Solved Computer with a problem

[alhoover81]

A co-worker of my mom's has asked I help get a virus off her computer. I was hoping to get help from here since I do not like messing with the registry without step by step examples. I do not know to much, other than there is to much that starts up on her computer, that it took 10 minutes for it to finish starting. I do not want to start any scans until I know exactly which ones to run. Hope I can get some help like I have in the past.

 

[Broni]

You abandoned this topic in the near past: https://www.techspot.com/vb/topic175660.html
If it happens again you will be prohibited from receiving any more help in this forum.

=============================================================
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[alhoover81]

Sorry about the last forum. I got sick and technically I still am, but I forgot about my mom's computer, since she isn't using it right now. I am updating her computer, something the teacher hasn't done, as soon as it is finished I will start doing what you said to do. I will go back to my mom's computer after this one gets finished.

 

[alhoover81]

MBAM log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Carmen :: CARMEN-PC [administrator]

Protection: Enabled

2/9/2012 12:53:56 PM
mbam-log-2012-02-09 (12-53-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176277
Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Detected: 1
C:\Program Files\System\Driver\app.exe (Adware.Agent) -> 5140 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Svc32 (Adware.Agent) -> Data: C:\Program Files\System\Driver\app.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Data: Dealio Toolbar -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\DEALIO TOOLBAR\SEARCHSETTINGS.DLL (PUP.Dealio.TB) -> Data: 1 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\DEALIO TOOLBAR\SEARCHSETTINGS.EXE (PUP.Dealio.TB) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files\Dealio Toolbar (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Files Detected: 31
C:\Program Files\System\Driver\app.exe (Adware.Agent) -> Delete on reboot.
C:\Program Files\Dealio Toolbar\sscfg.ini (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\config.ini (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\SearchSettings.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\SearchSettings.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\SearchSettingsRes409.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\WidgiHelper.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\amazon.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\apple.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\barnes.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\bestbuy.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\dealio_logo.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\ebay.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\icon_settings.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\macys.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\newegg.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\overstock.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search-button-hover.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search-button.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search-chevron.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search_amazon.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search_dealio.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search_ebay.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\search_yahoo.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\separator.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\target.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\walmart.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Program Files\Dealio Toolbar\Res\widgets.xml (PUP.Dealio.TB) -> Quarantined and deleted successfully.

(end)

 

[alhoover81]

GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-09 13:47:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
Running: gmer.exe; Driver: C:\Users\Carmen\AppData\Local\Temp\uxdirpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

 

[alhoover81]

DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Carmen at 13:55:52 on 2012-02-09
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.452 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\qttask.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {2EDAB3A3-7A05-4ADD-946C-7222BD62FA88} - No File
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_SE7E0.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] c:\windows\system32\qttask.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\carmen\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - e:\common\epsonreg\EpsonReg.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
TCP: Interfaces\{062FBCAD-1BE0-4E78-A4E8-285B5BE5135A} : DhcpNameServer = 192.168.1.1 24.159.64.23 24.217.201.67
TCP: Interfaces\{6F2E8D66-A0DF-4FFD-ABBD-0163C1E4B4FB} : DhcpNameServer = 192.168.2.1 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-31 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-31 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-8 820344]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120208.002\IDSvix86.sys [2012-2-8 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-31 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-1-31 331384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-7 73728]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-1-16 20376]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-6-8 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-8 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-8-8 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-9 106104]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-7 111104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-15 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-17 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-7 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-02-09 19:32:00 -------- dc----w- c:\program files\Pure Networks
2012-02-09 19:25:49 26672 -c--a-w- c:\windows\system32\drivers\pnarp.sys
2012-02-09 19:24:26 27696 -c--a-w- c:\windows\system32\drivers\purendis.sys
2012-02-09 19:24:21 -------- dc----w- c:\program files\common files\Pure Networks Shared
2012-02-09 18:52:42 -------- dc----w- c:\users\carmen\appdata\roaming\Malwarebytes
2012-02-09 18:52:33 -------- dc----w- c:\programdata\Malwarebytes
2012-02-09 18:52:32 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-02-09 18:52:32 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-09 18:28:28 -------- dc----w- c:\windows\pss
2012-02-09 13:52:45 -------- dc----w- c:\users\carmen\appdata\local\{4D777996-B5B9-42A5-8A42-4F6E69F05135}
2012-02-09 13:52:22 -------- dc----w- c:\users\carmen\appdata\local\{D6B47D91-37A2-41FF-AFDA-3797433EF7B7}
2012-02-09 00:07:13 -------- dc----w- c:\program files\CCleaner
2012-02-08 23:50:50 -------- dc----w- c:\users\carmen\appdata\local\{8A9B67BA-04E7-47BD-A46A-079EB1BDC3F7}
2012-01-31 11:38:27 -------- dc----w- c:\users\carmen\appdata\local\{FD9FD575-3166-4040-8144-ED07F6B7FB1B}
2012-01-31 11:38:15 -------- dc----w- c:\users\carmen\appdata\local\{69AD96E4-9019-4BAB-97D8-9212B1D509B5}
2012-01-31 11:18:33 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-01-31 11:18:33 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-01-31 11:18:32 744568 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-01-31 11:18:32 516216 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-01-31 11:18:32 50168 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-01-31 11:18:32 340088 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-01-31 11:18:32 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-01-31 11:17:48 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-01-30 23:37:23 -------- dc----w- c:\users\carmen\appdata\local\{CE4E1254-5161-4AE1-B6CE-65D729A2794E}
2012-01-30 23:37:08 -------- dc----w- c:\users\carmen\appdata\local\{9311BD5D-BD4A-404B-AAE6-A204F2396C05}
2012-01-30 03:30:52 -------- dc----w- c:\users\carmen\appdata\local\{9BFC352D-9628-4B34-8A19-3BFC9C52F441}
2012-01-30 03:30:37 -------- dc----w- c:\users\carmen\appdata\local\{D6C51CE1-DC82-439C-9C78-3BCBF7E74D83}
2012-01-29 03:07:15 -------- dc----w- c:\users\carmen\appdata\local\{B770D65B-98CE-4D9B-A4B6-3E1F5211ABBE}
2012-01-29 03:06:58 -------- dc----w- c:\users\carmen\appdata\local\{FFC26A4B-D4FB-4DD8-828F-5C77B784CF37}
2012-01-28 02:31:34 -------- dc----w- c:\users\carmen\appdata\local\{E80E3F77-C3FE-41CD-AA2A-F972ACD08AA5}
2012-01-28 02:31:16 -------- dc----w- c:\users\carmen\appdata\local\{504FC1E2-4FCC-4E04-9950-6B79E964A64A}
2012-01-27 02:00:35 -------- dc----w- c:\users\carmen\appdata\local\{F413D285-720B-4977-97A1-CD3DF39BFA76}
2012-01-27 02:00:16 -------- dc----w- c:\users\carmen\appdata\local\{430475DA-1D80-4DFA-83C0-DAB1007172C1}
2012-01-26 11:39:58 -------- dc----w- c:\users\carmen\appdata\local\{0F3BC3D5-1F79-462E-BCDB-ECAC8AD5188B}
2012-01-26 11:39:45 -------- dc----w- c:\users\carmen\appdata\local\{B66D0372-ADBA-4D60-8A9D-216296ED8365}
2012-01-25 23:39:11 -------- dc----w- c:\users\carmen\appdata\local\{A95153E8-42D1-45D1-B383-5E0D0B0E43A3}
2012-01-25 23:38:51 -------- dc----w- c:\users\carmen\appdata\local\{D0F9ECD2-C563-4754-AC63-2DB3FE0532E3}
2012-01-25 11:38:19 -------- dc----w- c:\users\carmen\appdata\local\{E6F3E526-F148-4D05-B95D-9A08EA0A1D09}
2012-01-25 11:38:04 -------- dc----w- c:\users\carmen\appdata\local\{587E446F-8913-4C1D-9AA9-FC6746662CBE}
2012-01-24 23:37:33 -------- dc----w- c:\users\carmen\appdata\local\{2C12B25F-5BD8-4577-B74F-19D084EA0FFF}
2012-01-24 23:37:18 -------- dc----w- c:\users\carmen\appdata\local\{30B961DB-905D-45E4-9026-FB475E8AD76D}
2012-01-24 11:36:44 -------- dc----w- c:\users\carmen\appdata\local\{F0D0E600-3F03-49B5-812A-AEED3219B762}
2012-01-24 11:36:27 -------- dc----w- c:\users\carmen\appdata\local\{151DA06A-0164-4613-A898-DB22B5A5BB88}
2012-01-23 23:35:55 -------- dc----w- c:\users\carmen\appdata\local\{A6DF4A03-B234-47AC-B8C6-D594C965EF8E}
2012-01-23 23:35:28 -------- dc----w- c:\users\carmen\appdata\local\{4EAE4A8A-67C0-40FF-B769-A2593FF2D10D}
2012-01-23 03:18:02 -------- dc----w- c:\users\carmen\appdata\local\{0A35C6E0-818F-43EE-84CC-55194632941E}
2012-01-23 03:17:50 -------- dc----w- c:\users\carmen\appdata\local\{EC15F02A-AA7D-411F-A337-98181F4EB7EB}
2012-01-22 19:37:34 -------- dc----w- c:\program files\security1
2012-01-22 16:03:15 -------- dc----w- c:\users\carmen\appdata\local\Apps
2012-01-22 15:17:07 -------- dc----w- c:\users\carmen\appdata\local\{36AF7653-1DFA-45DE-A72B-239322A378A2}
2012-01-22 15:16:53 -------- dc----w- c:\users\carmen\appdata\local\{88CAB705-EA63-4D31-8927-BC314D99EEF7}
2012-01-21 23:55:44 -------- dc----w- c:\users\carmen\appdata\local\{11A7AE9C-4816-4486-B2A5-0414823A06E7}
2012-01-21 12:22:24 -------- dc----w- c:\users\carmen\appdata\local\Conduit
2012-01-21 12:16:13 -------- dc----w- c:\program files\System
2012-01-21 11:55:11 -------- dc----w- c:\users\carmen\appdata\local\{7FE3D98B-E363-4BC9-B5F0-B4F28C47DB03}
2012-01-21 11:54:58 -------- dc----w- c:\users\carmen\appdata\local\{9872670C-6235-484D-BEC3-F4131BBE463D}
2012-01-20 22:36:29 -------- dc----w- c:\users\carmen\appdata\local\{CBA5E7A9-0E01-44F9-A4CD-C81117AFC440}
2012-01-20 22:36:13 -------- dc----w- c:\users\carmen\appdata\local\{60BE822B-2C41-4093-B12F-96F523614792}
2012-01-20 10:35:37 -------- dc----w- c:\users\carmen\appdata\local\{3416D9BF-7BBC-4674-BBC9-4A21B0E7FF16}
2012-01-20 10:35:23 -------- dc----w- c:\users\carmen\appdata\local\{DE9685C2-7A49-4AD1-8DB1-8A0B258DB334}
2012-01-19 10:30:49 -------- dc----w- c:\users\carmen\appdata\local\{EB2BE341-3DF9-418A-BA10-8D2648CC4039}
2012-01-19 10:30:30 -------- dc----w- c:\users\carmen\appdata\local\{E85A1CF6-3897-48F2-9BF9-F11EA3352E9F}
2012-01-18 22:26:38 -------- dc----w- c:\users\carmen\appdata\local\{84C37193-1D1B-4ED0-9857-EE1579F8C253}
2012-01-18 22:26:24 -------- dc----w- c:\users\carmen\appdata\local\{8D826B8F-921C-408B-AF07-BE7E8E1ED04E}
2012-01-18 00:39:05 -------- dc----w- c:\users\carmen\appdata\local\{A696B82A-C493-44E7-A92C-453CB810A47B}
2012-01-18 00:38:48 -------- dc----w- c:\users\carmen\appdata\local\{4FD5CC71-8687-4FBF-8BC7-42B8EEB53DF1}
2012-01-17 10:34:10 -------- dc----w- c:\users\carmen\appdata\local\{574E080C-FEB4-49CA-9C98-48D259A2E757}
2012-01-17 10:33:57 -------- dc----w- c:\users\carmen\appdata\local\{1598BF2D-B0E4-49F3-BDCC-EA6955D8E959}
2012-01-16 19:40:21 -------- dc----w- c:\users\carmen\appdata\local\{1D04F414-C7F5-4CFF-96EE-7DF8C50368DB}
2012-01-16 19:40:09 -------- dc----w- c:\users\carmen\appdata\local\{FA38D31A-9AE1-423C-98EC-7CBC0421172F}
2012-01-16 05:15:19 -------- dc----w- c:\users\carmen\appdata\local\{75CC9E34-B9CA-42E4-8111-1E3C070577FC}
2012-01-16 05:11:29 -------- dc----w- c:\users\carmen\appdata\local\{E5DA6508-D2F0-4399-BD28-6DE159A30774}
2012-01-16 05:04:08 -------- dc----w- c:\users\carmen\appdata\local\{CE17ADD0-16C0-46F8-99D7-7825DEFB2E64}
2012-01-15 14:40:41 -------- dc----w- c:\users\carmen\appdata\local\{6DEFF753-5FE3-41F7-9647-0543A41B652D}
2012-01-15 14:40:23 -------- dc----w- c:\users\carmen\appdata\local\{9C10798A-C870-4584-B358-A54F89E83923}
2012-01-15 01:22:25 -------- dc----w- c:\users\carmen\appdata\local\{DB363842-2693-4256-8D7B-798F6E62CD13}
2012-01-15 01:22:12 -------- dc----w- c:\users\carmen\appdata\local\{B87299FF-6EB5-44D6-B240-87CC19797066}
2012-01-14 13:21:29 -------- dc----w- c:\users\carmen\appdata\local\{46B249FF-0B10-4CAE-89E1-AACCBDDFA12C}
2012-01-14 13:21:08 -------- dc----w- c:\users\carmen\appdata\local\{291426BE-65F3-4CDF-8569-F51C31566069}
2012-01-14 00:43:44 -------- dc----w- c:\users\carmen\appdata\local\{70A12C4E-C05C-49B2-A70F-6C01743393AE}
2012-01-14 00:43:28 -------- dc----w- c:\users\carmen\appdata\local\{57ACF140-D182-422C-8919-0DC29C21E557}
2012-01-13 11:55:25 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-13 11:55:25 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-13 11:55:25 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-13 11:55:25 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-13 11:55:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-13 11:55:25 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-13 02:09:42 -------- dc----w- c:\users\carmen\appdata\local\{778062CA-441E-4508-AC7F-D506037DB75D}
2012-01-13 02:09:15 -------- dc----w- c:\users\carmen\appdata\local\{BB9C77A0-4515-4662-B904-005AB9387135}
2012-01-12 11:34:08 -------- dc----w- c:\users\carmen\appdata\local\{59CEB853-0666-40C6-8B5D-973893D268D4}
2012-01-12 11:33:55 -------- dc----w- c:\users\carmen\appdata\local\{4751F828-0AC9-421D-BA34-CC309F27962F}
2012-01-11 11:34:54 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 11:34:54 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 11:34:50 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 11:34:46 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 11:34:44 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 11:34:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 11:33:49 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 11:33:49 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 11:14:20 -------- dc----w- c:\users\carmen\appdata\local\{E60F0397-7E12-4C67-8428-A188C4AEFA41}
2012-01-11 11:14:04 -------- dc----w- c:\users\carmen\appdata\local\{F1932442-60CE-462F-BDAD-87A1E6B02FE2}
2012-01-10 23:04:58 -------- dc----w- c:\users\carmen\appdata\local\{3955DEAE-D4DA-4E65-9848-91AAAC30EF3C}
2012-01-10 23:04:37 -------- dc----w- c:\users\carmen\appdata\local\{F4ECB546-99F7-4445-BD87-0A07E193EDF6}
.
==================== Find3M ====================
.
2012-02-09 19:27:24 8892928 -c--a-w- c:\programdata\atscie.msi
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 21:30:22 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 13:58:04.24 ===============

 

[alhoover81]

Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 3/7/2008 7:47:03 AM
System Uptime: 2/9/2012 1:16:48 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | Microprocessor | 1600/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 46.841 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.262 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP489: 1/14/2012 7:18:25 AM - Windows Update
RP490: 2/8/2012 6:44:27 PM - Windows Update
RP491: 2/9/2012 1:24:30 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
RP492: 2/9/2012 1:25:50 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
RP493: 2/9/2012 1:30:50 PM - Installed Cisco Network Magic
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader 8.3.1
Adobe Shockwave Player 11
Advanced Audio FX Engine
Advanced Video FX Engine
AOL Install
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Calendar
Ask Toolbar
Bing Bar
Bing Rewards Client Installer
Browser Address Error Redirector
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco Network Magic
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
D3DX10
Dealio Toolbar v4.0.1
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
EarthLink Setup Files
EasyBits GO
Epson CreativeZone
Epson Event Manager
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup
Garmin Lifetime Updater
Google Chrome
Google Desktop
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Internet Service Offers Launcher
Java(TM) SE Runtime Environment 6
Junk Mail filter update
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
LTCM Client
Malwarebytes Anti-Malware version 1.60.1.1000
Map Button (Windows Live Toolbar)
MediaDirect
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
MSVCRT
Music, Photos & Videos Launcher
NetWaiting
Network Magic
NetZeroInstallers
Norton 360
Norton Safe Web Lite
Norton Security Scan
OGA Notifier 2.0.0048.0
OutlookAddinSetup
Product Documentation Launcher
Pure Networks Platform
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Segoe UI
Skype Click to Call
Skype™ 5.5
Smart Menus (Windows Live Toolbar)
Spelling Dictionaries Support For Adobe Reader 8
The Weather Channel Desktop 6
The Weather Channel Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
WebEx
WebEx Support Manager for Internet Explorer
WhiteSmoke
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Software Update
Yahoo! Toolbar
ZTE Mobile Connection Manager
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 1:19:57 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
2/9/2012 1:18:51 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
2/9/2012 1:18:51 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/9/2012 1:18:03 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart 2570 series with shared resource name . Error 1215. The printer cannot be used by others on the network.
2/9/2012 1:18:03 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Epson Stylus NX510(Network) with shared resource name . Error 1215. The printer cannot be used by others on the network.
2/8/2012 7:10:29 PM, Error: Service Control Manager [7030] - The Creative OEM002 RunApp Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/8/2012 7:03:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/8/2012 7:03:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/8/2012 7:03:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

 

[Broni]

Get well

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

• Unzip downloaded file to your Desktop.
• Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
• Press CTRL+C
• Open a Notepad and press CTRL+V
• Post the output back here.

 

[alhoover81]

MBR log


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-09 18:56:37
-----------------------------
18:56:37.147 OS Version: Windows 6.0.6002 Service Pack 2
18:56:37.147 Number of processors: 2 586 0xF0D
18:56:37.151 ComputerName: CARMEN-PC UserName: Carmen
18:56:54.516 Initialize success
18:57:32.634 AVAST engine defs: 12020903
19:00:53.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:00:53.105 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3
19:00:53.137 Disk 0 MBR read successfully
19:00:53.143 Disk 0 MBR scan
19:00:53.155 Disk 0 Windows VISTA default MBR code
19:00:53.162 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
19:00:53.211 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
19:00:53.271 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101609 MB offset 21100544
19:00:53.284 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
19:00:53.330 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
19:00:53.348 Disk 0 scanning sectors +234438656
19:00:53.462 Disk 0 scanning C:\Windows\system32\drivers
19:01:13.877 Service scanning
19:01:15.579 Modules scanning
19:01:32.993 Disk 0 trace - called modules:
19:01:33.033 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
19:01:33.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cbb4b8]
19:01:33.052 3 CLASSPNP.SYS[8899d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8520c030]
19:01:34.553 AVAST engine scan C:\Windows
19:01:40.464 AVAST engine scan C:\Windows\system32
19:07:40.718 AVAST engine scan C:\Windows\system32\drivers
19:08:02.058 AVAST engine scan C:\Users\Carmen
19:14:02.003 Disk 0 MBR has been saved successfully to "C:\Users\Carmen\Desktop\MBR.dat"
19:14:02.014 The log file has been saved successfully to "C:\Users\Carmen\Desktop\aswMBR.txt"

 

[alhoover81]

Bootkit remover will not download the zip file at all. I save the zip file to the desktop, when I open if, it will open in Windows Photo gallery and not show any zip files.

 

[Broni]

I uploaded unzipped file here: http://www.uploadmb.com/dw.php?id=1328844357

 

[alhoover81]

Boot Cleaner log

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
2), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83f00000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

 

[Broni]

Good

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[alhoover81]

ComboFix log

ComboFix 12-02-11.03 - Carmen 02/12/2012 8:26.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.648 [GMT -6:00]
Running from: c:\users\Carmen\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll
c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll
c:\users\Carmen\AppData\Roaming\Microsoft\Windows\Recent\Epson CreativeZone.url
c:\users\Carmen\Documents\~WRL0001.tmp
c:\users\Carmen\Documents\~WRL0003.tmp
c:\users\Carmen\Documents\~WRL0005.tmp
c:\users\Carmen\Documents\~WRL0583.tmp
c:\users\Carmen\Documents\~WRL1042.tmp
c:\users\Carmen\Documents\~WRL2140.tmp
c:\users\Carmen\Documents\~WRL2735.tmp
c:\users\Carmen\Documents\~WRL3165.tmp
c:\users\Carmen\Documents\~WRL3602.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
.
.
2012-02-12 14:41 . 2012-02-12 14:41 -------- dc----w- c:\users\Carmen\AppData\Local\temp
2012-02-12 14:41 . 2012-02-12 14:41 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-02-09 19:32 . 2012-02-09 19:32 -------- dc----w- c:\program files\Pure Networks
2012-02-09 19:25 . 2009-07-07 20:48 26672 -c--a-w- c:\windows\system32\drivers\pnarp.sys
2012-02-09 19:24 . 2009-07-07 20:48 27696 -c--a-w- c:\windows\system32\drivers\purendis.sys
2012-02-09 19:24 . 2012-02-09 19:24 -------- dc----w- c:\program files\Common Files\Pure Networks Shared
2012-02-09 18:52 . 2012-02-09 18:52 -------- dc----w- c:\users\Carmen\AppData\Roaming\Malwarebytes
2012-02-09 18:52 . 2012-02-09 18:52 -------- dc----w- c:\programdata\Malwarebytes
2012-02-09 18:52 . 2012-02-09 18:52 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-09 18:52 . 2011-12-10 21:24 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-02-09 00:07 . 2012-02-09 00:07 -------- dc----w- c:\program files\CCleaner
2012-01-31 11:17 . 2012-02-08 23:46 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-01-22 19:37 . 2012-01-22 19:37 -------- dc----w- c:\program files\security1
2012-01-22 16:03 . 2012-01-22 16:03 -------- dc----w- c:\users\Carmen\AppData\Local\Apps
2012-01-21 12:22 . 2012-01-22 15:47 -------- dc----w- c:\users\Carmen\AppData\Local\Conduit
2012-01-21 12:16 . 2012-01-21 12:16 -------- dc----w- c:\program files\System
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 19:27 . 2010-01-17 04:52 8892928 -c--a-w- c:\programdata\atscie.msi
2011-11-25 15:59 . 2012-01-11 11:34 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-15 03:59 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 21:30 . 2011-05-20 10:47 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 20:23 . 2012-01-11 11:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 11:34 66560 ----a-w- c:\windows\system32\packager.dll
2011-11-17 06:48 . 2012-01-13 11:55 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23 . 2012-01-13 11:55 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2012-01-13 11:55 72704 ----a-w- c:\windows\system32\secur32.dll
2011-11-16 16:23 . 2012-01-13 11:55 278528 ----a-w- c:\windows\system32\schannel.dll
2011-11-16 16:21 . 2012-01-13 11:55 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-16 14:12 . 2012-01-13 11:55 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 23:20 279944 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"QuickTime Task"="c:\windows\system32\qttask.exe" [2008-08-24 28672]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
c:\users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-7 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2011-10-03 15:14 1409384 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-07 23:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-13 01:51 136176 -c--atw- c:\users\Carmen\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\Carmen\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2011-05-13 21:03 4283256 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-01-22 22:49 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-05-22 23:04 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:37]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:37]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000Core.job
- c:\users\Carmen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 01:51]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000UA.job
- c:\users\Carmen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 01:51]
.
2012-01-23 c:\windows\Tasks\Norton Security Scan for Carmen.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-12 05:51]
.
2012-01-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-02-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{2edab3a3-7a05-4add-946c-7222bd62fa88} - (no file)
WebBrowser-{2EDAB3A3-7A05-4ADD-946C-7222BD62FA88} - (no file)
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 08:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-12 08:48:40
ComboFix-quarantined-files.txt 2012-02-12 14:48
.
Pre-Run: 53,780,779,008 bytes free
Post-Run: 53,614,854,144 bytes free
.
- - End Of File - - 8A59091C690F96EB425C728217BCC35B

 

[Broni]

Looks good.

How is computer doing?

Uninstall Ask Toolbar, typical foistware.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[alhoover81]

OTL log

OTL logfile created on: 2/12/2012 1:09:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carmen\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.60% Memory free
4.22 Gb Paging File | 2.64 Gb Available in Paging File | 62.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 47.02 Gb Free Space | 47.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.62% Space Free | Partition Type: NTFS

Computer Name: CARMEN-PC | User Name: Carmen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
PRC - [2012/02/12 13:06:29 | 051,369,680 | ---- | M] (Dell Inc) -- C:\Users\Carmen\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_23_32_01.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/21 09:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 05:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 16:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 00:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 00:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 00:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/08/27 23:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 13:06:53 | 000,004,096 | ---- | M] () -- C:\Users\Carmen\AppData\Local\temp\nshD2CA.tmp\nsProcess.dll
MOD - [2012/02/12 13:06:52 | 000,010,752 | ---- | M] () -- C:\Users\Carmen\AppData\Local\temp\nshD2CA.tmp\System.dll
MOD - [2012/01/11 05:45:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2012/01/11 05:45:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2011/10/13 15:00:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 14:58:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007/12/14 21:54:06 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/12/12 00:01:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/28 18:31:25 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/02/15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2012/02/08 18:27:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/08 18:27:30 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120209.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/28 04:19:42 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/28 04:19:42 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/06 22:15:07 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/07 00:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/27 23:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 09 5D 14 9B C3 CB 01 [binary data]
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/12 06:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 17:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/08 22:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/10 18:14:20 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

O1 HOSTS File: ([2012/02/12 08:41:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Windows\System32\qttask.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062FBCAD-1BE0-4E78-A4E8-285B5BE5135A}: DhcpNameServer = 192.168.1.1 24.159.64.23 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2E8D66-A0DF-4FFD-ABBD-0163C1E4B4FB}: DhcpNameServer = 192.168.2.1 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 13:12:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/02/12 13:06:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
[2012/02/12 08:49:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/12 08:48:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\temp
[2012/02/12 08:21:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 08:21:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 08:21:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 08:21:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 08:21:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 08:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/12 08:15:26 | 004,402,217 | R--- | C] (Swearware) -- C:\Users\Carmen\Desktop\ComboFix.exe
[2012/02/10 18:20:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
[2012/02/09 18:55:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
[2012/02/09 13:54:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
[2012/02/09 13:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/09 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/09 12:52:42 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Roaming\Malwarebytes
[2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/09 12:52:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/09 12:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/09 12:28:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/09 07:52:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4D777996-B5B9-42A5-8A42-4F6E69F05135}
[2012/02/09 07:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6B47D91-37A2-41FF-AFDA-3797433EF7B7}
[2012/02/08 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/08 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/08 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8A9B67BA-04E7-47BD-A46A-079EB1BDC3F7}
[2012/01/31 05:38:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FD9FD575-3166-4040-8144-ED07F6B7FB1B}
[2012/01/31 05:38:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{69AD96E4-9019-4BAB-97D8-9212B1D509B5}
[2012/01/30 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE4E1254-5161-4AE1-B6CE-65D729A2794E}
[2012/01/30 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9311BD5D-BD4A-404B-AAE6-A204F2396C05}
[2012/01/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9BFC352D-9628-4B34-8A19-3BFC9C52F441}
[2012/01/29 21:30:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6C51CE1-DC82-439C-9C78-3BCBF7E74D83}
[2012/01/28 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B770D65B-98CE-4D9B-A4B6-3E1F5211ABBE}
[2012/01/28 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FFC26A4B-D4FB-4DD8-828F-5C77B784CF37}
[2012/01/27 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E80E3F77-C3FE-41CD-AA2A-F972ACD08AA5}
[2012/01/27 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{504FC1E2-4FCC-4E04-9950-6B79E964A64A}
[2012/01/26 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F413D285-720B-4977-97A1-CD3DF39BFA76}
[2012/01/26 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{430475DA-1D80-4DFA-83C0-DAB1007172C1}
[2012/01/26 05:39:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0F3BC3D5-1F79-462E-BCDB-ECAC8AD5188B}
[2012/01/26 05:39:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B66D0372-ADBA-4D60-8A9D-216296ED8365}
[2012/01/25 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A95153E8-42D1-45D1-B383-5E0D0B0E43A3}
[2012/01/25 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D0F9ECD2-C563-4754-AC63-2DB3FE0532E3}
[2012/01/25 05:38:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E6F3E526-F148-4D05-B95D-9A08EA0A1D09}
[2012/01/25 05:38:04 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{587E446F-8913-4C1D-9AA9-FC6746662CBE}
[2012/01/24 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{2C12B25F-5BD8-4577-B74F-19D084EA0FFF}
[2012/01/24 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{30B961DB-905D-45E4-9026-FB475E8AD76D}
[2012/01/24 05:36:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F0D0E600-3F03-49B5-812A-AEED3219B762}
[2012/01/24 05:36:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{151DA06A-0164-4613-A898-DB22B5A5BB88}
[2012/01/23 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A6DF4A03-B234-47AC-B8C6-D594C965EF8E}
[2012/01/23 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4EAE4A8A-67C0-40FF-B769-A2593FF2D10D}
[2012/01/22 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0A35C6E0-818F-43EE-84CC-55194632941E}
[2012/01/22 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EC15F02A-AA7D-411F-A337-98181F4EB7EB}
[2012/01/22 13:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\security1
[2012/01/22 10:03:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Apps
[2012/01/22 09:17:07 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{36AF7653-1DFA-45DE-A72B-239322A378A2}
[2012/01/22 09:16:53 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{88CAB705-EA63-4D31-8927-BC314D99EEF7}
[2012/01/21 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{11A7AE9C-4816-4486-B2A5-0414823A06E7}
[2012/01/21 06:22:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Conduit
[2012/01/21 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\System
[2012/01/21 05:55:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{7FE3D98B-E363-4BC9-B5F0-B4F28C47DB03}
[2012/01/21 05:54:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9872670C-6235-484D-BEC3-F4131BBE463D}
[2012/01/20 16:36:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CBA5E7A9-0E01-44F9-A4CD-C81117AFC440}
[2012/01/20 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{60BE822B-2C41-4093-B12F-96F523614792}
[2012/01/20 04:35:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{3416D9BF-7BBC-4674-BBC9-4A21B0E7FF16}
[2012/01/20 04:35:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DE9685C2-7A49-4AD1-8DB1-8A0B258DB334}
[2012/01/19 04:30:49 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EB2BE341-3DF9-418A-BA10-8D2648CC4039}
[2012/01/19 04:30:30 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E85A1CF6-3897-48F2-9BF9-F11EA3352E9F}
[2012/01/18 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{84C37193-1D1B-4ED0-9857-EE1579F8C253}
[2012/01/18 16:26:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8D826B8F-921C-408B-AF07-BE7E8E1ED04E}
[2012/01/17 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A696B82A-C493-44E7-A92C-453CB810A47B}
[2012/01/17 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4FD5CC71-8687-4FBF-8BC7-42B8EEB53DF1}
[2012/01/17 04:34:10 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{574E080C-FEB4-49CA-9C98-48D259A2E757}
[2012/01/17 04:33:57 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1598BF2D-B0E4-49F3-BDCC-EA6955D8E959}
[2012/01/16 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1D04F414-C7F5-4CFF-96EE-7DF8C50368DB}
[2012/01/16 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FA38D31A-9AE1-423C-98EC-7CBC0421172F}
[2012/01/15 23:15:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{75CC9E34-B9CA-42E4-8111-1E3C070577FC}
[2012/01/15 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E5DA6508-D2F0-4399-BD28-6DE159A30774}
[2012/01/15 23:04:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE17ADD0-16C0-46F8-99D7-7825DEFB2E64}
[2012/01/15 08:40:41 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{6DEFF753-5FE3-41F7-9647-0543A41B652D}
[2012/01/15 08:40:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9C10798A-C870-4584-B358-A54F89E83923}
[2012/01/14 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DB363842-2693-4256-8D7B-798F6E62CD13}
[2012/01/14 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B87299FF-6EB5-44D6-B240-87CC19797066}
[2012/01/14 07:21:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{46B249FF-0B10-4CAE-89E1-AACCBDDFA12C}
[2012/01/14 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{291426BE-65F3-4CDF-8569-F51C31566069}
[2012/01/13 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{70A12C4E-C05C-49B2-A70F-6C01743393AE}
[2012/01/13 18:43:28 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{57ACF140-D182-422C-8919-0DC29C21E557}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[alhoover81]

========== Files - Modified Within 30 Days ==========

[2012/02/12 13:13:06 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/12 13:12:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
[2012/02/12 13:02:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 13:01:55 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000UA.job
[2012/02/12 13:01:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 13:01:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 13:01:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 08:41:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/12 08:16:49 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000Core.job
[2012/02/12 08:15:46 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\ComboFix.exe
[2012/02/10 18:21:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/10 18:20:31 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
[2012/02/09 19:14:02 | 000,000,512 | ---- | M] () -- C:\Users\Carmen\Desktop\MBR.dat
[2012/02/09 18:56:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
[2012/02/09 18:47:59 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/09 18:47:02 | 260,852,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/09 13:54:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
[2012/02/09 13:42:00 | 000,302,592 | ---- | M] () -- C:\Users\Carmen\Desktop\gmer.exe
[2012/02/09 13:32:05 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/09 13:27:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2012/02/09 13:26:31 | 002,349,520 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/09 12:52:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:16:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 19:16:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 18:07:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/08 17:47:40 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/30 17:40:38 | 000,003,128 | ---- | M] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
[2012/01/27 23:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/26 05:05:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 18:39:27 | 000,002,627 | ---- | M] () -- C:\Users\Carmen\Desktop\Microsoft Office Word 2007.lnk
[2012/01/22 19:13:27 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Carmen.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 13:12:37 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/12 13:12:34 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/12 08:21:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 08:21:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 08:21:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 08:21:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 08:21:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 19:14:02 | 000,000,512 | ---- | C] () -- C:\Users\Carmen\Desktop\MBR.dat
[2012/02/09 18:47:02 | 260,852,946 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 13:42:00 | 000,302,592 | ---- | C] () -- C:\Users\Carmen\Desktop\gmer.exe
[2012/02/09 13:32:05 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/09 12:52:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 18:07:24 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/30 17:40:37 | 000,003,128 | ---- | C] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
[2011/06/23 16:50:40 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2010/10/14 20:19:14 | 000,001,940 | ---- | C] () -- C:\Users\Carmen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/22 20:36:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/18 20:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/18 20:38:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/18 20:38:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/16 22:52:07 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/10/26 19:34:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/10/26 19:34:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/10/26 19:34:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/10/26 19:34:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/10/26 19:34:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/10/26 19:34:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/10/26 19:34:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/10/26 19:34:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/10/26 19:34:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/10/26 19:34:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/10/26 19:34:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/10/26 19:34:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/26 19:22:59 | 000,000,079 | ---- | C] () -- C:\Windows\EPNX510.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/21 20:44:08 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2009/02/21 20:44:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2009/02/02 18:53:50 | 000,000,000 | ---- | C] () -- C:\Users\Carmen\AppData\Roaming\wklnhst.dat
[2008/08/24 11:25:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2008/03/17 11:22:47 | 000,000,680 | ---- | C] () -- C:\Users\Carmen\AppData\Local\d3d9caps.dat
[2008/03/11 16:06:51 | 000,046,592 | ---- | C] () -- C:\Users\Carmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 15:38:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/07 15:38:31 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/07 15:38:31 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/07 15:38:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/07 15:38:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/07 08:02:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/03/07 08:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/03/07 07:57:19 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2006/11/10 16:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/10/25 12:54:54 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

========== LOP Check ==========

[2010/08/04 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Epson
[2011/11/26 16:45:16 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\GARMIN
[2011/07/23 07:19:58 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\go
[2008/08/24 11:29:16 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\InterTrust
[2009/10/28 04:35:04 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Leader Technologies
[2009/10/27 19:46:06 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Leadertech
[2011/05/25 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\PCDr
[2009/02/02 18:53:52 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Template
[2011/10/13 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\webex
[2011/03/02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke
[2012/02/12 13:12:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/10 18:11:55 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/12 13:13:06 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/02/12 08:48:41 | 000,014,902 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/03/07 15:38:41 | 000,004,692 | RH-- | M] () -- C:\dell.sdr
[2010/11/28 10:23:38 | 000,000,090 | ---- | M] () -- C:\error.log
[2008/03/07 08:02:43 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2008/03/07 08:02:43 | 000,022,729 | ---- | M] () -- C:\newkey
[2012/02/10 18:13:05 | 2450,845,696 | -HS- | M] () -- C:\pagefile.sys
[2008/03/07 08:21:03 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2012/01/30 17:40:38 | 000,003,128 | ---- | M] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}

< %systemroot%\Fonts\*.com >
[2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/09 04:28:45 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 01:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/01/18 11:38:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/03 04:48:58 | 000,000,574 | -HS- | M] () -- C:\Users\Carmen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/09 18:56:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
[2012/02/10 18:20:31 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
[2012/02/12 08:15:46 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\ComboFix.exe
[2011/11/26 16:39:46 | 011,194,616 | ---- | M] (Garmin International) -- C:\Users\Carmen\Desktop\GarminLifetimeUpdaterInstaller.exe
[2012/02/09 13:42:00 | 000,302,592 | ---- | M] () -- C:\Users\Carmen\Desktop\gmer.exe
[2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
[2010/06/22 20:30:27 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Carmen\Desktop\SkypeSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/28 10:23:23 | 000,000,402 | -HS- | M] () -- C:\Users\Carmen\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/02/09 13:27:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

 

[alhoover81]

Extras log

OTL Extras logfile created on: 2/12/2012 1:09:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carmen\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.60% Memory free
4.22 Gb Paging File | 2.64 Gb Available in Paging File | 62.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 47.02 Gb Free Space | 47.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.62% Space Free | Partition Type: NTFS

Computer Name: CARMEN-PC | User Name: Carmen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00134A53-F718-4503-BD0F-B9B93E0E4790}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{070C7B6B-37DA-4B6D-8F82-D7D1A97F6700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1122A53E-316E-45C2-BB49-9A0760CD7760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1C8BA6A4-1159-4F5A-B160-0AE13102A6E5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2416422B-0500-474B-9C62-1EB6B519547C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{320CE166-BBA8-4E10-BC13-8690ABCE9AA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{32F453C8-ECF1-42EA-BFCE-D6537592EE83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{3D1E42E2-C173-4AF6-9B84-DF430A6F3B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41C5D45B-D730-4DF6-A8D5-CC78C06614CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5651361D-22A3-4C70-AD56-7E966AC908B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59FC0D57-5885-4F4C-A922-E928B4BA81DB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6B64890A-BBAE-426D-92CE-6BB2C7D1F01A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{82897144-502C-43D1-BCCD-B7DFD66B3310}" = rport=10243 | protocol=6 | dir=out | app=system |
"{83B33E06-3C72-4493-855F-BD1B30CA24CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88BAEF85-522E-4BB9-934D-18A8BDE26781}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8535CCF-C6E9-4DA1-B0B7-C12AF82AAD42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1FE4432-9AE4-41EB-8930-9A397985A0EB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B5904BF5-5407-4A2E-A736-AC1C7E60CFCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DA0D5FC7-CF3D-4930-9F9D-9E3F6A26A1A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1E8A144-7EEF-4A7E-A3AB-24B4128F3667}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0333117-15E2-4C6D-B6F9-4909DE29D204}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F68747C6-48D0-49A4-BED0-608DB22FA169}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FF257B1-D444-4068-9312-0D83E2FE8E6F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1EC58C67-8B80-461C-9F4A-16972D14180D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{23EC96FD-F597-4CD9-8562-D6630F8110EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2B0BC0EE-D13F-454F-857A-6813B7AA5638}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{38B3FF6A-CA4F-4341-B9C4-E338FEE4D085}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{39FC16AB-BCD9-416E-BE7D-BEF8E3E4CFA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F7B96A1-DA92-46C7-972C-B058D2B445C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5C6EB85C-F721-4A19-A755-EC0453B26FA1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{7B8424F4-6AB0-43D3-AAB7-7514EFD9DE1B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{7C069038-8EF0-4B3C-8D4C-6C46D9EEB8AC}" = protocol=6 | dir=out | app=system |
"{80E92E85-01CD-4686-BEDE-0EBC96693F1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{817B5611-1E27-41BA-8E0E-16C98640148D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8C33C779-AAD6-41FD-A499-C434E3A3A3C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{946895DD-7AA0-4769-8996-6F09E6C6664D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{954E78C7-B893-43C7-A88C-84F048F4FA60}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{96B3C632-64A9-4BF9-BD5F-C8FEE7106A2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ACBAC05C-1E88-4AA5-B889-472A8D49BACF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AFA9EF25-56B6-4AFE-8DEE-C81FC84B9535}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B4764AAB-7048-463C-B713-48ADC76F0621}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{C3C48731-7C9A-49F3-9634-7D769B53F41C}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{C3C5B145-283B-428C-9F0E-C5843A7B70BE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{CAA7AF37-9AE0-41BB-93A0-2A9CFF6FDBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CBC47604-3B28-4D25-B1C7-1EE09964314C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D2437257-1EF0-436E-826F-D77A1293CED6}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D63CC2A4-0CC3-4D42-9E0B-D200AF4C8658}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D831CA9E-44C7-4051-A1D2-84EBA3F7C72F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D9F669FE-7194-460A-9244-AEFA8A90C863}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4D98FC2-3C6D-479A-A587-3A681510F536}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE49F32D-D03A-4B05-B152-D51621FABE6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB10AE42-EE39-426E-BF0D-4336CA8D3D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4D32B257-9F91-456C-ADB6-248EF460C1CB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{574B0E66-8A85-4786-A6CC-89CA4421EE2F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{07ACD282-5D2F-449E-8E51-5C8729981114}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{B79A93D9-CDF2-4AEB-88AB-287D31C8DCB9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{07453869-D17D-4159-A23D-0A956CE96448}" = ArcSoft Print Creations
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = ZTE Mobile Connection Manager
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"ActiveTouchMeetingClient" = WebEx
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Support Center" = Dell Support Center
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"LTCM Client" = LTCM Client
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360
"Network MagicUninstall" = Network Magic
"NSS" = Norton Security Scan
"NST" = Norton Safe Web Lite
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"WhiteSmoke" = WhiteSmoke
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = EasyBits GO

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/8/2012 7:51:28 PM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
Description =

Error - 2/8/2012 11:02:42 PM | Computer Name = Carmen-PC | Source = EventSystem | ID = 4621
Description =

Error - 2/8/2012 11:02:50 PM | Computer Name = Carmen-PC | Source = ESENT | ID = 505
Description = wuaueng.dll (1224) SUS20ClientDataStore: An attempt to open the compressed
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write
access failed because it could not be converted to a normal file. The open file
operation will fail with error -4005 (0xfffff05b). To prevent this error in the
future you can manually decompress the file and change the compression state of
the containing folder to uncompressed. Writing to this file when it is compressed
is not supported.

Error - 2/9/2012 9:55:58 AM | Computer Name = Carmen-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a,
exception code 0xc0000005, fault offset 0x003c464f, process id 0x940, application
start time 0x01cce731fa0a9c0d.

Error - 2/9/2012 3:15:24 PM | Computer Name = Carmen-PC | Source = EventSystem | ID = 4622
Description =

Error - 2/10/2012 8:19:55 PM | Computer Name = Carmen-PC | Source = Perflib | ID = 1010
Description =

Error - 2/10/2012 8:19:59 PM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
Description =

Error - 2/12/2012 10:12:53 AM | Computer Name = Carmen-PC | Source = Perflib | ID = 1010
Description =

Error - 2/12/2012 10:12:55 AM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
Description =

Error - 2/12/2012 11:00:18 AM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
Description =

[ OSession Events ]
Error - 10/19/2008 1:29:10 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88665
seconds with 6060 seconds of active time. This session ended with a crash.

Error - 12/8/2008 9:06:39 AM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 82978
seconds with 4680 seconds of active time. This session ended with a crash.

Error - 11/15/2009 8:55:48 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3532
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 4/25/2010 12:34:36 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15832
seconds with 3060 seconds of active time. This session ended with a crash.

Error - 10/6/2010 8:16:42 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/12/2012 10:25:48 AM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/12/2012 10:35:33 AM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/12/2012 10:41:48 AM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 2/12/2012 3:01:16 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/12/2012 3:01:17 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/12/2012 3:01:21 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/12/2012 3:01:23 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/12/2012 3:01:25 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/12/2012 3:01:27 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/12/2012 3:01:29 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

 

[Broni]

I can't continue because you didn't answer my question:

How is computer doing?

 

[alhoover81]

Sorry. I don't really know. I will have to give it back to the lady who it belongs to. I will send it to her tomorrow and have her use it and then get the input from her. I uninstalled software that she didn't even need or use. She had several anti-virus programs, and she told me she only bought one. I will get back with you on how it is working as soon as she lets me know.

 

[Broni]

No. We're not done. I need YOU to check how things are.

 

[alhoover81]

i think it is running faster and better. before it was taken 10 min or longer just to start up. I am going to run a full virus scan tonight, to make sure it no longer pops up anything. She told me Norton was always finding some virus, and it was causing problems on her laptop. I noticed even the internet is running better. She had 3 virus software programs on her computer and she had never cleaned it, like with ccleaner. Is there anything in particular I need to look for or any other scnas I might need to do?

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
  IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
  O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
  O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
  O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
  O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Domains: localhost ([]http in Local intranet)
  O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Ranges: GD ([http] in Local intranet)
  [2011/03/02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[alhoover81]

New OTL log

OTL logfile created on: 2/13/2012 6:05:17 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carmen\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.23% Memory free
4.22 Gb Paging File | 2.57 Gb Available in Paging File | 61.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.23 Gb Total Space | 60.87 Gb Free Space | 61.35% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.62% Space Free | Partition Type: NTFS

Computer Name: CARMEN-PC | User Name: Carmen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/04/11 00:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/12/21 09:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 05:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/07 16:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/09/07 00:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/07 00:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/07 00:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/08/27 23:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 05:45:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
MOD - [2012/01/11 05:45:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
MOD - [2011/10/13 15:00:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 14:58:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2007/12/14 21:54:06 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/12/12 00:01:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/28 18:31:25 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011/02/15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV - [2012/02/08 18:27:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/02/08 18:27:30 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/28 04:19:42 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/28 04:19:42 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/06 22:15:07 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/07 00:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/27 23:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 09 5D 14 9B C3 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/12 06:16:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 17:07:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/08 22:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/10 18:14:20 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

O1 HOSTS File: ([2012/02/12 08:41:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Windows\System32\qttask.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062FBCAD-1BE0-4E78-A4E8-285B5BE5135A}: DhcpNameServer = 192.168.1.1 24.159.64.23 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2E8D66-A0DF-4FFD-ABBD-0163C1E4B4FB}: DhcpNameServer = 192.168.2.1 192.168.1.254
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 13:12:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/02/12 13:06:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
[2012/02/12 13:02:08 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2012/02/12 08:49:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/12 08:48:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\temp
[2012/02/12 08:21:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/12 08:21:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/12 08:21:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/12 08:21:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/12 08:21:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/12 08:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/10 18:20:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
[2012/02/09 18:55:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
[2012/02/09 13:54:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
[2012/02/09 13:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/09 13:25:49 | 000,026,672 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\pnarp.sys
[2012/02/09 13:24:26 | 000,027,696 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\purendis.sys
[2012/02/09 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/09 12:52:42 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Roaming\Malwarebytes
[2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/09 12:52:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/09 12:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/09 12:28:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/02/09 07:52:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4D777996-B5B9-42A5-8A42-4F6E69F05135}
[2012/02/09 07:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6B47D91-37A2-41FF-AFDA-3797433EF7B7}
[2012/02/08 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/08 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/08 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8A9B67BA-04E7-47BD-A46A-079EB1BDC3F7}
[2012/01/31 05:38:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FD9FD575-3166-4040-8144-ED07F6B7FB1B}
[2012/01/31 05:38:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{69AD96E4-9019-4BAB-97D8-9212B1D509B5}
[2012/01/30 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE4E1254-5161-4AE1-B6CE-65D729A2794E}
[2012/01/30 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9311BD5D-BD4A-404B-AAE6-A204F2396C05}
[2012/01/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9BFC352D-9628-4B34-8A19-3BFC9C52F441}
[2012/01/29 21:30:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6C51CE1-DC82-439C-9C78-3BCBF7E74D83}
[2012/01/28 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B770D65B-98CE-4D9B-A4B6-3E1F5211ABBE}
[2012/01/28 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FFC26A4B-D4FB-4DD8-828F-5C77B784CF37}
[2012/01/27 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E80E3F77-C3FE-41CD-AA2A-F972ACD08AA5}
[2012/01/27 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{504FC1E2-4FCC-4E04-9950-6B79E964A64A}
[2012/01/26 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F413D285-720B-4977-97A1-CD3DF39BFA76}
[2012/01/26 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{430475DA-1D80-4DFA-83C0-DAB1007172C1}
[2012/01/26 05:39:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0F3BC3D5-1F79-462E-BCDB-ECAC8AD5188B}
[2012/01/26 05:39:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B66D0372-ADBA-4D60-8A9D-216296ED8365}
[2012/01/25 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A95153E8-42D1-45D1-B383-5E0D0B0E43A3}
[2012/01/25 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D0F9ECD2-C563-4754-AC63-2DB3FE0532E3}
[2012/01/25 05:38:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E6F3E526-F148-4D05-B95D-9A08EA0A1D09}
[2012/01/25 05:38:04 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{587E446F-8913-4C1D-9AA9-FC6746662CBE}
[2012/01/24 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{2C12B25F-5BD8-4577-B74F-19D084EA0FFF}
[2012/01/24 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{30B961DB-905D-45E4-9026-FB475E8AD76D}
[2012/01/24 05:36:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F0D0E600-3F03-49B5-812A-AEED3219B762}
[2012/01/24 05:36:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{151DA06A-0164-4613-A898-DB22B5A5BB88}
[2012/01/23 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A6DF4A03-B234-47AC-B8C6-D594C965EF8E}
[2012/01/23 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4EAE4A8A-67C0-40FF-B769-A2593FF2D10D}
[2012/01/22 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0A35C6E0-818F-43EE-84CC-55194632941E}
[2012/01/22 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EC15F02A-AA7D-411F-A337-98181F4EB7EB}
[2012/01/22 13:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\security1
[2012/01/22 10:03:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Apps
[2012/01/22 09:17:07 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{36AF7653-1DFA-45DE-A72B-239322A378A2}
[2012/01/22 09:16:53 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{88CAB705-EA63-4D31-8927-BC314D99EEF7}
[2012/01/21 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{11A7AE9C-4816-4486-B2A5-0414823A06E7}
[2012/01/21 06:22:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Conduit
[2012/01/21 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\System
[2012/01/21 05:55:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{7FE3D98B-E363-4BC9-B5F0-B4F28C47DB03}
[2012/01/21 05:54:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9872670C-6235-484D-BEC3-F4131BBE463D}
[2012/01/20 16:36:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CBA5E7A9-0E01-44F9-A4CD-C81117AFC440}
[2012/01/20 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{60BE822B-2C41-4093-B12F-96F523614792}
[2012/01/20 04:35:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{3416D9BF-7BBC-4674-BBC9-4A21B0E7FF16}
[2012/01/20 04:35:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DE9685C2-7A49-4AD1-8DB1-8A0B258DB334}
[2012/01/19 04:30:49 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EB2BE341-3DF9-418A-BA10-8D2648CC4039}
[2012/01/19 04:30:30 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E85A1CF6-3897-48F2-9BF9-F11EA3352E9F}
[2012/01/18 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{84C37193-1D1B-4ED0-9857-EE1579F8C253}
[2012/01/18 16:26:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8D826B8F-921C-408B-AF07-BE7E8E1ED04E}
[2012/01/17 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A696B82A-C493-44E7-A92C-453CB810A47B}
[2012/01/17 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4FD5CC71-8687-4FBF-8BC7-42B8EEB53DF1}
[2012/01/17 04:34:10 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{574E080C-FEB4-49CA-9C98-48D259A2E757}
[2012/01/17 04:33:57 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1598BF2D-B0E4-49F3-BDCC-EA6955D8E959}
[2012/01/16 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1D04F414-C7F5-4CFF-96EE-7DF8C50368DB}
[2012/01/16 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FA38D31A-9AE1-423C-98EC-7CBC0421172F}
[2012/01/15 23:15:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{75CC9E34-B9CA-42E4-8111-1E3C070577FC}
[2012/01/15 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E5DA6508-D2F0-4399-BD28-6DE159A30774}
[2012/01/15 23:04:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE17ADD0-16C0-46F8-99D7-7825DEFB2E64}
[2012/01/15 08:40:41 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{6DEFF753-5FE3-41F7-9647-0543A41B652D}
[2012/01/15 08:40:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9C10798A-C870-4584-B358-A54F89E83923}
[2012/01/14 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DB363842-2693-4256-8D7B-798F6E62CD13}
[2012/01/14 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B87299FF-6EB5-44D6-B240-87CC19797066}
[2012/01/14 07:21:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{46B249FF-0B10-4CAE-89E1-AACCBDDFA12C}
[2012/01/14 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{291426BE-65F3-4CDF-8569-F51C31566069}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[alhoover81]

========== Files - Modified Within 30 Days ==========

[2012/02/13 06:09:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 06:09:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/12 23:11:12 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Carmen.job
[2012/02/12 20:26:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000UA.job
[2012/02/12 20:22:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 20:21:34 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000Core.job
[2012/02/12 20:14:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 20:08:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/12 20:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/12 13:12:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
[2012/02/12 08:41:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/10 18:20:31 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
[2012/02/09 19:14:02 | 000,000,512 | ---- | M] () -- C:\Users\Carmen\Desktop\MBR.dat
[2012/02/09 18:56:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
[2012/02/09 18:47:59 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/09 18:47:02 | 260,852,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/09 13:54:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
[2012/02/09 13:42:00 | 000,302,592 | ---- | M] () -- C:\Users\Carmen\Desktop\gmer.exe
[2012/02/09 13:32:05 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/09 13:27:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2012/02/09 13:26:31 | 002,349,520 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
[2012/02/09 12:52:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 19:16:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/08 19:16:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/08 18:07:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/02/08 17:47:40 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/01/30 17:40:38 | 000,003,128 | ---- | M] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
[2012/01/27 23:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
[2012/01/26 05:05:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/25 18:39:27 | 000,002,627 | ---- | M] () -- C:\Users\Carmen\Desktop\Microsoft Office Word 2007.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 13:12:37 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/12 13:12:34 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/12 08:21:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/12 08:21:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/12 08:21:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/12 08:21:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/12 08:21:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/09 19:14:02 | 000,000,512 | ---- | C] () -- C:\Users\Carmen\Desktop\MBR.dat
[2012/02/09 18:47:02 | 260,852,946 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/09 13:42:00 | 000,302,592 | ---- | C] () -- C:\Users\Carmen\Desktop\gmer.exe
[2012/02/09 13:32:05 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/09 12:52:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/08 18:07:24 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/30 17:40:37 | 000,003,128 | ---- | C] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
[2011/06/23 16:50:40 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2010/10/14 20:19:14 | 000,001,940 | ---- | C] () -- C:\Users\Carmen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/22 20:36:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/18 20:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/18 20:38:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/18 20:38:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/16 22:52:07 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/10/26 19:34:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/10/26 19:34:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/10/26 19:34:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/10/26 19:34:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/10/26 19:34:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/10/26 19:34:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/10/26 19:34:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/10/26 19:34:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/10/26 19:34:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/10/26 19:34:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/10/26 19:34:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/10/26 19:34:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/10/26 19:22:59 | 000,000,079 | ---- | C] () -- C:\Windows\EPNX510.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/02/21 20:44:08 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2009/02/21 20:44:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2009/02/02 18:53:50 | 000,000,000 | ---- | C] () -- C:\Users\Carmen\AppData\Roaming\wklnhst.dat
[2008/08/24 11:25:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
[2008/03/17 11:22:47 | 000,000,680 | ---- | C] () -- C:\Users\Carmen\AppData\Local\d3d9caps.dat
[2008/03/11 16:06:51 | 000,046,592 | ---- | C] () -- C:\Users\Carmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 15:38:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/03/07 15:38:31 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/07 15:38:31 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/07 15:38:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/03/07 15:38:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/07 08:02:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/03/07 08:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/03/07 07:57:19 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2006/11/10 16:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/10/25 12:54:54 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

========== Custom Scans ==========


< >

< SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) >

< IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found >

< O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

< O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found >

< O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found >

< O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found >

< O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) >
Invalid Switch: ultrashim.cab (Reg Error: Key error.)


< O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) >

< O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
Invalid Switch: gp.cab (Reg Error: Key error.)


< O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Domains: localhost ([]http in Local intranet) >

< O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Ranges: GD ([http] in Local intranet) >

< [2011/03/02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke >
Invalid Switch: 02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke


< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyjava] >

< [emptyflash] >

< [Reboot] >

< End of report >