Lobby 1.7.8.24
"TriPeaks_is1" = TriPeaks 1.0.2.5
"Unlimited_is1" = Unlimited 1.0.3.0
"UpStage_is1" = UpStage 1.0.4.5
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley (TM)
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Video Converter" = Video Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/26/2012 11:08:14 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/26/2012 4:36:09 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Sims3LauncherW.exe, version: 0.2.0.177,
time stamp: 0x4fc52077 Faulting module name: CmdPortalClient.dll, version: 2.0.0.1,
time stamp: 0x49ce8e3c Exception code: 0xc0000005 Fault offset: 0x0001d158 Faulting
process id: 0x27b4 Faulting application start time: 0x01cd83ca6370db98 Faulting application
path: C:\Program Files (x86)\Electronic Arts\The Sims 3\Game\Bin\Sims3LauncherW.exe
Faulting
module path: C:\Program Files (x86)\Electronic Arts\EADM\CmdPortalClient.dll Report
Id: aa93ad26-efbd-11e1-b2ce-d4bed9bf6bad

Error - 8/27/2012 1:11:39 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 14.0.6117.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2900 Start
Time: 01cd846bf207651b Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\EXCEL.EXE Report Id: 28d4b4d0-f06a-11e1-b2ce-d4bed9bf6bad

Error - 8/27/2012 1:12:22 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program EXCEL.EXE version 14.0.6117.5003 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2b14 Start
Time: 01cd847705bda835 Termination Time: 0 Application Path: C:\Program Files (x86)\Microsoft
Office\Office14\EXCEL.EXE Report Id: 5637edc1-f06a-11e1-b2ce-d4bed9bf6bad

Error - 8/28/2012 8:37:05 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/28/2012 3:32:21 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Corel PaintShop Pro.exe, version: 14.2.0.88,
time stamp: 0x4faccf07 Faulting module name: MSVCR90.dll, version: 9.0.30729.6161,
time stamp: 0x4dace5b9 Exception code: 0xc0000005 Fault offset: 0x00056b1d Faulting
process id: 0x153c Faulting application start time: 0x01cd854ac2ef57dd Faulting application
path: C:\Program Files (x86)\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Report
Id: 155de630-f147-11e1-8884-d4bed9bf6bad

Error - 8/29/2012 8:36:10 AM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

Error - 8/30/2012 1:53:52 PM | Computer Name = Tams-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16448,
time stamp: 0x4fecf1b7 Faulting module name: Flash32_11_3_300_270.ocx, version: 11.3.300.270,
time stamp: 0x50197f98 Exception code: 0xc0000005 Fault offset: 0x001cfc96 Faulting
process id: 0x2f58 Faulting application start time: 0x01cd86bc53340734 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_270.ocx Report Id: a88c8ed4-f2cb-11e1-8649-d4bed9bf6bad

Error - 8/30/2012 8:07:44 PM | Computer Name = Tams-PC | Source = Application Hang | ID = 1002
Description = The program LolClient.exe version 2.0.2.12610 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2de0 Start
Time: 01cd86fdd8d27c26 Termination Time: 7 Application Path: C:\Riot Games\League
of Legends\RADS\projects\lol_air_client\releases\0.0.0.198\deploy\LolClient.exe

Report
Id: d92921ce-f2ff-11e1-8649-d4bed9bf6bad

Error - 8/30/2012 8:43:59 PM | Computer Name = Tams-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/18/2012 12:13:26 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/19/2012 9:44:36 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/20/2012 9:37:55 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 9:48:45 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 10:22:08 AM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/21/2012 12:46:01 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:29:25 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:48:33 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 1:49:42 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/22/2012 5:34:53 PM | Computer Name = Tams-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\MxlW2k.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.


< End of report >

 

[TechieRanger]

Please run OTL.exe.

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109935&babsrc=SP_ss&mntrId=d63dbf97000000000000d4bed9bf6bad
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/blekkotb_soc/?source=64bd786b&tbp=rbox&toolbarid=blekkotb_soc&u=97AB09412D1039368722484FC640A3F6&q={searchTerms}
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
[2012/09/14 13:46:37 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0Ur
[2012/09/14 13:46:37 | 000,000,144 | ---- | M] () -- C:\ProgramData\-9CB2PVYe52Lx0U
[2012/09/14 13:16:05 | 000,000,592 | ---- | M] () -- C:\ProgramData\9CB2PVYe52Lx0U
[2012/09/14 12:29:06 | 000,000,681 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/04/29 14:03:29 | 000,000,000 | ---D | M] -- C:\Users\Tams\AppData\Roaming\OpenCandy

:Files
xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C
xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\4" C:\Users\Public\Desktop /H /I /S /Y /C

:Commands
[purity]
[Reboot]

• Then click the Run Fix button at the top.
• Let the program run unhindered, reboot when it is done.
• Then post the results of the log it produces.

In your next reply, please provide the following:

• OTL Fix log.
• Description of how your PC is running.

Regards,

Richard:greeting:

 

[y_molina]

Ok I ran OTL as directed. When it was done it asked to reboot and I did. But I didn't see a log of any kind.

After the reboot, there are two new files on my desktop both called desktop.ini. Also, some of the folders have a lock on them (like the my documents and setting folder)

I'm not sure what I do now.

Thanks,
Tammy

 

[TechieRanger]

No worries:

After the reboot, there are two new files on my desktop both called desktop.ini. Also, some of the folders have a lock on them (like the my documents and setting folder)

These items were unhidden by OTL.

The folders that have locks are junction points. We will re-hide the desktop.ini files and junction points later.:bigthumb:

You should find some logs in the following location:

C:\_OTL\MovedFiles

The logs will be named MMDDYYYY_HHMMSS.log where MDYHMS are numbers indicating the date and time the log was created.

Please post the last one created, which could be from the fix you've just run.

In your next reply, please provide the following:

• OTL log.
• Description of how your PC is running.

Regards,

Richard:greeting:

 

[y_molina]

Ok good good. I was worried there for a minute.

Thanks,
Tammy

Here is the log

========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\-9CB2PVYe52Lx0Ur moved successfully.
C:\ProgramData\-9CB2PVYe52Lx0U moved successfully.
C:\ProgramData\9CB2PVYe52Lx0U moved successfully.
C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy\OpenCandy_9616FAD7AA2F4DECA30969CF31AD1E28 folder moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy\9616FAD7AA2F4DECA30969CF31AD1E28 folder moved successfully.
C:\Users\Tams\AppData\Roaming\OpenCandy folder moved successfully.
========== FILES ==========
< xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\1" "C:\ProgramData\Microsoft\Windows\Start Menu" /H /I /S /Y /C >
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\My Identity Protection.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Stage Remote.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Windows Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Help Documentation.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\EA Download Manager.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\I.R.I.S. OCR Registration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Media Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Sidebar.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Anytime Upgrade.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows DVD Maker.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Fax and Scan.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Messenger.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Movie Maker.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live Photo Gallery.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\AeriaGames\Ignite.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Delphi 5 .lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Delphi 5 Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Image Editor.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Register Now!.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Creating Custom Components.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Developing COM-based Applications.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Image Editor Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Object Pascal Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Programming with Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Using Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\Visual Component Library Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\What's New in Delphi.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\ISAPI Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\MAPI Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Multimedia Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Programmer's Guide to Windows 95.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Tools Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Windows Developers Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Microsoft Windows Performance Data Helper Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\MIDL Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Multimedia API Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\OLE Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\OpenGL Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Pen API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Remote Procedure Call Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 Programming Techniques.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32 SDK Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Win32s Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows SDK and OLE Knowledge Base.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Setup API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Sockets 2 Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Borland Delphi 5\Help\MS SDK Help Files\Windows Telephony API Programmer's Reference.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Cat Daddy Games\School Tycoon\Launch Readme.doc.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Cat Daddy Games\School Tycoon\Launch School.exe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Corel PaintShop Pro X4\Corel PaintShop Pro X4.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Corel PaintShop Pro X4\Restore Database.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Digital Delivery.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\SyncUP.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Software & Utilities\Dell Getting Started Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe\Dell DataSafe Local Backup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell DataSafe Online\Dell DataSafe Online.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Dell Stage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\MusicStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\PhotoStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Stage Remote.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\VideoStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Stage\Weather.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\Dell Support Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Dell Support Center\PC Checkup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Free Studio Manager.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs\Free YouTube to MP3 Converter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Tools\Free YouTube Download Lite.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Tools\System Report.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FamilySearch\FamilySearch Indexing Uninstaller.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FamilySearch\FamilySearch Indexing.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\FileZilla.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Hexacto.com.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\FAQ.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Install AOL FREE Trial!.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Lemonade Tycoon for Windows.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Register Lemonade Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Game On\Lemonade Tycoon\Remove Lemonade Tycoon for Windows.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Casual Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Enthusiast Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All Kids Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\All MMO Games.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Bejeweled 2 Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\FATE.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Plants vs. Zombies - Game of the Year.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Polar Bowler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\The SimsT 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Games\WildTangent Games App - dell.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\GIMP\GIMP 2.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\GIMP\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\Clue.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\DirectX Setup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\DXMWrap Setup.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\Readme.txt .lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Hasbro Interactive\Clue\UnInstall Clue.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Update.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Officejet Pro 8600.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Product Improvement Study.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\HP Scan.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Printer Setup & Software.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Product Support Website.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Shop for Supplies.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Update IP Address.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\HP\HP Officejet Pro 8600\Wireless Printing Online Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\IcoFX on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\IcoFX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\IcoFX 2\Uninstall\Uninstall IcoFX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT Deluxe Install Guide.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT Deluxe PDF Manual.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RollerCoaster Tycoon Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\Uninstall RCT Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Infogrames Interactive\RollerCoaster Tycoon Deluxe\www.rollercoastertycoon.com.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Compiler.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Documentation.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Example Scripts.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup FAQ.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Inno Setup 5\Inno Setup Revision History.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Animation Shop 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Paint Shop Pro 7.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Jasc Software\Utilites\Jasc Tube Converter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Play Mall Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\View Manual.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\View Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit Holistic Design.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit Take2 Interactive.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Mall Tycoon\Visit the Mall Tycoon site.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Contact Support.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Electronic Registration.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\SimCity 3000.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Maxis\SimCity 3000\Uninstall SimCity 3000.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\McAfee\McAfee SecurityCenter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon Readme.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Games\Zoo Tycoon\Zoo Tycoon.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\MUSICMATCH\MUSICMATCH Jukebox.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Nero\Nero 10\Nero ControlCenter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Outspark\Fiesta.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen Help.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\PADGen.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\PADGen\Uninstall PADGen.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Perfect World Entertainment\Perfect World International\Uninstall Perfect World International.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RIFT\RIFT Game Website.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RIFT\Uninstall RIFT.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic 5 To-Go.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic 5.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic Chart.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\RootsMagic 5\RootsMagic on the Web.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn Options.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Burn.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Tams11Lobby.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Uninstall Tams11Lobby.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Cribbage\Cribbage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Cribbage\Uninstall Cribbage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Farkle\Farkle.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Farkle\Uninstall Farkle.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Hand And Foot\Hand And Foot.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Hand And Foot\Uninstall Hand And Foot.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\KingsintheCorner\KingsintheCorner.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\KingsintheCorner\Uninstall KingsintheCorner.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\MumboJumbo\MumboJumbo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\MumboJumbo\Uninstall MumboJumbo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Switch\Switch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Switch\Uninstall Switch.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Unlimited\Uninstall Unlimited.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\Unlimited\Unlimited.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\UpStage\Uninstall UpStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Games\UpStage\UpStage.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\BlockDrop\BlockDrop.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\BlockDrop\Uninstall BlockDrop.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\FarkleSolo\FarkleSolo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\FarkleSolo\Uninstall FarkleSolo.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\TriPeaks\TriPeaks.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Tams11\Solo-Games\TriPeaks\Uninstall TriPeaks.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Mesh.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\Windows Live\Windows Live Writer.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\Uninstall.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\Web site.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter Help.url
C:\Users\Tams\AppData\Local\Temp\smtmp\1\Programs\YTD YouTube Downloader & Converter\YTD YouTube Downloader & Converter.lnk
268 File(s) copied
C:\Users\Tams\Desktop\cmd.bat deleted successfully.
C:\Users\Tams\Desktop\cmd.txt deleted successfully.
< xcopy "C:\Users\Tams\AppData\Local\Temp\smtmp\4" C:\Users\Public\Desktop /H /I /S /Y /C >
C:\Users\Tams\AppData\Local\Temp\smtmp\4\desktop.ini
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Fiesta.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Launch School.exe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\musicmatch JUKEBOX.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\RollerCoaster Tycoon Deluxe.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\The SimsT 3.lnk
C:\Users\Tams\AppData\Local\Temp\smtmp\4\Zoo Tycoon.lnk
7 File(s) copied
C:\Users\Tams\Desktop\cmd.bat deleted successfully.
C:\Users\Tams\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.68.0 log created on 10012012_091604

 

[TechieRanger]

Nice work:2thumb:

MALWAREBYTES' ANTI-MALWARE
-------------------------------------------
Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your Desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Next

ADWCLEANER
----------------------------
Download AdwCleaner from here and save it to your desktop.

• Run AdwCleaner and select Delete.
• Once done it will ask to reboot, allow the reboot.
• On reboot a log will be produced, please attach the content of the log to your next reply.

Next

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
• Click the green ESET Online Scanner button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps):
  • Click on Download to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.exe icon on your desktop.
• Check YES, I accept the Terms of Use.
• Click the Start button.
• Accept any security warnings from your browser.
• Check Scan archives.
• Ensure that the option "Remove found threats" is Unchecked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Push the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push List of found threats.
• Push Export to text file..., and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  Note - when ESET doesn't find any threats, no report will be created.
• Push the Back button.
• Push Finish.

Next

Please post a fresh OTL scan log so I can review it.

In your next reply, please provide the following:

• MBAM log.
• AdwCleaner log.
• ESET log.
• OTL log.
• Update on how your PC is running.

Regards,

Richard:greeting:

 

[y_molina]

I'm posting the OLT log here and attaching the other logs.

Thank you,
Tammy

OTL logfile created on: 10/4/2012 3:43:51 PM - Run 2
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Tams\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.75 Gb Available Physical Memory | 70.12% Memory free
7.83 Gb Paging File | 6.57 Gb Available in Paging File | 83.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.90 Gb Total Space | 337.57 Gb Free Space | 74.87% Space Free | Partition Type: NTFS
Drive D: | 183.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 120.23 Mb Total Space | 94.04 Mb Free Space | 78.22% Space Free | Partition Type: FAT

Computer Name: TAMS-PC | User Name: Tams | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\mcafee\virusscan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McAWFwk) -- c:\Program Files\mcafee\msc\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (DellDigitalDelivery) -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MxlW2k) -- C:\Windows\SysWow64\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {41E10EB8-CA40-4091-9298-7425CCABFA95}
IE - HKCU\..\SearchScopes\{41E10EB8-CA40-4091-9298-7425CCABFA95}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/26 04:35:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/05 16:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/03/07 12:20:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tams\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2012/09/27 00:42:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120224180915.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - Startup: C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tams\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tams\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab (Launcher Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE06B0DB-24C5-4CE4-9727-3C0D9AB91FEF}: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/04 09:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/10/04 09:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/04 09:34:09 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Malwarebytes
[2012/10/04 09:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/04 09:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/04 09:33:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/10/04 09:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/27 00:49:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/27 00:45:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/27 00:42:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/27 00:40:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/26 19:18:17 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/26 19:18:16 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/26 19:18:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/26 19:18:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/26 19:18:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/26 19:18:16 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/26 19:18:16 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/26 19:18:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/26 19:18:15 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/26 19:18:15 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/26 19:18:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/26 19:18:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/26 19:18:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/26 19:18:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/26 19:18:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/18 08:30:39 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:30:38 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/14 14:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/09/14 14:29:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/09/14 13:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2012/09/14 13:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/09/14 13:48:41 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Citrix
[2012/09/12 08:28:35 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 08:28:34 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 08:28:32 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 08:28:32 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/10 21:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outspark
[2012/09/10 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Aeria Games
[2012/09/10 18:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012/09/10 18:12:54 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012/09/10 18:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012/09/10 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Tams\AppData\Local\Akamai
[2012/09/10 17:31:36 | 000,000,000 | ---D | C] -- C:\AeriaGames
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/04 15:44:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 15:43:28 | 000,001,932 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/10/04 15:43:22 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 15:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/04 15:43:10 | 3152,523,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/04 09:48:51 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 09:48:51 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 18:19:40 | 000,513,501 | ---- | M] () -- C:\Users\Tams\Desktop\AdwCleaner.exe
[2012/09/28 08:26:01 | 000,002,971 | ---- | M] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/27 00:42:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/09/26 18:37:36 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tams\Desktop\aswMBR.exe
[2012/09/26 18:36:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tams\Desktop\OTL.exe
[2012/09/24 19:43:38 | 000,001,051 | ---- | M] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 07:29:52 | 001,382,912 | ---- | M] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:42:32 | 000,080,384 | ---- | M] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:27:44 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Tams\Desktop\unhide.exe
[2012/09/18 08:27:38 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tams\Desktop\tdsskiller.exe
[2012/09/16 22:03:33 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 22:03:33 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 22:03:33 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/14 14:48:29 | 000,001,264 | ---- | M] () -- C:\Users\Tams\Desktop\Spybot - Search & Destroy.lnk
[2012/09/14 14:10:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/09/13 14:12:04 | 000,000,024 | ---- | M] () -- C:\Users\Tams\random.dat
[2012/09/13 13:52:52 | 000,000,043 | ---- | M] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/09/11 08:39:47 | 000,002,116 | ---- | M] () -- C:\Users\Tams\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/09/10 21:35:48 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 08:48:54 | 000,002,062 | ---- | M] () -- C:\Users\Tams\Documents\Default.rdp
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/04 09:39:56 | 000,513,501 | ---- | C] () -- C:\Users\Tams\Desktop\AdwCleaner.exe
[2012/09/28 08:26:01 | 000,002,971 | ---- | C] () -- C:\Users\Tams\Desktop\SI Lead Manager.lnk
[2012/09/24 19:43:38 | 000,001,051 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/20 08:57:06 | 001,382,912 | ---- | C] () -- C:\Users\Tams\Desktop\RogueKiller.exe
[2012/09/19 08:53:54 | 000,080,384 | ---- | C] () -- C:\Users\Tams\Desktop\MBRCheck.exe
[2012/09/18 08:48:17 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/18 08:48:17 | 000,002,296 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon Deluxe.lnk
[2012/09/18 08:48:17 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\musicmatch JUKEBOX.lnk
[2012/09/18 08:48:17 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/09/18 08:48:17 | 000,002,084 | ---- | C] () -- C:\Users\Public\Desktop\Zoo Tycoon.lnk
[2012/09/18 08:48:17 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Fiesta.lnk
[2012/09/18 08:48:17 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/09/18 08:48:17 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/18 08:48:17 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/09/18 08:48:17 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/18 08:48:17 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/09/18 08:48:17 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\Launch School.exe.lnk
[2012/09/18 08:48:17 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/09/18 08:48:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/09/18 08:48:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/09/18 08:48:16 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/09/18 08:48:16 | 000,000,966 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/09/18 08:48:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/09/18 08:48:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/09/18 08:48:15 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/09/18 08:48:15 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk
[2012/09/16 21:38:11 | 000,001,932 | ---- | C] () -- C:\Users\Tams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
[2012/07/26 22:05:56 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/06/09 17:26:21 | 000,002,741 | ---- | C] () -- C:\Users\Tams\.recently-used.xbel
[2012/05/22 18:07:10 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE2.dat
[2012/05/19 20:15:05 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat
[2012/05/05 14:40:03 | 000,000,044 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE1.dat
[2012/04/26 12:22:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/03/09 13:16:39 | 000,000,396 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/03/09 13:15:28 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/03/01 20:37:35 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/03/01 20:37:34 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2012/02/24 22:55:40 | 000,000,043 | ---- | C] () -- C:\Users\Tams\jagex_cl_runescape_LIVE.dat
[2012/02/24 22:55:40 | 000,000,024 | ---- | C] () -- C:\Users\Tams\random.dat
[2012/02/24 15:43:58 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\D5uninst.dll
[2012/02/24 15:43:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\IDUNINST.DLL
[2012/02/24 14:08:09 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/24 13:24:20 | 000,007,590 | ---- | C] () -- C:\Users\Tams\AppData\Local\Resmon.ResmonCfg
[2012/02/21 14:47:05 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/21 14:47:04 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/21 14:47:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/02/10 11:10:51 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

 

[TechieRanger]

C:\_OTL\MovedFiles\09272012_004248\C_ProgramData\9CB2PVYe52Lx0U.exe a variant of Win32/Kryptik.ALUS trojan

The ESET scan looks nice. This file will be removed when we remove our tools.

We will be doing some updating next.:

Please download Security Check.

• Save it to your Desktop.
• Double click on SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please Copy/paste the contents of that document.

In your next reply, please provide the following:

• Security Check log.
• Update on how your PC is running.

Regards,

Richard:greeting:

 

[y_molina]

I'm glad you thought the scan looked good. I was worried when I saw the threats.

Below is the log.

Thanks,
Tammy


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
JavaFX 2.1.0
Java(TM) 6 Update 27
Java(TM) 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Thunderbird (15.0.1)
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
mcafee VIRUSS~1 mcvsshld.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

[TechieRanger]

If you are not having any other malware problems, it is time to do our final steps:

I'm pleased to let you know that the infections seem to have been taken care of!:2thumb:

Thank you for your patience, and performing all of the procedures requested. I would also like to take this opportunity to apologize for any delay that may have occurred.

Now, we need to do some house cleaning. You have out of date programs that leave you susceptible to future malware infections, so we will be updating those as well.:cleaning:

Step 1

Create a new, clean System Restore point
-------------
Create a new, clean System Restore point which you can use in case of future system problems:

• Click Start > Right click on Computer, and select Properties.
• Click on the System Protection link, located on the left hand side panel.
• Press Create, type a name then press the Create button and once it's done press Close.

Now remove old, infected System Restore points:

• Click Start > in the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
• Select the C: drive and click OK.
• Ensure the following boxes are checked:
  • Recycle Bin
  • Temporary Files
  • Temporary Internet Files
    
• Select the Clean Up System Files button.
• Select the C: drive and click OK.
• Select the More Options tab and under System Restore and Shadow Copies, click the Clean up button.
• Select Delete, press Delete Files and OK to confirm.

Step 2

OTL CleanUp and Leftover Tool/Log Removal

Run OTL.exe

• Click the green CleanUp! button on the OTL start screen.
• Accept any prompts to let the program proceed.
• This will remove any tools we used, including itself, and will require a reboot.

Leftover Tool/Log Removal

Please remove the following logs/tools left on your Desktop (Right click and delete them.):


SecurityCheck.exe
checkup.txt
AdwCleaner[S1].txt
esetscan.txt
mbam-log-2012-10-04 (09-34-41).txt
listparts64.exe
Result.txt
fix.txt
MBR.dat
MBR.zip


After deleting these, please empty your Recycle Bin. To do this navigate to your Desktop, right click on the Recycle Bin icon and select Empty Recycle Bin.

Step 3

Re-hide hidden files

• Open the Control Panel, click Appearance and Personalization, and then click Folder Options.
• Click the View tab.
• Under Advanced settings, click Don't show hidden files, folders, or drives, and then click OK.

Step 4

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

Please Verify your Java Version

If your version is out of date, install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Remove any older versions:

• Click on Start > Control Panel.
• Click on Programs and Features.
• Select the following from the list:
  
  
  Java(tm) 6 Update 27 (64-bit)
  Java(tm) 6 Update 27
  Java(tm) 7 Update 4
  
  
• Click the Uninstall button.

Step 5

Clean out your Temporary files

Download TFC by OldTimer to your Desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator.

TFC will close all programs when run, so make sure you have saved all your work before you begin.

• Click the Start button to begin the cleaning process.
• Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
• Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

Step 6

Update your AntiVirus Software

It is imperative that you update your antivirus software at least once a week. The best solution is to enable automatic updates. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.

Please see below for tips on how to better protect your computer from future malware infections.

--------------------------------------------------------------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.


Passwords
It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them and consider a password keeper, to keep all your passwords safe.


SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• • How Did I Get Infected In The First Place? by TonyKlein
    [*]How to Prevent Malware by miekiemoes
  • PC Safety and Security--What Do I Need?

Malwarebyte's Anti-Malware

Malwarebyte's Anti-Malware is an excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Emergency Recovery Utility NT

You should keep a copy of ERUNT installed as a means to create a complete backup of your registry and restore it when needed.

Make your Internet Explorer more secure

Please follow these instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next, press the Apply button and then the OK to exit the Internet Properties page.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

• WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an add-on available for both Firefox and IE.​

• SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites. See tutorial herehttp://www.bleepingcomputer.com/tutorials/tutorial49.html

Follow this list and keep your antivirus program and antispyware programs updated and scan with them on a regular basis. By doing so, your potential for being infected again will reduce dramatically.

Hopefully this should take care of your problems! Good luck.

Do you have any questions to ask? Please do not hesitate to do so.



Regards,

Richard:greeting:

 

[y_molina]

Ok I think I have done everything.

They wanted me to pay for my antivirus so I went ahead unintalled it and downloaded Microsoft Security Essentials. I hope that is OK.

I so appreciate the time you spend on helping me! You explained things very well and step by step. I hope, with the tools that you gave me to download, that I won't have to bug you again.

Thanks!
Tammy

 

[TechieRanger]

You're very welcome!:

I think Microsoft Security Essentials is a great choice for protection.:2thumb:



Regards,

Richard:greeting:

 

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed.