Virus, Hard drive or Both

Question

tjeckley 0 Light Poster

12 Years Ago

Hello All:

It appeared that I had downloaded a virus this morning while working on my PC. I have been having intermittent issues with RAM, I believe...PC would freeze on occassion or boot up to blue screen. However got some virus notices from NOD32 and the Windows XP Repair kicked in. I kept getting repeated messages of various errors on the hard drive so scans would get interrupted and would have to shut down. I am now booted in safe mode on the suspect PC...I am sending this from a different PC. Should I attempt troubleshooting in any way in safe mode? Would system restore help out in any way? Running Windows XP Pro on a Dell. Not sure if this is repairable :(

windows-virus

2 Contributors
15 Replies
532 Views
2 Days Discussion Span
Latest Post 12 Years Ago Latest Post by crunchie

All 15 Replies

crunchie 990 Most Valuable Poster

12 Years Ago

Try following the sticky at the head of the forum and we will then go about eliminating malware.
If possible, do all the scans in normal mode, not safe mode.

crunchie 990 Most Valuable Poster

12 Years Ago

No worries. I'll be here :).
Do not play with system restore until we are finished.

crunchie 990 Most Valuable Poster

12 Years Ago

Try deleting all the problematic shortcuts and then re-create them and see how they are then.

========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

crunchie 990 Most Valuable Poster

12 Years Ago

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files

:OTL
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

===================

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document in your next reply.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

tjeckley 0 Light Poster · Answer 1 · 2011-07-06T17:15:39+00:00

I had been unable to do anything in normal mode so I started in safe mode. After researching further - specifically what I have is the "Windows XP Repair" Trojan. I was a little concerned because I read not to delete the temps folder when you have this on your PC and I believe that is what one of the programs in the sticky did. Perhaps once all the nasties are removed a system restore will help? I will post again once all the scans are completed etc. I will try to go back to normal mode and do there as well.

Try following the sticky at the head of the forum and we will then go about eliminating malware.
If possible, do all the scans in normal mode, not safe mode.

tjeckley 0 Light Poster · Answer 2 · 2011-07-07T06:30:33+00:00

Took some doing because I scanned in safe mode first and then did the same once I was able to boot in normal mode. I followed all the instructions in the sticky in normal mode. Computer seems to be functioning - the virus removed items from my folders so I checked the options in control panel to view the folders and now my missing shortcuts appear but they are in a faded coloring on the desktop - though it appears they are functional. Here are the LOGS:

MBA-M LOG:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7035

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07-06-11 7:52:59 PM
mbam-log-2011-07-06 (19-52-59).txt

Scan type: Full scan (C:\|)
Objects scanned: 346962
Time elapsed: 1 hour(s), 22 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{45b5e8b9-949a-471e-999d-f381da56a2d3}\RP759\A0087728.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45b5e8b9-949a-471e-999d-f381da56a2d3}\RP759\A0087726.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{45b5e8b9-949a-471e-999d-f381da56a2d3}\RP759\A0087727.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER One LOG:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-07-06 13:41:34
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HDP725050GLA360 rev.GM4OA5BA
Running: o8ue0n6s.exe; Driver: C:\DOCUME~1\TAMIEC~1\LOCALS~1\Temp\uxtdqpob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- EOF - GMER 1.0.15 ----

GMER Two LOG:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-06 17:08:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HDP725050GLA360 rev.GM4OA5BA
Running: o8ue0n6s.exe; Driver: C:\DOCUME~1\TAMIEC~1\LOCALS~1\Temp\uxtdqpob.sys

---- System - GMER 1.0.15 ----

SSDT 8A44EC90 ZwAssignProcessToJobObject
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF74D787E]
SSDT 8A44F200 ZwDebugActiveProcess
SSDT 8A44F2F0 ZwDuplicateObject
SSDT 8A44E590 ZwOpenProcess
SSDT 8A44E800 ZwOpenThread
SSDT 8A44EFD0 ZwProtectVirtualMemory
SSDT 8A44F0E0 ZwQueueApcThread
SSDT 8A44EEC0 ZwSetContextThread
SSDT 8A44ED90 ZwSetInformationThread
SSDT 8A44BDA0 ZwSetSecurityObject
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF74D7BFE]
SSDT 8A44EB90 ZwSuspendProcess
SSDT 8A44EA80 ZwSuspendThread
SSDT 8A44E6E0 ZwTerminateProcess
SSDT 8A44EA50 ZwTerminateThread
SSDT 8A44F6D0 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \FileSystem\Fastfat \Fat A924BD20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

DDS Text LOG:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Tami Eckley at 20:09:54 on 2011-07-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.1996 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SelectRebates\SelectRebates.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Upromise\dca-ua.exe
C:\Program Files\Upromise\UpromiseTray.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.waldolib.org/
uSearch Page = hxxp://www.live.com
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\bing toolbar\tbhelper.dll
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\family toolbar\tbhelper.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: DCA BHO: {b49699fc-1665-4414-a1cb-c4a2a4a13eec} - c:\program files\upromise\dca-bho.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - c:\program files\family toolbar\mhxpcomi.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar1.dll
BHO: Upromise TurboSaver: {edc0f17f-f4b7-47e4-b73e-887faeb376fa} - c:\program files\upromise\upromisetoolbar.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: TBSB05974 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\bing toolbar\tbcore3.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\DealioToolbarIE.dll
TB: Bing Toolbar: {10000000-1000-1000-1000-100000000000} - c:\program files\bing toolbar\tbcore3.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar1.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Upromise TurboSaver: {06e58e5e-f8cb-4049-991e-a41c03bd419e} - c:\program files\upromise\upromisetoolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Upromise Update] c:\program files\upromise\dca-ua.exe
uRun: [Upromise Tray] c:\program files\upromise\UpromiseTray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SelectRebates] c:\program files\selectrebates\SelectRebates.exe
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
StartupFolder: c:\docume~1\tamiec~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\tamiec~1\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - c:\program files\upromise\upromisetoolbar.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248375549578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{DF101E63-E37B-4204-A34C-D148114298BA} : DhcpNameServer = 167.206.251.129 167.206.251.130
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - c:\program files\family toolbar\mhxpcomi.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tami eckley\application data\mozilla\firefox\profiles\pdowa7f4.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - component: c:\documents and settings\tami eckley\application data\mozilla\firefox\profiles\pdowa7f4.default\extensions\{896642e4-c556-4ed3-85d1-9ac431603e7d}\components\Engine.dll
FF - component: c:\program files\mozilla firefox\extensions\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}\components\mhxpcom.dll
FF - component: c:\program files\msn toolbar\platform\5.0.1423.0\firefox\components\DomBridge.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Family Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\mozilla firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ShopAtHome.com Intelligent Shopping Toolbar: toolbar@shopathome.com - %profile%\extensions\toolbar@shopathome.com
FF - Ext: Bing Toolbar: {896642E4-C556-4ED3-85D1-9AC431603E7D} - %profile%\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-25 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151640]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2009-7-31 14976]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-9-28 1956136]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2280312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-21 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-21 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-6 39984]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-06 21:20:36 -------- d-----w- c:\documents and settings\tami eckley\application data\Malwarebytes
2011-07-06 21:20:25 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 21:20:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-06 21:20:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 21:20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-06 21:19:44 9435312 ----a-w- c:\program files\mbam-setup.exe
2011-07-06 13:37:43 13487560 ----a-w- c:\program files\windows-kb890830-v3.20.exe
2011-06-20 23:27:14 183696 ---ha-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-17 17:06:56 499712 ----a-w- c:\windows\iwexec.exe
2011-06-17 17:06:55 -------- d-----w- c:\program files\TC Web Conferencing
2011-06-17 17:06:38 4115944 ----a-w- c:\program files\webconferenceplugin.exe
2011-06-14 18:24:14 -------- d-----w- c:\windows\SxsCaPendDel
2011-06-14 18:04:54 105472 -c----w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-07-05 16:41:47 26112 ----a-w- c:\windows\system32\userinit.exe
2011-06-28 22:51:29 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-20 00:25:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 16:36:20 387600 ----a-w- c:\windows\system32\FTBSaver.scr
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-03-24 03:10:06 148725515 ----a-w- c:\program files\MFC-7820N-inst-B2-en.EXE
2010-04-08 15:13:00 9577800 ----a-w- c:\program files\winzip121.exe
2009-07-24 22:23:10 3142656 ----a-w- c:\program files\WRT54GSv3_4.71.4.001_fw,2.bin
.
============= FINISH: 20:10:43.84 ===============
DDS Attach.Txt LOG:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 07-24-09 11:05:05 AM
System Uptime: 07-06-11 7:54:34 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U880P
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | CPU 1 | 2992/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 394.589 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 112 GiB total, 98.173 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP660: 04-06-11 8:41:50 PM - System Checkpoint
RP661: 04-07-11 9:12:37 PM - System Checkpoint
RP662: 04-08-11 10:04:31 PM - System Checkpoint
RP663: 04-09-11 10:22:45 PM - System Checkpoint
RP664: 04-10-11 10:24:51 PM - System Checkpoint
RP665: 04-11-11 11:54:38 PM - System Checkpoint
RP666: 04-13-11 12:06:37 AM - System Checkpoint
RP667: 04-13-11 9:43:27 AM - Software Distribution Service 3.0
RP668: 04-14-11 4:00:01 PM - System Checkpoint
RP669: 04-15-11 4:24:59 PM - System Checkpoint
RP670: 04-16-11 5:08:14 PM - System Checkpoint
RP671: 04-17-11 6:14:06 PM - System Checkpoint
RP672: 04-18-11 10:25:38 PM - System Checkpoint
RP673: 04-19-11 11:02:05 PM - System Checkpoint
RP674: 04-20-11 7:39:00 PM - Software Distribution Service 3.0
RP675: 04-21-11 9:52:26 AM - Removed WinZip 15.0
RP676: 04-21-11 9:52:42 AM - Installed WinZip 15.5
RP677: 04-22-11 10:09:24 AM - System Checkpoint
RP678: 04-25-11 8:14:32 AM - System Checkpoint
RP679: 04-26-11 9:01:26 AM - System Checkpoint
RP680: 04-27-11 10:13:56 AM - System Checkpoint
RP681: 04-28-11 3:00:15 AM - Software Distribution Service 3.0
RP682: 04-29-11 3:11:32 AM - System Checkpoint
RP683: 04-30-11 4:23:33 AM - System Checkpoint
RP684: 05-01-11 5:35:33 AM - System Checkpoint
RP685: 05-02-11 8:46:46 AM - System Checkpoint
RP686: 05-03-11 2:22:36 PM - System Checkpoint
RP687: 05-04-11 4:28:01 PM - System Checkpoint
RP688: 05-05-11 5:09:02 PM - System Checkpoint
RP689: 05-06-11 5:45:01 PM - System Checkpoint
RP690: 05-07-11 8:09:24 PM - System Checkpoint
RP691: 05-08-11 9:03:50 PM - System Checkpoint
RP692: 05-09-11 9:04:56 PM - System Checkpoint
RP693: 05-10-11 9:34:24 PM - System Checkpoint
RP694: 05-11-11 11:15:52 PM - System Checkpoint
RP695: 05-12-11 3:00:17 AM - Software Distribution Service 3.0
RP696: 05-13-11 3:07:42 AM - System Checkpoint
RP697: 05-14-11 3:29:05 AM - System Checkpoint
RP698: 05-15-11 5:05:05 AM - System Checkpoint
RP699: 05-16-11 6:53:03 AM - System Checkpoint
RP700: 05-17-11 7:05:05 AM - System Checkpoint
RP701: 05-18-11 7:50:39 AM - System Checkpoint
RP702: 05-19-11 8:12:26 AM - System Checkpoint
RP703: 05-20-11 8:59:54 AM - System Checkpoint
RP704: 05-21-11 11:07:18 AM - System Checkpoint
RP705: 05-22-11 1:47:54 PM - System Checkpoint
RP706: 05-23-11 10:28:59 AM - Software Distribution Service 3.0
RP707: 05-24-11 3:34:04 PM - System Checkpoint
RP708: 05-25-11 3:36:53 PM - System Checkpoint
RP709: 05-26-11 3:38:30 PM - System Checkpoint
RP710: 05-27-11 4:35:30 PM - System Checkpoint
RP711: 05-28-11 6:38:18 PM - System Checkpoint
RP712: 05-29-11 7:18:30 PM - System Checkpoint
RP713: 05-30-11 8:11:29 PM - System Checkpoint
RP714: 05-31-11 9:24:48 PM - System Checkpoint
RP715: 06-01-11 9:50:02 PM - System Checkpoint
RP716: 06-02-11 11:36:00 PM - System Checkpoint
RP717: 06-04-11 1:11:30 AM - System Checkpoint
RP718: 06-05-11 3:05:38 AM - System Checkpoint
RP719: 06-06-11 6:39:46 AM - System Checkpoint
RP720: 06-07-11 7:06:45 AM - System Checkpoint
RP721: 06-08-11 7:26:53 AM - System Checkpoint
RP722: 06-09-11 8:04:44 AM - System Checkpoint
RP723: 06-10-11 9:06:20 AM - System Checkpoint
RP724: 06-11-11 10:53:36 AM - System Checkpoint
RP725: 06-12-11 11:52:31 AM - System Checkpoint
RP726: 06-13-11 12:36:20 PM - System Checkpoint
RP727: 06-14-11 8:09:56 AM - Installed VBCalculatorSetup
RP728: 06-14-11 12:36:38 PM - Removed VBCalculatorSetup
RP729: 06-14-11 12:36:54 PM - Removed VBFunctionCounterSetup
RP730: 06-14-11 12:41:50 PM - Installed VBCalculatorSetup
RP731: 06-14-11 1:53:56 PM - Removed VBCalculatorSetup
RP732: 06-14-11 1:55:57 PM - Installed VBCalculatorSetup
RP733: 06-14-11 2:01:12 PM - Installed FileMoverSetup
RP734: 06-14-11 2:01:26 PM - Installed VBFTPProgramSetup
RP735: 06-14-11 2:01:39 PM - Installed VBFunctionCounterSetup
RP736: 06-14-11 2:06:50 PM - Software Distribution Service 3.0
RP737: 06-15-11 6:57:35 AM - Software Distribution Service 3.0
RP738: 06-16-11 7:30:03 AM - System Checkpoint
RP739: 06-17-11 8:54:03 AM - System Checkpoint
RP740: 06-18-11 9:03:50 AM - System Checkpoint
RP741: 06-19-11 9:29:00 AM - System Checkpoint
RP742: 06-20-11 10:35:35 AM - System Checkpoint
RP743: 06-21-11 5:42:09 PM - System Checkpoint
RP744: 06-22-11 10:18:31 AM - Removed VBCalculatorSetup
RP745: 06-22-11 10:19:56 AM - Installed VBCalculatorSetup
RP746: 06-22-11 5:59:51 PM - Removed VBCalculatorSetup
RP747: 06-22-11 6:00:36 PM - Installed VBCalculatorSetup
RP748: 06-23-11 6:21:50 PM - System Checkpoint
RP749: 06-24-11 9:35:00 PM - System Checkpoint
RP750: 06-25-11 10:07:23 PM - System Checkpoint
RP751: 06-27-11 12:30:17 AM - System Checkpoint
RP752: 06-28-11 2:06:18 AM - System Checkpoint
RP753: 06-29-11 3:00:15 AM - Software Distribution Service 3.0
RP754: 06-29-11 8:16:06 AM - Software Distribution Service 3.0
RP755: 06-30-11 7:29:15 PM - System Checkpoint
RP756: 07-01-11 9:22:14 PM - System Checkpoint
RP757: 07-02-11 9:25:46 PM - System Checkpoint
RP758: 07-03-11 10:49:45 PM - System Checkpoint
RP759: 07-04-11 11:20:50 PM - System Checkpoint
RP760: 07-06-11 6:52:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Ad-Aware
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Illustrator 8.0
Adobe Illustrator CS2
Adobe Media Player
Adobe Reader X (10.1.0)
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Artisteer 2
AvailabilityEngineSetup
Avery Wizard 3.1
Bing Bar
Bing Bar Platform
Bing Toolbar
Bonjour
BounceBack Professional
Brother MFL-Pro Suite
BufferChm
Comic Life
Computer Requirements 1.0
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Panorama1Config
CueTour
CuteFTP 8 Professional
Dealio Toolbar v4.0
Dell Dock
Dell Driver Reset Tool
Dell System Restore
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
ESET NOD32 Antivirus
eSupportQFolder
Express Dictate
Express Scribe
Family Toolbar
FileMoverSetup
FullDPAppQFolder
Gadwin PrintScreen
GeForms 1.8
Google Update Helper
GoToMeeting 4.5.0.457
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 5400 series
HP Image Zone 5.0
HP Imaging Device Functions 5.0
HP Print Diagnostic Utility
HP Product Assistant
HP Solution Center & Imaging Support Tools 5.0
HP Update
HPDeskjet5400Series
HPProductAssistant
Ignotius Associates Program Demo
InstantShareDevices
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
KeyBlaze Typing Tutor
Macromedia Dreamweaver 3
Macromedia Fireworks 3
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft FrontPage 2002
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Miro
MobileMe Control Panel
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
MyHeritage Family Tree Builder
MySQL Connector/ODBC 5.1
oDesk Team
OGA Notifier 2.0.0048.0
Opera 11.11
OverDrive Media Console
Palm
PaperPort
PhotoGallery
PowerDVD DX
QuickBooks Premier: Retail Edition 2004
QuickBooks Remote Access
QuickTime
RandMap
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sesame Street Letters
Sesame Street Numbers
ShopAtHome.com Toolbar
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
Stellar Phoenix Outlook PST Repair v3.0
TC Web Conferencing
TeamViewer 5
TeamViewer 6
The Weather Channel Desktop 6
TrayApp
Unload
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Upromise TurboSaver (remove only)
VBCalculatorSetup
VBFTPProgramSetup
VBFunctionCounterSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WinZip 15.5
XML Paper Specification Shared Components Pack 1.0
Zoo Tycoon 2 - Zookeeper Collection
Zoo Tycoon: Complete Collection
.
==== Event Viewer Messages From Past Week ========
.
07-06-11 1:51:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
07-05-11 8:00:28 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ehdrv Fips intelppm
07-05-11 3:18:41 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
07-05-11 3:17:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
07-05-11 2:53:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
07-05-11 2:35:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
07-05-11 2:34:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
07-05-11 2:34:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07-05-11 2:33:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
07-05-11 2:33:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
07-05-11 2:33:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
07-05-11 2:33:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07-05-11 2:33:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
07-05-11 2:33:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07-05-11 2:33:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07-05-11 2:29:34 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
07-05-11 2:29:34 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07-05-11 2:28:53 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
07-05-11 12:37:48 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 805c3187, parameter3 aab44a48, parameter4 00000000.
07-05-11 12:37:31 PM, error: Service Control Manager [7038] - The RemoteRegistry service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: Access is denied. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
07-05-11 12:37:31 PM, error: Service Control Manager [7000] - The Remote Registry service failed to start due to the following error: The service did not start due to a logon failure.
07-05-11 1:19:28 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
07-05-11 1:19:28 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07-02-11 4:33:31 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 00256402FF80 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
06-29-11 3:18:29 AM, error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

tjeckley 0 Light Poster · Answer 3 · 2011-07-07T18:12:07+00:00

OTL.TXT In this Reply. I will reply separately with the other.

OTL logfile created on: 07-07-11 7:51:17 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Tami Eckley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM-dd-yy

3.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 66.02% Memory free
6.84 Gb Paging File | 5.94 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

========== Processes (SafeList) ==========

PRC - [2011-07-07 07:48:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
PRC - [2011-04-15 05:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011-04-15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010-12-14 11:10:36 | 000,241,360 | ---- | M] (Upromise, Inc.) -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2010-12-02 15:22:46 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Upromise\dca-ua.exe
PRC - [2010-11-01 16:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010-09-22 19:11:26 | 000,640,440 | -H-- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010-09-14 02:58:33 | 001,956,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010-06-04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009-05-14 15:47:54 | 000,731,840 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-05-14 15:47:08 | 002,029,640 | -H-- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-02-27 16:10:16 | 001,316,192 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2009-02-04 22:26:38 | 000,128,232 | -H-- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008-12-18 14:05:28 | 000,155,648 | -H-- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008-04-14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-01-07 17:30:56 | 000,864,256 | -H-- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2011-07-07 07:48:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
MOD - [2010-08-23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-06-28 07:19:39 | 002,151,640 | -H-- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-04-15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-09-14 02:58:33 | 001,956,136 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009-09-03 08:16:35 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-05-14 15:54:22 | 000,020,680 | -H-- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-05-14 15:47:54 | 000,731,840 | -H-- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008-12-18 14:05:28 | 000,155,648 | -H-- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-10-27 04:55:50 | 005,524,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-07-12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-07-06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-07-28 22:47:48 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009-05-14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009-05-14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-05-14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-03-04 18:14:22 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-07-20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2004-02-23 09:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.waldolib.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.waldolib.org/
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Bing Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.1
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.1.1.0
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010-10-26 07:52:52 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-23 18:26:31 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-20 19:27:19 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-07-23 13:52:53 | 000,000,000 | -H-D | M]

[2009-09-26 16:39:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Extensions
[2010-12-05 16:02:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions
[2010-11-14 20:26:09 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-01-17 20:50:02 | 000,000,000 | -H-D | M] (Bing Toolbar) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010-12-05 16:02:25 | 000,000,000 | -H-D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions\toolbar@shopathome.com
[2010-11-14 20:18:59 | 000,001,844 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\searchplugins\bing-ff.xml
[2010-11-14 20:36:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-21 13:07:01 | 000,000,000 | -H-D | M] (Family Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2009-07-14 17:29:48 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-11-19 18:16:28 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009-11-19 18:16:29 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010-09-21 13:06:51 | 000,003,803 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2008-04-14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Bing Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Bing Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Bing Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe (Upromise, Inc.)
O4 - HKCU..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe (Compete, Inc.)
O4 - Startup: C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248375549578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-11 19:15:00 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-01-19 12:29:07 | 000,000,000 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011-07-07 07:48:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
[2011-07-06 20:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Administrative Tools
[2011-07-06 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Application Data\Malwarebytes
[2011-07-06 17:20:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-07-06 17:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-06 17:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-07-06 17:20:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-07-06 17:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-06 17:19:44 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2011-07-06 09:37:43 | 013,487,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.20.exe
[2011-07-06 09:36:19 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Tami Eckley\Desktop\dds.scr
[2011-07-05 20:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-07-05 16:05:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tami Eckley\Recent
[2011-07-05 14:39:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Recaptured
[2011-07-05 14:39:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\SY11-Cycle 7 Renewals
[2011-07-05 14:39:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\WALDO RENEWALS
[2011-07-05 12:52:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Windows XP Repair
[2011-06-24 19:49:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\CAR-SY11-Cycle 8
[2011-06-24 19:49:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\CQR-SY11-Cycle 8
[2011-06-21 20:56:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Custom Admin Rate Reports 6-21-2011 20-54-37
[2011-06-21 19:35:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\SY11-Cycle 8
[2011-06-21 10:35:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Custom Quote Reports 6-21-2011 10-35-17
[2011-06-17 13:06:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Start Menu\Programs\TC Web Conferencing
[2011-06-17 13:06:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\My Documents\My Conference Recordings
[2011-06-17 13:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\TC Web Conferencing
[2011-06-15 12:03:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Custom Quote Reports 4-12-2011 13-58-29
[2011-06-14 14:24:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011-03-23 23:08:57 | 148,725,515 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\MFC-7820N-inst-B2-en.EXE
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-07-07 07:48:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
[2011-07-07 07:44:10 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C08C4F6-46D1-4FE0-92E9-87A56E5413D3}.job
[2011-07-07 07:43:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-07-07 07:43:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-07 07:41:23 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-07 07:41:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-07 07:41:15 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-06 22:05:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-06 17:20:25 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:20:25 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:19:50 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2011-07-06 17:11:11 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Latest version-updated 5-31-Update error with Proxy mode - Malwarebytes Forum.url
[2011-07-06 09:36:47 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\o8ue0n6s.exe
[2011-07-06 09:36:21 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Tami Eckley\Desktop\dds.scr
[2011-07-06 09:34:04 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Shortcut to iexplore.exe.lnk
[2011-07-05 15:22:23 | 000,000,817 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-07-05 14:30:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-07-05 14:30:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-07-05 12:52:57 | 000,000,817 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Windows XP Repair.lnk
[2011-07-05 12:52:56 | 000,000,240 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16375588
[2011-07-05 12:52:56 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
[2011-07-05 12:52:47 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\16375588
[2011-06-30 14:02:17 | 000,000,178 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Sweepstakes.url
[2011-06-28 18:51:29 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-06-17 21:17:40 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011-06-17 13:06:56 | 000,000,622 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\My Conference Recordings.lnk
[2011-06-17 13:06:54 | 000,499,712 | ---- | M] () -- C:\WINDOWS\iwexec.exe
[2011-06-17 13:06:50 | 004,115,944 | ---- | M] () -- C:\Program Files\webconferenceplugin.exe
[2011-06-15 11:14:07 | 000,000,286 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Wappingers Central School District Central Registration.url
[2011-06-14 14:46:15 | 000,000,339 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2011-06-14 14:43:17 | 000,000,776 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\MyHeritage Family Tree Builder.lnk
[2011-06-14 14:22:16 | 000,528,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-14 14:22:16 | 000,096,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-14 14:20:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-06-14 12:38:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ka.ini
[2011-06-14 12:37:34 | 000,000,039 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011-06-09 06:35:50 | 000,000,412 | -H-- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Participation Fees for Community Colleges (U.S. and International) JSTOR.url
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-07-06 17:20:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:20:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:11:11 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Latest version-updated 5-31-Update error with Proxy mode - Malwarebytes Forum.url
[2011-07-06 09:36:45 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\o8ue0n6s.exe
[2011-07-06 09:34:04 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Shortcut to iexplore.exe.lnk
[2011-07-06 09:27:44 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2011-07-05 15:18:07 | 000,000,817 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-07-05 12:52:56 | 000,000,817 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Windows XP Repair.lnk
[2011-07-05 12:52:56 | 000,000,240 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
[2011-07-05 12:52:56 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
[2011-07-05 12:52:47 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
[2011-06-30 14:02:17 | 000,000,178 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Sweepstakes.url
[2011-06-17 13:06:56 | 000,499,712 | ---- | C] () -- C:\WINDOWS\iwexec.exe
[2011-06-17 13:06:56 | 000,000,622 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\My Conference Recordings.lnk
[2011-06-17 13:06:51 | 004,942,953 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\webconferenceplugin.exe
[2011-06-17 13:06:38 | 004,115,944 | ---- | C] () -- C:\Program Files\webconferenceplugin.exe
[2011-06-15 11:14:07 | 000,000,286 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Wappingers Central School District Central Registration.url
[2011-06-14 12:37:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011-05-11 06:55:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-05-11 06:55:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-03-23 23:13:59 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2011-03-23 23:13:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011-03-23 23:13:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011-02-25 18:00:35 | 000,068,224 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-12-28 20:56:35 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2010-12-28 18:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010-11-21 17:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010-09-06 11:15:16 | 000,000,339 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2010-09-06 11:13:03 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2010-09-01 17:45:26 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010-04-08 11:13:00 | 009,577,800 | ---- | C] () -- C:\Program Files\winzip121.exe
[2010-03-12 13:36:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2010-03-12 13:22:56 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2010-03-12 13:21:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010-01-29 23:43:50 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2010-01-29 23:43:50 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2009-12-11 12:10:39 | 000,000,134 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Local Settings\Application Data\fusioncache.dat
[2009-12-10 11:23:09 | 000,079,253 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009-12-10 11:23:09 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009-10-27 14:42:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009-10-27 14:12:20 | 480,371,220 | ---- | C] () -- C:\Program Files\IllustratorCS2.zip
[2009-09-26 16:39:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-09-20 10:49:23 | 000,011,201 | ---- | C] () -- C:\Program Files\Freshmedia.zip
[2009-09-15 14:43:06 | 000,004,608 | -H-- | C] () -- C:\Documents and Settings\Tami Eckley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-03 09:25:06 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2009-08-28 12:32:05 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009-08-28 12:31:48 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009-08-20 09:25:21 | 001,250,741 | ---- | C] () -- C:\Program Files\HypatiaSansPro.zip
[2009-08-20 07:40:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009-08-20 07:40:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009-08-01 10:37:19 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2009-08-01 10:04:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009-07-31 18:35:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe
[2009-07-28 21:31:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-07-28 21:31:19 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009-07-28 21:31:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009-07-28 21:31:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009-07-28 21:31:15 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009-07-28 21:23:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-07-28 18:21:48 | 000,000,823 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009-07-28 18:21:48 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009-07-28 18:21:48 | 000,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009-07-28 18:21:48 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-07-28 18:14:49 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009-07-25 19:09:50 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-07-24 18:23:20 | 001,878,465 | ---- | C] () -- C:\Program Files\WRT54GS_SetupWizard,0.zip
[2009-07-24 18:23:08 | 003,142,656 | ---- | C] () -- C:\Program Files\WRT54GSv3_4.71.4.001_fw,2.bin
[2009-07-23 15:13:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-07-14 20:20:33 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009-07-14 20:20:33 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009-07-14 20:20:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009-07-14 20:20:30 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-07-14 20:20:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009-07-14 20:19:58 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009-07-14 17:37:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-08-05 17:14:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008-05-26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008-04-25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-04-25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-04-25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008-04-25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-25 12:16:22 | 000,528,008 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-04-25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-25 12:16:22 | 000,096,812 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-04-25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008-04-25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008-04-25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008-04-25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-25 05:22:39 | 000,004,370 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-04-25 05:21:52 | 002,218,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005-04-27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2002-03-04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009-07-23 13:52:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-07-23 14:48:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009-07-28 22:53:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010-09-06 11:18:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009-09-26 07:31:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009-07-28 18:14:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010-01-17 20:49:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2009-07-14 17:32:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011-04-21 09:53:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011-02-23 18:35:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-10-10 13:13:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-07-28 01:55:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2009-09-15 01:47:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Artisteer
[2009-09-15 10:53:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009-07-24 13:28:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Dealio
[2009-09-14 10:37:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Desktopicon
[2009-07-23 14:48:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\GlobalSCAPE
[2010-01-17 21:10:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\gtk-2.0
[2009-07-28 22:47:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\HotSync
[2009-07-28 22:57:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Leadertech
[2011-06-14 14:43:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\MyHeritage
[2009-09-26 07:31:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\NCH Swift Sound
[2010-10-03 20:26:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Opera
[2010-11-18 19:08:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\OverDrive
[2010-01-17 20:50:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Participatory Culture Foundation
[2009-08-20 07:39:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\ScanSoft
[2009-07-24 13:28:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Search Settings
[2011-05-10 11:57:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\TeamViewer
[2010-09-06 11:13:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\The Complete Genealogy Reporter - FTB
[2010-05-24 10:53:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Uniblue
[2011-01-31 09:08:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\upromise
[2009-07-14 17:29:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Windows Desktop Search
[2009-07-26 00:42:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Windows Live Writer
[2009-07-24 11:33:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Windows Search
[2011-07-07 07:43:30 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-07-07 07:44:10 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C08C4F6-46D1-4FE0-92E9-87A56E5413D3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007-11-07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AGP440.SYS >
[2008-04-14 08:00:00 | 020,056,462 | -H-- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008-04-14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008-04-14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008-04-14 08:00:00 | 020,056,462 | -H-- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008-04-14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008-04-14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008-04-25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008-04-25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008-04-25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< >

< End of report >

tjeckley 0 Light Poster · Answer 4 · 2011-07-07T18:13:02+00:00

OTL EXTRAS.TXT:

OTL Extras logfile created on: 07-07-11 7:51:17 AM - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\Tami Eckley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM-dd-yy

3.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 66.02% Memory free
6.84 Gb Paging File | 5.94 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 455.96 Gb Total Space | 394.71 Gb Free Space | 86.57% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 98.17 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: WALDO | User Name: Tami Eckley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management 
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In) 

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe" = C:\Program Files\GlobalSCAPE\CuteFTP 8 Professional\ftpte.exe:*:Enabled:FTP Transfer Engine -- (GlobalSCAPE, Inc.)
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe" = C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader -- ()
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0030188A-533E-42EE-9837-E044F10E4369}" = Palm
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2b02f825-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier: Retail Edition 2004
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2ED262CA-34C8-45D0-9D62-417E5EE1BE0E}" = VBFTPProgramSetup
"{2EEBAC31-3EEF-4118-91CB-1A286A507DB2}" = ESET NOD32 Antivirus
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5DE26B17-3660-4EC5-87BF-A966BA5049FA}" = VBFunctionCounterSetup
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EB39AA7-4019-4550-AF6C-BE51BB27B446}" = TC Web Conferencing
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Professional
"{9763081C-F644-4933-8618-047693E848DE}" = FileMoverSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat  9 Standard
"{AC76BA86-1033-0000-BA7E-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat  9 Standard
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BA3582A0-2DE0-4DB8-8B74-CD34AC193F9B}_is1" = Computer Requirements 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EBD63E08-F425-4CDC-BC97-3F2A2472FA62}" = VBCalculatorSetup
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F7614629-C17B-4434-849E-BD651F249530}" = AvailabilityEngineSetup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 8.0" = Adobe Illustrator 8.0
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Artisteer 2" = Artisteer 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Editions" = Adobe Digital Editions
"Express" = Express Dictate
"Family Toolbar" = Family Toolbar
"Family Tree Builder" = MyHeritage Family Tree Builder
"Gadwin PrintScreen" = Gadwin PrintScreen
"GeForms 1.8" = GeForms 1.8
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Photo & Imaging" = HP Image Zone 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"ie8" = Windows Internet Explorer 8
"Ignotius Associates Program Demo1.2.4.7" = Ignotius Associates Program Demo
"InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"KeyBlaze" = KeyBlaze Typing Tutor
"Letters" = Sesame Street Letters
"Macromedia Dreamweaver 3" = Macromedia Dreamweaver 3
"Macromedia Fireworks 3" = Macromedia Fireworks 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Miro" = Miro
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWebExPC" = QuickBooks Remote Access
"Numbers" = Sesame Street Numbers
"Opera 11.11.2109" = Opera 11.11
"PROR" = Microsoft Office Professional 2007
"Scribe" = Express Scribe
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Stellar Phoenix Outlook PST Repair_is1" = Stellar Phoenix Outlook PST Repair v3.0
"TBSB05974.TBSB05974Toolbar" = Bing Toolbar
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Unlocker" = Unlocker 1.8.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoo Tycoon 1.0" = Zoo Tycoon: Complete Collection

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"oDVT" = oDesk Team
"Upromise TurboSaver" = Upromise TurboSaver (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07-06-11 2:16:05 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:16:06 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:16:06 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:16:06 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:16:06 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:16:06 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:16:06 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:21:58 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:21:58 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

Error - 07-06-11 2:26:00 PM | Computer Name = WALDO | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\TAMI ECKLEY\RECENT\DESKTOP.INI>
 in the hash map cannot be updated.  Context:  Application, SystemIndex Catalog  Details:
    A
 device attached to the system is not functioning.   (0x8007001f) 

[ OSession Events ]
Error - 01-03-11 11:10:06 AM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 245497
 seconds with 1020 seconds of active time.  This session ended with a crash.

Error - 01-25-11 12:31:11 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1128224
 seconds with 52620 seconds of active time.  This session ended with a crash.

Error - 04-13-11 8:13:36 AM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 75041
 seconds with 0 seconds of active time.  This session ended with a crash.

Error - 04-19-11 6:11:53 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 208590
 seconds with 22140 seconds of active time.  This session ended with a crash.

Error - 05-13-11 12:45:20 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 97111
 seconds with 15780 seconds of active time.  This session ended with a crash.

Error - 05-20-11 11:02:54 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 888
 seconds with 540 seconds of active time.  This session ended with a crash.

Error - 05-24-11 7:24:04 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 118039
 seconds with 10440 seconds of active time.  This session ended with a crash.

Error - 06-02-11 8:56:50 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 783159
 seconds with 70860 seconds of active time.  This session ended with a crash.

Error - 06-14-11 2:33:07 PM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 9162
 seconds with 120 seconds of active time.  This session ended with a crash.

Error - 06-16-11 10:07:06 AM | Computer Name = WALDO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 99000
 seconds with 13500 seconds of active time.  This session ended with a crash.

[ System Events ]
Error - 07-05-11 8:00:59 PM | Computer Name = WALDO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 07-06-11 6:54:38 AM | Computer Name = WALDO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 07-06-11 9:26:46 AM | Computer Name = WALDO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
 arguments ""  in order to run the server:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 07-06-11 9:27:06 AM | Computer Name = WALDO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
 with arguments ""  in order to run the server:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07-06-11 9:30:04 AM | Computer Name = WALDO | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 07-06-11 9:32:52 AM | Computer Name = WALDO | Source = DCOM | ID = 10010
Description = The server {0C0A3666-30C9-11D0-8F20-00805F2CD064} did not register
 with DCOM within the required timeout.

Error - 07-06-11 1:51:27 PM | Computer Name = WALDO | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
 period.

Error - 07-06-11 5:13:59 PM | Computer Name = WALDO | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 07-06-11 7:56:08 PM | Computer Name = WALDO | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2

Error - 07-07-11 7:42:34 AM | Computer Name = WALDO | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2


< End of report >

tjeckley 0 Light Poster · Answer 5 · 2011-07-07T23:08:05+00:00

Update: I have used some other programs suggested on other forums and I have now recaptured - what seems to be - all my missing files and programs that had been left missing after the virus. PC appears to be running well now but of course, will await any further suggestions regarding the recently posted logs to be sure to finalize cleanup. Thanks!

tjeckley 0 Light Poster · Answer 6 · 2011-07-08T04:41:33+00:00

OTL LOG from FIX:

All processes killed
========== FILES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 321 bytes

User: All Users

User: Default User
->Flash cache emptied: 56825 bytes

User: HelpAssistant
->Flash cache emptied: 41941 bytes

User: LocalService

User: NetworkService

User: Tami Eckley
->Flash cache emptied: 186599 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tami Eckley
->Temp folder emptied: 336401608 bytes
->Temporary Internet Files folder emptied: 1032724590 bytes
->Java cache emptied: 7620435 bytes
->FireFox cache emptied: 68452184 bytes
->Apple Safari cache emptied: 13696000 bytes
->Opera cache emptied: 17929296 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3590161 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1211 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 41162698 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1605 bytes

Total Files Cleaned = 1,451.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07072011_173424

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OTL.Txt after Quick Scan:

OTL logfile created on: 07-07-11 5:42:53 PM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Tami Eckley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM-dd-yy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.54% Memory free
6.84 Gb Paging File | 5.95 Gb Available in Paging File | 87.06% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

========== Processes (SafeList) ==========

PRC - [2011-07-07 07:48:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
PRC - [2011-06-28 07:19:47 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011-06-28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011-06-07 20:54:05 | 000,040,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2011-04-15 15:50:00 | 000,610,120 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2011-04-15 05:43:20 | 007,797,112 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011-04-15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010-12-14 11:10:36 | 000,241,360 | ---- | M] (Upromise, Inc.) -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2010-12-02 15:22:46 | 000,175,800 | ---- | M] (Compete, Inc.) -- C:\Program Files\Upromise\dca-ua.exe
PRC - [2010-11-01 16:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2010-09-22 19:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2010-09-14 02:58:33 | 001,956,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010-06-04 08:10:36 | 000,822,384 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009-05-14 15:47:08 | 002,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009-03-05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009-02-04 22:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008-12-18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008-04-14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-05-12 01:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005-01-07 17:30:56 | 000,864,256 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004-08-23 01:03:40 | 000,098,304 | ---- | M] () -- C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe
PRC - [2004-06-09 14:27:34 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\Palm\Hotsync.exe

========== Modules (SafeList) ==========

MOD - [2011-07-07 07:48:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
MOD - [2010-08-23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011-06-28 07:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011-04-15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010-09-14 02:58:33 | 001,956,136 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009-09-03 08:16:35 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-05-14 15:54:22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009-05-14 15:47:54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008-12-18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2004-09-29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011-05-29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010-10-27 04:55:50 | 005,524,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010-07-12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010-07-06 04:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009-07-28 22:47:48 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009-05-14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009-05-14 15:47:14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009-05-14 15:41:10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009-03-04 18:14:22 | 005,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-07-20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2004-02-23 09:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USCON/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.waldolib.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.waldolib.org/
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Bing Toolbar\tbhelper.dll ()
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.myheritage.com/"
FF - prefs.js..extensions.enabledItems: {896642E4-C556-4ED3-85D1-9AC431603E7D}:1.0.1
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.1.1.0
FF - prefs.js..keyword.URL: "http://search.myheritage.com/?orig=ds&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010-10-26 07:52:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-02-23 18:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-06-20 19:27:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009-07-23 13:52:53 | 000,000,000 | ---D | M]

[2009-09-26 16:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Extensions
[2010-12-05 16:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions
[2010-11-14 20:26:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-01-17 20:50:02 | 000,000,000 | ---D | M] (Bing Toolbar) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D}
[2010-12-05 16:02:25 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\extensions\toolbar@shopathome.com
[2010-11-14 20:18:59 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Application Data\Mozilla\Firefox\Profiles\pdowa7f4.default\searchplugins\bing-ff.xml
[2010-11-14 20:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-09-21 13:07:01 | 000,000,000 | ---D | M] (Family Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2009-07-14 17:29:48 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009-11-19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009-11-19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010-09-21 13:06:51 | 000,003,803 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MyHeritage.xml

O1 HOSTS File: ([2011-07-07 17:36:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Bing Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Bing Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Bing Toolbar) - {10000000-1000-1000-1000-100000000000} - C:\Program Files\Bing Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar1.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Family Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe (Upromise, Inc.)
O4 - HKCU..\Run: [Upromise Update] C:\Program Files\Upromise\dca-ua.exe (Compete, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk = C:\Program Files\CMS Peripherals\BounceBack Professional\BBLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O4 - Startup: C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1248375549578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://qb.webex.com/client/v_mywebex-qb20/ra/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files\Family Toolbar\mhxpcomi.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-04-25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004-08-11 19:15:00 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006-01-19 12:29:07 | 000,000,000 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-07-07 17:34:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011-07-07 07:48:49 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
[2011-07-06 20:09:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Administrative Tools
[2011-07-06 17:20:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Application Data\Malwarebytes
[2011-07-06 17:20:25 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011-07-06 17:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-07-06 17:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011-07-06 17:20:21 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011-07-06 17:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-07-06 17:19:44 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2011-07-06 09:37:43 | 013,487,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\windows-kb890830-v3.20.exe
[2011-07-06 09:36:19 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Tami Eckley\Desktop\dds.scr
[2011-07-05 20:00:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011-07-05 16:05:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tami Eckley\Recent
[2011-07-05 14:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Recaptured
[2011-07-05 14:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\SY11-Cycle 7 Renewals
[2011-07-05 14:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\WALDO RENEWALS
[2011-07-05 12:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Start Menu\Programs\Windows XP Repair
[2011-06-24 19:49:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\CAR-SY11-Cycle 8
[2011-06-24 19:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\CQR-SY11-Cycle 8
[2011-06-21 20:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Custom Admin Rate Reports 6-21-2011 20-54-37
[2011-06-21 19:35:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\SY11-Cycle 8
[2011-06-21 10:35:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Custom Quote Reports 6-21-2011 10-35-17
[2011-06-17 13:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Start Menu\Programs\TC Web Conferencing
[2011-06-17 13:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\TC Web Conferencing
[2011-06-17 13:06:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\My Documents\My Conference Recordings
[2011-06-15 12:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tami Eckley\Desktop\Custom Quote Reports 4-12-2011 13-58-29
[2011-06-14 14:24:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011-03-23 23:08:57 | 148,725,515 | ---- | C] (A.I.SOFT,INC.) -- C:\Program Files\MFC-7820N-inst-B2-en.EXE

========== Files - Modified Within 30 Days ==========

[2011-07-07 17:39:48 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011-07-07 17:39:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-07-07 17:37:19 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-07-07 17:37:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-07-07 17:37:13 | 3220,230,144 | -HS- | M] () -- C:\hiberfil.sys
[2011-07-07 17:36:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011-07-07 17:05:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-07-07 14:23:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8C08C4F6-46D1-4FE0-92E9-87A56E5413D3}.job
[2011-07-07 07:48:53 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tami Eckley\Desktop\OTL.exe
[2011-07-06 17:20:25 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:19:50 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2011-07-06 17:11:11 | 000,000,288 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Latest version-updated 5-31-Update error with Proxy mode - Malwarebytes Forum.url
[2011-07-06 09:36:47 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\o8ue0n6s.exe
[2011-07-06 09:36:21 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Tami Eckley\Desktop\dds.scr
[2011-07-06 09:34:04 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Shortcut to iexplore.exe.lnk
[2011-07-05 15:37:59 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-05 14:30:35 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-07-05 14:30:35 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-07-05 12:52:57 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\Windows XP Repair.lnk
[2011-07-05 12:52:56 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16375588
[2011-07-05 12:52:56 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
[2011-07-05 12:52:47 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16375588
[2011-06-28 18:51:29 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011-06-19 19:28:45 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011-06-17 21:17:40 | 000,000,426 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011-06-17 13:06:56 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\My Conference Recordings.lnk
[2011-06-17 13:06:54 | 000,499,712 | ---- | M] () -- C:\WINDOWS\iwexec.exe
[2011-06-17 13:06:50 | 004,115,944 | ---- | M] () -- C:\Program Files\webconferenceplugin.exe
[2011-06-14 14:46:15 | 000,000,339 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2011-06-14 14:43:17 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Tami Eckley\Desktop\MyHeritage Family Tree Builder.lnk
[2011-06-14 14:22:16 | 000,528,008 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-06-14 14:22:16 | 000,096,812 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-06-14 14:20:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-06-14 12:38:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ka.ini
[2011-06-14 12:37:34 | 000,000,039 | ---- | M] () -- C:\WINDOWS\WININIT.INI

========== Files Created - No Company Name ==========

[2011-07-07 12:36:31 | 000,001,888 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OverDrive Media Console.lnk
[2011-07-07 12:36:31 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2011-07-07 12:36:31 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Digital Editions.lnk
[2011-07-07 12:36:31 | 000,001,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\education.com website.lnk
[2011-07-07 12:36:31 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Ignotius Associates Program Demo.lnk
[2011-07-07 12:36:31 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011-07-07 12:36:31 | 000,001,622 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011-07-07 12:36:31 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011-07-07 12:36:31 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011-07-07 12:36:31 | 000,001,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011-07-07 12:36:31 | 000,001,014 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
[2011-07-07 12:36:31 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011-07-07 12:36:31 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011-07-07 12:36:31 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011-07-07 12:36:31 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Artisteer 2.lnk
[2011-07-07 12:36:31 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011-07-07 12:36:31 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Comic Life.lnk
[2011-07-07 12:36:31 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk
[2011-07-07 12:36:31 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comic Life.lnk
[2011-07-07 12:36:31 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011-07-07 12:36:30 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011-07-07 12:36:30 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2011-07-07 12:36:30 | 000,000,887 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011-07-07 12:36:28 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011-07-07 12:36:28 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011-07-07 12:36:28 | 000,001,789 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2011-07-07 12:36:28 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011-07-07 12:36:28 | 000,001,662 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011-07-07 12:36:28 | 000,001,529 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
[2011-07-07 12:36:28 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2011-07-07 12:36:28 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk
[2011-07-07 12:36:21 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2011-07-07 12:36:21 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.LNK
[2011-07-07 12:36:20 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2011-07-07 12:36:20 | 000,002,413 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
[2011-07-07 12:36:20 | 000,002,371 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Distiller 9.lnk
[2011-07-07 12:36:20 | 000,002,247 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Illustrator CS2.lnk
[2011-07-07 12:36:20 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011-07-07 12:36:20 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011-07-07 12:36:20 | 000,001,827 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Digital Editions.lnk
[2011-07-07 12:36:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011-07-07 12:36:20 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2011-07-07 12:36:20 | 000,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2011-07-07 12:36:20 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerDVD DX.lnk
[2011-07-07 12:36:20 | 000,001,500 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011-07-07 12:36:20 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
[2011-07-07 12:36:20 | 000,001,079 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Default Manager.lnk
[2011-07-07 12:36:20 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat_com.lnk
[2011-07-07 12:36:20 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Create & Print Home.url
[2011-07-06 17:20:25 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:20:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-07-06 17:11:11 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Latest version-updated 5-31-Update error with Proxy mode - Malwarebytes Forum.url
[2011-07-06 09:36:45 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\o8ue0n6s.exe
[2011-07-06 09:34:04 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Shortcut to iexplore.exe.lnk
[2011-07-06 09:27:44 | 3220,230,144 | -HS- | C] () -- C:\hiberfil.sys
[2011-07-05 15:18:07 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011-07-05 12:52:56 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\Windows XP Repair.lnk
[2011-07-05 12:52:56 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588
[2011-07-05 12:52:56 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16375588r
[2011-07-05 12:52:47 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16375588
[2011-06-17 13:06:56 | 000,499,712 | ---- | C] () -- C:\WINDOWS\iwexec.exe
[2011-06-17 13:06:56 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\My Conference Recordings.lnk
[2011-06-17 13:06:51 | 004,942,953 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Desktop\webconferenceplugin.exe
[2011-06-17 13:06:38 | 004,115,944 | ---- | C] () -- C:\Program Files\webconferenceplugin.exe
[2011-06-14 12:37:34 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011-05-11 06:55:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011-05-11 06:55:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011-03-23 23:13:59 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7820N.dat
[2011-03-23 23:13:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011-03-23 23:13:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011-02-25 18:00:35 | 000,068,224 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010-12-28 20:56:35 | 000,000,004 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\sysqcl1129139270.dat
[2010-12-28 18:14:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010-11-21 17:31:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010-09-06 11:15:16 | 000,000,339 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2010-09-06 11:13:03 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2010-09-01 17:45:26 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2010-04-08 11:13:00 | 009,577,800 | ---- | C] () -- C:\Program Files\winzip121.exe
[2010-03-12 13:36:44 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2010-03-12 13:22:56 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2010-03-12 13:21:58 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010-01-29 23:43:50 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[2010-01-29 23:43:50 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini
[2009-12-11 12:10:39 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Local Settings\Application Data\fusioncache.dat
[2009-12-10 11:23:09 | 000,079,253 | ---- | C] () -- C:\WINDOWS\hpfins05.dat
[2009-12-10 11:23:09 | 000,001,350 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat
[2009-10-27 14:42:51 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009-10-27 14:12:20 | 480,371,220 | ---- | C] () -- C:\Program Files\IllustratorCS2.zip
[2009-09-26 16:39:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-09-20 10:49:23 | 000,011,201 | ---- | C] () -- C:\Program Files\Freshmedia.zip
[2009-09-15 14:43:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Tami Eckley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-09-03 09:25:06 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2009-08-28 12:32:05 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009-08-28 12:31:48 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2009-08-20 09:25:21 | 001,250,741 | ---- | C] () -- C:\Program Files\HypatiaSansPro.zip
[2009-08-20 07:40:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009-08-20 07:40:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009-08-03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009-08-03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009-08-01 10:37:19 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\StellarProfile.dll
[2009-08-01 10:04:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2009-07-31 18:35:50 | 000,032,768 | ---- | C] () -- C:\WINDOWS\BBUninstall.exe
[2009-07-28 21:31:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009-07-28 21:31:19 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009-07-28 21:31:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009-07-28 21:31:15 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009-07-28 21:31:15 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009-07-28 21:23:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-07-28 18:21:48 | 000,000,823 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009-07-28 18:21:48 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009-07-28 18:21:48 | 000,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009-07-28 18:21:48 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009-07-28 18:14:49 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009-07-25 19:09:50 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009-07-24 18:23:20 | 001,878,465 | ---- | C] () -- C:\Program Files\WRT54GS_SetupWizard,0.zip
[2009-07-24 18:23:08 | 003,142,656 | ---- | C] () -- C:\Program Files\WRT54GSv3_4.71.4.001_fw,2.bin
[2009-07-23 15:13:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-07-14 20:20:33 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009-07-14 20:20:33 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009-07-14 20:20:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009-07-14 20:20:30 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009-07-14 20:20:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009-07-14 20:19:58 | 000,001,155 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009-07-14 17:37:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008-08-05 17:14:13 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2008-05-26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008-05-26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008-04-25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008-04-25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008-04-25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008-04-25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008-04-25 12:16:22 | 000,528,008 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008-04-25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008-04-25 12:16:22 | 000,096,812 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008-04-25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008-04-25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008-04-25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008-04-25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008-04-25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008-04-25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008-04-25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008-04-25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008-04-25 05:22:39 | 000,004,370 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008-04-25 05:21:52 | 002,218,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007-09-27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007-09-27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007-09-27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005-04-27 14:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2002-03-04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

========== LOP Check ==========

[2009-07-23 13:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009-07-23 14:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
[2009-07-28 22:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2010-09-06 11:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2009-09-26 07:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009-07-28 18:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010-01-17 20:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toolbar4
[2009-07-14 17:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011-04-21 09:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011-02-23 18:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009-10-10 13:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010-07-28 01:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2009-09-15 01:47:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Artisteer
[2009-09-15 10:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009-07-24 13:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Dealio
[2009-09-14 10:37:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Desktopicon
[2009-07-23 14:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\GlobalSCAPE
[2010-01-17 21:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\gtk-2.0
[2009-07-28 22:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\HotSync
[2009-07-28 22:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Leadertech
[2011-06-14 14:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\MyHeritage
[2009-09-26 07:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\NCH Swift Sound
[2010-10-03 20:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Opera
[2010-11-18 19:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\OverDrive
[2010-01-17 20:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Participatory Culture Foundation
[2009-08-20 07:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\ScanSoft
[2009-07-24 13:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Search Settings
[2011-05-10 11:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\TeamViewer
[2010-09-06 11:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\The Complete Genealogy Reporter - FTB
[2010-05-24 10:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Uniblue
[2011-01-31 09:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\upromise
[2009-07-14 17:29:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Windows Desktop Search
[2009-07-26 00:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Windows Live Writer
[2009-07-24 11:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tami Eckley\Application Data\Windows Search
[2011-07-07 17:39:48 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011-07-07 14:23:13 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8C08C4F6-46D1-4FE0-92E9-87A56E5413D3}.job

========== Purity Check ==========

< End of report >

tjeckley 0 Light Poster · Answer 7 · 2011-07-08T04:42:52+00:00

checkup.txt

Results of screen317's Security Check version 0.99.17
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET NOD32 Antivirus
AvailabilityEngineSetup
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 26
Flash Player Out of Date!
Adobe Flash Player 10.2.152.32
Mozilla Firefox (3.5.3) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````End of Log````````````

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2011-07-08T07:17:12+00:00

Just update the Flash player and you should be good.

Did the shortcut trick work?

tjeckley 0 Light Poster · Answer 9 · 2011-07-08T07:42:27+00:00

I followed some steps to recapture all my missing files, shortcuts and programs from another forum so that is all set. Everything seems to be working except that I have a problem opening up documents in microsoft word. I am able to use all my excel files and access databases, however, when I try to open an MS doc, two boxes open at the same time - the top box says: "The command cannot be performed because a dialog box is open. Click OK, and then close open dialog boxes to continue." When I close that box the box underneath says "Word cannot open this document template. (C:\Program Files\...\~$Wiz12s.dotm)". When I close that box, the document then opens, but it happens everytime I try to open a doc or when I first open the program. Once the program is open and the boxes appear and I close them ... I can then continue to open and close docs without a problem. Any suggestions on getting those error boxes to stop?

tjeckley 0 Light Poster · Answer 10 · 2011-07-08T08:07:15+00:00

Update: Seem to have fixed the word doc problem. I removed the questionable files from the StartUp folder and the error boxes no longer appear. Looks like I am all set. Your patience and generosity of time and knowledge much appreciated!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 11 · 2011-07-08T15:24:20+00:00

You're welcome :).

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

Virus, Hard drive or Both

Recommended Answers Collapse Answers

All 15 Replies

Recommended Answers