TechSpot

Computer with a problem

By alhoover81
Feb 8, 2012
  1. A co-worker of my mom's has asked I help get a virus off her computer. I was hoping to get help from here since I do not like messing with the registry without step by step examples. I do not know to much, other than there is to much that starts up on her computer, that it took 10 minutes for it to finish starting. I do not want to start any scans until I know exactly which ones to run. Hope I can get some help like I have in the past.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You abandoned this topic in the near past: http://www.techspot.com/vb/topic175660.html
    If it happens again you will be prohibited from receiving any more help in this forum.


    =============================================================
    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Sorry about the last forum. I got sick and technically I still am, but I forgot about my mom's computer, since she isn't using it right now. I am updating her computer, something the teacher hasn't done, as soon as it is finished I will start doing what you said to do. I will go back to my mom's computer after this one gets finished.
     
  4. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    MBAM log

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.09.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Carmen :: CARMEN-PC [administrator]

    Protection: Enabled

    2/9/2012 12:53:56 PM
    mbam-log-2012-02-09 (12-53-56).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 176277
    Time elapsed: 10 minute(s), 1 second(s)

    Memory Processes Detected: 1
    C:\Program Files\System\Driver\app.exe (Adware.Agent) -> 5140 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 9
    HKCR\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Quarantined and deleted successfully.

    Registry Values Detected: 5
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Svc32 (Adware.Agent) -> Data: C:\Program Files\System\Driver\app.exe -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} (PUP.Dealio.TB) -> Data: Dealio Toolbar -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio.TB) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\DEALIO TOOLBAR\SEARCHSETTINGS.DLL (PUP.Dealio.TB) -> Data: 1 -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES\DEALIO TOOLBAR\SEARCHSETTINGS.EXE (PUP.Dealio.TB) -> Data: 1 -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\Program Files\Dealio Toolbar (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res (PUP.Dealio.TB) -> Quarantined and deleted successfully.

    Files Detected: 31
    C:\Program Files\System\Driver\app.exe (Adware.Agent) -> Delete on reboot.
    C:\Program Files\Dealio Toolbar\sscfg.ini (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\config.ini (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\SearchSettings.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\SearchSettings.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\SearchSettingsRes409.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\WidgiHelper.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\amazon.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\apple.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\barnes.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\bestbuy.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\dealio_logo.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\dealio_logo_hover.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\ebay.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\icon_settings.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\macys.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\newegg.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\overstock.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search-button-hover.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search-button.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search-chevron-hover.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search-chevron.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search_amazon.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search_dealio.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search_ebay.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\search_yahoo.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\separator.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\target.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\walmart.gif (PUP.Dealio.TB) -> Quarantined and deleted successfully.
    C:\Program Files\Dealio Toolbar\Res\widgets.xml (PUP.Dealio.TB) -> Quarantined and deleted successfully.

    (end)
     
  5. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    GMER log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-09 13:47:53
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB21
    Running: gmer.exe; Driver: C:\Users\Carmen\AppData\Local\Temp\uxdirpoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    DDS log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Carmen at 13:55:52 on 2012-02-09
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.452 [GMT -6:00]
    .
    AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\aestsrv.exe
    C:\Windows\system32\atashost.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\qttask.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.msn.com
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    uURLSearchHooks: H - No File
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\YTNavAssist.dll
    uURLSearchHooks: H - No File
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.0.1.8\coIEPlg.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: {2EDAB3A3-7A05-4ADD-946C-7222BD62FA88} - No File
    uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
    uRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\windows\temp\E_SE7E0.tmp" /EF "HKCU"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] c:\windows\system32\qttask.exe
    mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
    mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\users\carmen\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - e:\common\epsonreg\EpsonReg.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
    TCP: Interfaces\{062FBCAD-1BE0-4E78-A4E8-285B5BE5135A} : DhcpNameServer = 192.168.1.1 24.159.64.23 24.217.201.67
    TCP: Interfaces\{6F2E8D66-A0DF-4FFD-ABBD-0163C1E4B4FB} : DhcpNameServer = 192.168.2.1 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-1-31 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-1-31 744568]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20120207.003\BHDrvx86.sys [2012-2-8 820344]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20120208.002\IDSvix86.sys [2012-2-8 368248]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-1-31 136312]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-1-31 331384]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-3-7 73728]
    R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-1-16 20376]
    R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-6-8 21504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-8 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-9 652360]
    R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-1-31 130008]
    R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.0.1.8\ccSvcHst.exe [2010-8-8 126904]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-9 106104]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-3-7 111104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-9 20464]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-15 183560]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-17 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-3-7 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-02-09 19:32:00 -------- dc----w- c:\program files\Pure Networks
    2012-02-09 19:25:49 26672 -c--a-w- c:\windows\system32\drivers\pnarp.sys
    2012-02-09 19:24:26 27696 -c--a-w- c:\windows\system32\drivers\purendis.sys
    2012-02-09 19:24:21 -------- dc----w- c:\program files\common files\Pure Networks Shared
    2012-02-09 18:52:42 -------- dc----w- c:\users\carmen\appdata\roaming\Malwarebytes
    2012-02-09 18:52:33 -------- dc----w- c:\programdata\Malwarebytes
    2012-02-09 18:52:32 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-09 18:52:32 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-09 18:28:28 -------- dc----w- c:\windows\pss
    2012-02-09 13:52:45 -------- dc----w- c:\users\carmen\appdata\local\{4D777996-B5B9-42A5-8A42-4F6E69F05135}
    2012-02-09 13:52:22 -------- dc----w- c:\users\carmen\appdata\local\{D6B47D91-37A2-41FF-AFDA-3797433EF7B7}
    2012-02-09 00:07:13 -------- dc----w- c:\program files\CCleaner
    2012-02-08 23:50:50 -------- dc----w- c:\users\carmen\appdata\local\{8A9B67BA-04E7-47BD-A46A-079EB1BDC3F7}
    2012-01-31 11:38:27 -------- dc----w- c:\users\carmen\appdata\local\{FD9FD575-3166-4040-8144-ED07F6B7FB1B}
    2012-01-31 11:38:15 -------- dc----w- c:\users\carmen\appdata\local\{69AD96E4-9019-4BAB-97D8-9212B1D509B5}
    2012-01-31 11:18:33 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
    2012-01-31 11:18:33 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
    2012-01-31 11:18:32 744568 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
    2012-01-31 11:18:32 516216 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
    2012-01-31 11:18:32 50168 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
    2012-01-31 11:18:32 340088 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
    2012-01-31 11:18:32 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
    2012-01-31 11:17:48 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
    2012-01-30 23:37:23 -------- dc----w- c:\users\carmen\appdata\local\{CE4E1254-5161-4AE1-B6CE-65D729A2794E}
    2012-01-30 23:37:08 -------- dc----w- c:\users\carmen\appdata\local\{9311BD5D-BD4A-404B-AAE6-A204F2396C05}
    2012-01-30 03:30:52 -------- dc----w- c:\users\carmen\appdata\local\{9BFC352D-9628-4B34-8A19-3BFC9C52F441}
    2012-01-30 03:30:37 -------- dc----w- c:\users\carmen\appdata\local\{D6C51CE1-DC82-439C-9C78-3BCBF7E74D83}
    2012-01-29 03:07:15 -------- dc----w- c:\users\carmen\appdata\local\{B770D65B-98CE-4D9B-A4B6-3E1F5211ABBE}
    2012-01-29 03:06:58 -------- dc----w- c:\users\carmen\appdata\local\{FFC26A4B-D4FB-4DD8-828F-5C77B784CF37}
    2012-01-28 02:31:34 -------- dc----w- c:\users\carmen\appdata\local\{E80E3F77-C3FE-41CD-AA2A-F972ACD08AA5}
    2012-01-28 02:31:16 -------- dc----w- c:\users\carmen\appdata\local\{504FC1E2-4FCC-4E04-9950-6B79E964A64A}
    2012-01-27 02:00:35 -------- dc----w- c:\users\carmen\appdata\local\{F413D285-720B-4977-97A1-CD3DF39BFA76}
    2012-01-27 02:00:16 -------- dc----w- c:\users\carmen\appdata\local\{430475DA-1D80-4DFA-83C0-DAB1007172C1}
    2012-01-26 11:39:58 -------- dc----w- c:\users\carmen\appdata\local\{0F3BC3D5-1F79-462E-BCDB-ECAC8AD5188B}
    2012-01-26 11:39:45 -------- dc----w- c:\users\carmen\appdata\local\{B66D0372-ADBA-4D60-8A9D-216296ED8365}
    2012-01-25 23:39:11 -------- dc----w- c:\users\carmen\appdata\local\{A95153E8-42D1-45D1-B383-5E0D0B0E43A3}
    2012-01-25 23:38:51 -------- dc----w- c:\users\carmen\appdata\local\{D0F9ECD2-C563-4754-AC63-2DB3FE0532E3}
    2012-01-25 11:38:19 -------- dc----w- c:\users\carmen\appdata\local\{E6F3E526-F148-4D05-B95D-9A08EA0A1D09}
    2012-01-25 11:38:04 -------- dc----w- c:\users\carmen\appdata\local\{587E446F-8913-4C1D-9AA9-FC6746662CBE}
    2012-01-24 23:37:33 -------- dc----w- c:\users\carmen\appdata\local\{2C12B25F-5BD8-4577-B74F-19D084EA0FFF}
    2012-01-24 23:37:18 -------- dc----w- c:\users\carmen\appdata\local\{30B961DB-905D-45E4-9026-FB475E8AD76D}
    2012-01-24 11:36:44 -------- dc----w- c:\users\carmen\appdata\local\{F0D0E600-3F03-49B5-812A-AEED3219B762}
    2012-01-24 11:36:27 -------- dc----w- c:\users\carmen\appdata\local\{151DA06A-0164-4613-A898-DB22B5A5BB88}
    2012-01-23 23:35:55 -------- dc----w- c:\users\carmen\appdata\local\{A6DF4A03-B234-47AC-B8C6-D594C965EF8E}
    2012-01-23 23:35:28 -------- dc----w- c:\users\carmen\appdata\local\{4EAE4A8A-67C0-40FF-B769-A2593FF2D10D}
    2012-01-23 03:18:02 -------- dc----w- c:\users\carmen\appdata\local\{0A35C6E0-818F-43EE-84CC-55194632941E}
    2012-01-23 03:17:50 -------- dc----w- c:\users\carmen\appdata\local\{EC15F02A-AA7D-411F-A337-98181F4EB7EB}
    2012-01-22 19:37:34 -------- dc----w- c:\program files\security1
    2012-01-22 16:03:15 -------- dc----w- c:\users\carmen\appdata\local\Apps
    2012-01-22 15:17:07 -------- dc----w- c:\users\carmen\appdata\local\{36AF7653-1DFA-45DE-A72B-239322A378A2}
    2012-01-22 15:16:53 -------- dc----w- c:\users\carmen\appdata\local\{88CAB705-EA63-4D31-8927-BC314D99EEF7}
    2012-01-21 23:55:44 -------- dc----w- c:\users\carmen\appdata\local\{11A7AE9C-4816-4486-B2A5-0414823A06E7}
    2012-01-21 12:22:24 -------- dc----w- c:\users\carmen\appdata\local\Conduit
    2012-01-21 12:16:13 -------- dc----w- c:\program files\System
    2012-01-21 11:55:11 -------- dc----w- c:\users\carmen\appdata\local\{7FE3D98B-E363-4BC9-B5F0-B4F28C47DB03}
    2012-01-21 11:54:58 -------- dc----w- c:\users\carmen\appdata\local\{9872670C-6235-484D-BEC3-F4131BBE463D}
    2012-01-20 22:36:29 -------- dc----w- c:\users\carmen\appdata\local\{CBA5E7A9-0E01-44F9-A4CD-C81117AFC440}
    2012-01-20 22:36:13 -------- dc----w- c:\users\carmen\appdata\local\{60BE822B-2C41-4093-B12F-96F523614792}
    2012-01-20 10:35:37 -------- dc----w- c:\users\carmen\appdata\local\{3416D9BF-7BBC-4674-BBC9-4A21B0E7FF16}
    2012-01-20 10:35:23 -------- dc----w- c:\users\carmen\appdata\local\{DE9685C2-7A49-4AD1-8DB1-8A0B258DB334}
    2012-01-19 10:30:49 -------- dc----w- c:\users\carmen\appdata\local\{EB2BE341-3DF9-418A-BA10-8D2648CC4039}
    2012-01-19 10:30:30 -------- dc----w- c:\users\carmen\appdata\local\{E85A1CF6-3897-48F2-9BF9-F11EA3352E9F}
    2012-01-18 22:26:38 -------- dc----w- c:\users\carmen\appdata\local\{84C37193-1D1B-4ED0-9857-EE1579F8C253}
    2012-01-18 22:26:24 -------- dc----w- c:\users\carmen\appdata\local\{8D826B8F-921C-408B-AF07-BE7E8E1ED04E}
    2012-01-18 00:39:05 -------- dc----w- c:\users\carmen\appdata\local\{A696B82A-C493-44E7-A92C-453CB810A47B}
    2012-01-18 00:38:48 -------- dc----w- c:\users\carmen\appdata\local\{4FD5CC71-8687-4FBF-8BC7-42B8EEB53DF1}
    2012-01-17 10:34:10 -------- dc----w- c:\users\carmen\appdata\local\{574E080C-FEB4-49CA-9C98-48D259A2E757}
    2012-01-17 10:33:57 -------- dc----w- c:\users\carmen\appdata\local\{1598BF2D-B0E4-49F3-BDCC-EA6955D8E959}
    2012-01-16 19:40:21 -------- dc----w- c:\users\carmen\appdata\local\{1D04F414-C7F5-4CFF-96EE-7DF8C50368DB}
    2012-01-16 19:40:09 -------- dc----w- c:\users\carmen\appdata\local\{FA38D31A-9AE1-423C-98EC-7CBC0421172F}
    2012-01-16 05:15:19 -------- dc----w- c:\users\carmen\appdata\local\{75CC9E34-B9CA-42E4-8111-1E3C070577FC}
    2012-01-16 05:11:29 -------- dc----w- c:\users\carmen\appdata\local\{E5DA6508-D2F0-4399-BD28-6DE159A30774}
    2012-01-16 05:04:08 -------- dc----w- c:\users\carmen\appdata\local\{CE17ADD0-16C0-46F8-99D7-7825DEFB2E64}
    2012-01-15 14:40:41 -------- dc----w- c:\users\carmen\appdata\local\{6DEFF753-5FE3-41F7-9647-0543A41B652D}
    2012-01-15 14:40:23 -------- dc----w- c:\users\carmen\appdata\local\{9C10798A-C870-4584-B358-A54F89E83923}
    2012-01-15 01:22:25 -------- dc----w- c:\users\carmen\appdata\local\{DB363842-2693-4256-8D7B-798F6E62CD13}
    2012-01-15 01:22:12 -------- dc----w- c:\users\carmen\appdata\local\{B87299FF-6EB5-44D6-B240-87CC19797066}
    2012-01-14 13:21:29 -------- dc----w- c:\users\carmen\appdata\local\{46B249FF-0B10-4CAE-89E1-AACCBDDFA12C}
    2012-01-14 13:21:08 -------- dc----w- c:\users\carmen\appdata\local\{291426BE-65F3-4CDF-8569-F51C31566069}
    2012-01-14 00:43:44 -------- dc----w- c:\users\carmen\appdata\local\{70A12C4E-C05C-49B2-A70F-6C01743393AE}
    2012-01-14 00:43:28 -------- dc----w- c:\users\carmen\appdata\local\{57ACF140-D182-422C-8919-0DC29C21E557}
    2012-01-13 11:55:25 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-13 11:55:25 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-13 11:55:25 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-13 11:55:25 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-13 11:55:25 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-13 11:55:25 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-13 02:09:42 -------- dc----w- c:\users\carmen\appdata\local\{778062CA-441E-4508-AC7F-D506037DB75D}
    2012-01-13 02:09:15 -------- dc----w- c:\users\carmen\appdata\local\{BB9C77A0-4515-4662-B904-005AB9387135}
    2012-01-12 11:34:08 -------- dc----w- c:\users\carmen\appdata\local\{59CEB853-0666-40C6-8B5D-973893D268D4}
    2012-01-12 11:33:55 -------- dc----w- c:\users\carmen\appdata\local\{4751F828-0AC9-421D-BA34-CC309F27962F}
    2012-01-11 11:34:54 23552 ----a-w- c:\windows\system32\mciseq.dll
    2012-01-11 11:34:54 189952 ----a-w- c:\windows\system32\winmm.dll
    2012-01-11 11:34:50 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 11:34:46 66560 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 11:34:44 376320 ----a-w- c:\windows\system32\winsrv.dll
    2012-01-11 11:34:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-01-11 11:33:49 497152 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 11:33:49 1314816 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 11:14:20 -------- dc----w- c:\users\carmen\appdata\local\{E60F0397-7E12-4C67-8428-A188C4AEFA41}
    2012-01-11 11:14:04 -------- dc----w- c:\users\carmen\appdata\local\{F1932442-60CE-462F-BDAD-87A1E6B02FE2}
    2012-01-10 23:04:58 -------- dc----w- c:\users\carmen\appdata\local\{3955DEAE-D4DA-4E65-9848-91AAAC30EF3C}
    2012-01-10 23:04:37 -------- dc----w- c:\users\carmen\appdata\local\{F4ECB546-99F7-4445-BD87-0A07E193EDF6}
    .
    ==================== Find3M ====================
    .
    2012-02-09 19:27:24 8892928 -c--a-w- c:\programdata\atscie.msi
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-21 21:30:22 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 13:58:04.24 ===============
     
  7. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 3/7/2008 7:47:03 AM
    System Uptime: 2/9/2012 1:16:48 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | Microprocessor | 1600/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 99 GiB total, 46.841 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 6.262 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP489: 1/14/2012 7:18:25 AM - Windows Update
    RP490: 2/8/2012 6:44:27 PM - Windows Update
    RP491: 2/9/2012 1:24:30 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
    RP492: 2/9/2012 1:25:50 PM - Device Driver Package Install: Cisco Systems, Inc. Network Protocol
    RP493: 2/9/2012 1:30:50 PM - Installed Cisco Network Magic
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Reader 8.3.1
    Adobe Shockwave Player 11
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AOL Install
    ArcSoft Print Creations
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Calendar
    Ask Toolbar
    Bing Bar
    Bing Rewards Client Installer
    Browser Address Error Redirector
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco Network Magic
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    D3DX10
    Dealio Toolbar v4.0.1
    Dell DataSafe Online
    Dell Getting Started Guide
    Dell Support Center
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card
    Digital Line Detect
    EarthLink Setup Files
    EasyBits GO
    Epson CreativeZone
    Epson Event Manager
    EPSON NX510 Series Printer Uninstall
    EPSON Scan
    EpsonNet Print
    EpsonNet Setup
    Garmin Lifetime Updater
    Google Chrome
    Google Desktop
    Google Talk (remove only)
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Internet Service Offers Launcher
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    LTCM Client
    Malwarebytes Anti-Malware version 1.60.1.1000
    Map Button (Windows Live Toolbar)
    MediaDirect
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Modem Diagnostic Tool
    MSVCRT
    Music, Photos & Videos Launcher
    NetWaiting
    Network Magic
    NetZeroInstallers
    Norton 360
    Norton Safe Web Lite
    Norton Security Scan
    OGA Notifier 2.0.0048.0
    OutlookAddinSetup
    Product Documentation Launcher
    Pure Networks Platform
    QuickSet
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Segoe UI
    Skype Click to Call
    Skype™ 5.5
    Smart Menus (Windows Live Toolbar)
    Spelling Dictionaries Support For Adobe Reader 8
    The Weather Channel Desktop 6
    The Weather Channel Toolbar
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    User's Guides
    WebEx
    WebEx Support Manager for Internet Explorer
    WhiteSmoke
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Software Update
    Yahoo! Toolbar
    ZTE Mobile Connection Manager
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/9/2012 1:19:57 PM, Error: Service Control Manager [7000] - The BCM42RLY service failed to start due to the following error: The system cannot find the file specified.
    2/9/2012 1:18:51 PM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
    2/9/2012 1:18:51 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    2/9/2012 1:18:03 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Photosmart 2570 series with shared resource name . Error 1215. The printer cannot be used by others on the network.
    2/9/2012 1:18:03 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Epson Stylus NX510(Network) with shared resource name . Error 1215. The printer cannot be used by others on the network.
    2/8/2012 7:10:29 PM, Error: Service Control Manager [7030] - The Creative OEM002 RunApp Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/8/2012 7:03:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/8/2012 7:03:16 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/8/2012 7:03:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Get well :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  9. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    MBR log


    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-09 18:56:37
    -----------------------------
    18:56:37.147 OS Version: Windows 6.0.6002 Service Pack 2
    18:56:37.147 Number of processors: 2 586 0xF0D
    18:56:37.151 ComputerName: CARMEN-PC UserName: Carmen
    18:56:54.516 Initialize success
    18:57:32.634 AVAST engine defs: 12020903
    19:00:53.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    19:00:53.105 Disk 0 Vendor: TOSHIBA_ LB21 Size: 114473MB BusType: 3
    19:00:53.137 Disk 0 MBR read successfully
    19:00:53.143 Disk 0 MBR scan
    19:00:53.155 Disk 0 Windows VISTA default MBR code
    19:00:53.162 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
    19:00:53.211 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 129024
    19:00:53.271 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101609 MB offset 21100544
    19:00:53.284 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 229195776
    19:00:53.330 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 229197824
    19:00:53.348 Disk 0 scanning sectors +234438656
    19:00:53.462 Disk 0 scanning C:\Windows\system32\drivers
    19:01:13.877 Service scanning
    19:01:15.579 Modules scanning
    19:01:32.993 Disk 0 trace - called modules:
    19:01:33.033 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    19:01:33.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cbb4b8]
    19:01:33.052 3 CLASSPNP.SYS[8899d8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8520c030]
    19:01:34.553 AVAST engine scan C:\Windows
    19:01:40.464 AVAST engine scan C:\Windows\system32
    19:07:40.718 AVAST engine scan C:\Windows\system32\drivers
    19:08:02.058 AVAST engine scan C:\Users\Carmen
    19:14:02.003 Disk 0 MBR has been saved successfully to "C:\Users\Carmen\Desktop\MBR.dat"
    19:14:02.014 The log file has been saved successfully to "C:\Users\Carmen\Desktop\aswMBR.txt"
     
  10. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Bootkit remover will not download the zip file at all. I save the zip file to the desktop, when I open if, it will open in Windows Photo gallery and not show any zip files.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

  12. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Boot Cleaner log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Basic Edition Service Pack 2 (build 600
    2), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`83f00000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    ComboFix log

    ComboFix 12-02-11.03 - Carmen 02/12/2012 8:26.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.648 [GMT -6:00]
    Running from: c:\users\Carmen\Desktop\ComboFix.exe
    AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll
    c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
    c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
    c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
    c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll
    c:\users\Carmen\AppData\Roaming\Microsoft\Windows\Recent\Epson CreativeZone.url
    c:\users\Carmen\Documents\~WRL0001.tmp
    c:\users\Carmen\Documents\~WRL0003.tmp
    c:\users\Carmen\Documents\~WRL0005.tmp
    c:\users\Carmen\Documents\~WRL0583.tmp
    c:\users\Carmen\Documents\~WRL1042.tmp
    c:\users\Carmen\Documents\~WRL2140.tmp
    c:\users\Carmen\Documents\~WRL2735.tmp
    c:\users\Carmen\Documents\~WRL3165.tmp
    c:\users\Carmen\Documents\~WRL3602.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-12 14:41 . 2012-02-12 14:41 -------- dc----w- c:\users\Carmen\AppData\Local\temp
    2012-02-12 14:41 . 2012-02-12 14:41 -------- dc----w- c:\users\Default\AppData\Local\temp
    2012-02-09 19:32 . 2012-02-09 19:32 -------- dc----w- c:\program files\Pure Networks
    2012-02-09 19:25 . 2009-07-07 20:48 26672 -c--a-w- c:\windows\system32\drivers\pnarp.sys
    2012-02-09 19:24 . 2009-07-07 20:48 27696 -c--a-w- c:\windows\system32\drivers\purendis.sys
    2012-02-09 19:24 . 2012-02-09 19:24 -------- dc----w- c:\program files\Common Files\Pure Networks Shared
    2012-02-09 18:52 . 2012-02-09 18:52 -------- dc----w- c:\users\Carmen\AppData\Roaming\Malwarebytes
    2012-02-09 18:52 . 2012-02-09 18:52 -------- dc----w- c:\programdata\Malwarebytes
    2012-02-09 18:52 . 2012-02-09 18:52 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-09 18:52 . 2011-12-10 21:24 20464 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-09 00:07 . 2012-02-09 00:07 -------- dc----w- c:\program files\CCleaner
    2012-01-31 11:17 . 2012-02-08 23:46 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
    2012-01-22 19:37 . 2012-01-22 19:37 -------- dc----w- c:\program files\security1
    2012-01-22 16:03 . 2012-01-22 16:03 -------- dc----w- c:\users\Carmen\AppData\Local\Apps
    2012-01-21 12:22 . 2012-01-22 15:47 -------- dc----w- c:\users\Carmen\AppData\Local\Conduit
    2012-01-21 12:16 . 2012-01-21 12:16 -------- dc----w- c:\program files\System
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-09 19:27 . 2010-01-17 04:52 8892928 -c--a-w- c:\programdata\atscie.msi
    2011-11-25 15:59 . 2012-01-11 11:34 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37 . 2011-12-15 03:59 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-21 21:30 . 2011-05-20 10:47 414368 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-18 20:23 . 2012-01-11 11:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47 . 2012-01-11 11:34 66560 ----a-w- c:\windows\system32\packager.dll
    2011-11-17 06:48 . 2012-01-13 11:55 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2011-11-16 16:23 . 2012-01-13 11:55 377344 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 16:23 . 2012-01-13 11:55 72704 ----a-w- c:\windows\system32\secur32.dll
    2011-11-16 16:23 . 2012-01-13 11:55 278528 ----a-w- c:\windows\system32\schannel.dll
    2011-11-16 16:21 . 2012-01-13 11:55 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2011-11-16 14:12 . 2012-01-13 11:55 9728 ----a-w- c:\windows\system32\lsass.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-03-16 214840]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-17 23:20 279944 -c--a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-15 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-15 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-15 133656]
    "DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-12 3444736]
    "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
    "QuickTime Task"="c:\windows\system32\qttask.exe" [2008-08-24 28672]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]
    "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-03-02 1583808]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
    "nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
    .
    c:\users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Epson all-in-one Registration.lnk - e:\common\EpsonReg\EpsonReg.exe [N/A]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-3-7 50688]
    QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
    backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
    2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
    2011-10-03 15:14 1409384 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-08-07 23:37 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-09-13 01:51 136176 -c--atw- c:\users\Carmen\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    2007-01-01 21:22 3739648 ----a-w- c:\users\Carmen\AppData\Roaming\Google\Google Talk\googletalk.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2011-05-13 21:03 4283256 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2012-01-22 22:49 39408 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2011-05-22 23:04 273544 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
    2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezGOSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:37]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 21:37]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000Core.job
    - c:\users\Carmen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 01:51]
    .
    2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000UA.job
    - c:\users\Carmen\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-24 01:51]
    .
    2012-01-23 c:\windows\Tasks\Norton Security Scan for Carmen.job
    - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-12 05:51]
    .
    2012-01-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    2012-02-12 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{2edab3a3-7a05-4add-946c-7222bd62fa88} - (no file)
    WebBrowser-{2EDAB3A3-7A05-4ADD-946C-7222BD62FA88} - (no file)
    MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    MSConfigStartUp-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-12 08:41
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NSL]
    "ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.0.1.8\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-02-12 08:48:40
    ComboFix-quarantined-files.txt 2012-02-12 14:48
    .
    Pre-Run: 53,780,779,008 bytes free
    Post-Run: 53,614,854,144 bytes free
    .
    - - End Of File - - 8A59091C690F96EB425C728217BCC35B
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good.

    How is computer doing?

    Uninstall Ask Toolbar, typical foistware.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    OTL log

    OTL logfile created on: 2/12/2012 1:09:29 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carmen\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.60% Memory free
    4.22 Gb Paging File | 2.64 Gb Available in Paging File | 62.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.23 Gb Total Space | 47.02 Gb Free Space | 47.38% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.62% Space Free | Partition Type: NTFS

    Computer Name: CARMEN-PC | User Name: Carmen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    PRC - [2012/02/12 13:06:29 | 051,369,680 | ---- | M] (Dell Inc) -- C:\Users\Carmen\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_23_32_01.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
    PRC - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/12/21 09:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/11/12 05:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/07 16:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/07 00:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/09/07 00:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/09/07 00:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/08/27 23:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/12 13:06:53 | 000,004,096 | ---- | M] () -- C:\Users\Carmen\AppData\Local\temp\nshD2CA.tmp\nsProcess.dll
    MOD - [2012/02/12 13:06:52 | 000,010,752 | ---- | M] () -- C:\Users\Carmen\AppData\Local\temp\nshD2CA.tmp\System.dll
    MOD - [2012/01/11 05:45:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/11 05:45:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
    MOD - [2011/10/13 15:00:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/13 14:58:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
    MOD - [2007/12/14 21:54:06 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2007/12/12 00:01:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/28 18:31:25 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
    SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
    SRV - [2011/02/15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
    SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/02/08 18:27:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/02/08 18:27:30 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120209.002\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/09/28 04:19:42 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.017\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/09/28 04:19:42 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120209.017\NAVENG.SYS -- (NAVENG)
    DRV - [2011/08/06 22:15:07 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
    DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/07 00:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/08/27 23:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 09 5D 14 9B C3 CB 01 [binary data]
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
    IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/12 06:16:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 17:07:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/08 22:53:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/10 18:14:20 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
    CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
    CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

    O1 HOSTS File: ([2012/02/12 08:41:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Windows\System32\qttask.exe ()
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062FBCAD-1BE0-4E78-A4E8-285B5BE5135A}: DhcpNameServer = 192.168.1.1 24.159.64.23 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2E8D66-A0DF-4FFD-ABBD-0163C1E4B4FB}: DhcpNameServer = 192.168.2.1 192.168.1.254
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/12 13:12:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
    [2012/02/12 13:06:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    [2012/02/12 08:49:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/12 08:48:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\temp
    [2012/02/12 08:21:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/12 08:21:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/12 08:21:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/12 08:21:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/12 08:21:22 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/02/12 08:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/12 08:15:26 | 004,402,217 | R--- | C] (Swearware) -- C:\Users\Carmen\Desktop\ComboFix.exe
    [2012/02/10 18:20:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
    [2012/02/09 18:55:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
    [2012/02/09 13:54:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
    [2012/02/09 13:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
    [2012/02/09 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
    [2012/02/09 12:52:42 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Roaming\Malwarebytes
    [2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/09 12:52:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/09 12:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/09 12:28:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/09 07:52:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4D777996-B5B9-42A5-8A42-4F6E69F05135}
    [2012/02/09 07:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6B47D91-37A2-41FF-AFDA-3797433EF7B7}
    [2012/02/08 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/02/08 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/02/08 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8A9B67BA-04E7-47BD-A46A-079EB1BDC3F7}
    [2012/01/31 05:38:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FD9FD575-3166-4040-8144-ED07F6B7FB1B}
    [2012/01/31 05:38:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{69AD96E4-9019-4BAB-97D8-9212B1D509B5}
    [2012/01/30 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE4E1254-5161-4AE1-B6CE-65D729A2794E}
    [2012/01/30 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9311BD5D-BD4A-404B-AAE6-A204F2396C05}
    [2012/01/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9BFC352D-9628-4B34-8A19-3BFC9C52F441}
    [2012/01/29 21:30:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6C51CE1-DC82-439C-9C78-3BCBF7E74D83}
    [2012/01/28 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B770D65B-98CE-4D9B-A4B6-3E1F5211ABBE}
    [2012/01/28 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FFC26A4B-D4FB-4DD8-828F-5C77B784CF37}
    [2012/01/27 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E80E3F77-C3FE-41CD-AA2A-F972ACD08AA5}
    [2012/01/27 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{504FC1E2-4FCC-4E04-9950-6B79E964A64A}
    [2012/01/26 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F413D285-720B-4977-97A1-CD3DF39BFA76}
    [2012/01/26 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{430475DA-1D80-4DFA-83C0-DAB1007172C1}
    [2012/01/26 05:39:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0F3BC3D5-1F79-462E-BCDB-ECAC8AD5188B}
    [2012/01/26 05:39:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B66D0372-ADBA-4D60-8A9D-216296ED8365}
    [2012/01/25 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A95153E8-42D1-45D1-B383-5E0D0B0E43A3}
    [2012/01/25 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D0F9ECD2-C563-4754-AC63-2DB3FE0532E3}
    [2012/01/25 05:38:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E6F3E526-F148-4D05-B95D-9A08EA0A1D09}
    [2012/01/25 05:38:04 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{587E446F-8913-4C1D-9AA9-FC6746662CBE}
    [2012/01/24 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{2C12B25F-5BD8-4577-B74F-19D084EA0FFF}
    [2012/01/24 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{30B961DB-905D-45E4-9026-FB475E8AD76D}
    [2012/01/24 05:36:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F0D0E600-3F03-49B5-812A-AEED3219B762}
    [2012/01/24 05:36:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{151DA06A-0164-4613-A898-DB22B5A5BB88}
    [2012/01/23 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A6DF4A03-B234-47AC-B8C6-D594C965EF8E}
    [2012/01/23 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4EAE4A8A-67C0-40FF-B769-A2593FF2D10D}
    [2012/01/22 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0A35C6E0-818F-43EE-84CC-55194632941E}
    [2012/01/22 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EC15F02A-AA7D-411F-A337-98181F4EB7EB}
    [2012/01/22 13:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\security1
    [2012/01/22 10:03:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Apps
    [2012/01/22 09:17:07 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{36AF7653-1DFA-45DE-A72B-239322A378A2}
    [2012/01/22 09:16:53 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{88CAB705-EA63-4D31-8927-BC314D99EEF7}
    [2012/01/21 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{11A7AE9C-4816-4486-B2A5-0414823A06E7}
    [2012/01/21 06:22:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Conduit
    [2012/01/21 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\System
    [2012/01/21 05:55:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{7FE3D98B-E363-4BC9-B5F0-B4F28C47DB03}
    [2012/01/21 05:54:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9872670C-6235-484D-BEC3-F4131BBE463D}
    [2012/01/20 16:36:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CBA5E7A9-0E01-44F9-A4CD-C81117AFC440}
    [2012/01/20 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{60BE822B-2C41-4093-B12F-96F523614792}
    [2012/01/20 04:35:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{3416D9BF-7BBC-4674-BBC9-4A21B0E7FF16}
    [2012/01/20 04:35:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DE9685C2-7A49-4AD1-8DB1-8A0B258DB334}
    [2012/01/19 04:30:49 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EB2BE341-3DF9-418A-BA10-8D2648CC4039}
    [2012/01/19 04:30:30 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E85A1CF6-3897-48F2-9BF9-F11EA3352E9F}
    [2012/01/18 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{84C37193-1D1B-4ED0-9857-EE1579F8C253}
    [2012/01/18 16:26:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8D826B8F-921C-408B-AF07-BE7E8E1ED04E}
    [2012/01/17 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A696B82A-C493-44E7-A92C-453CB810A47B}
    [2012/01/17 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4FD5CC71-8687-4FBF-8BC7-42B8EEB53DF1}
    [2012/01/17 04:34:10 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{574E080C-FEB4-49CA-9C98-48D259A2E757}
    [2012/01/17 04:33:57 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1598BF2D-B0E4-49F3-BDCC-EA6955D8E959}
    [2012/01/16 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1D04F414-C7F5-4CFF-96EE-7DF8C50368DB}
    [2012/01/16 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FA38D31A-9AE1-423C-98EC-7CBC0421172F}
    [2012/01/15 23:15:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{75CC9E34-B9CA-42E4-8111-1E3C070577FC}
    [2012/01/15 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E5DA6508-D2F0-4399-BD28-6DE159A30774}
    [2012/01/15 23:04:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE17ADD0-16C0-46F8-99D7-7825DEFB2E64}
    [2012/01/15 08:40:41 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{6DEFF753-5FE3-41F7-9647-0543A41B652D}
    [2012/01/15 08:40:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9C10798A-C870-4584-B358-A54F89E83923}
    [2012/01/14 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DB363842-2693-4256-8D7B-798F6E62CD13}
    [2012/01/14 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B87299FF-6EB5-44D6-B240-87CC19797066}
    [2012/01/14 07:21:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{46B249FF-0B10-4CAE-89E1-AACCBDDFA12C}
    [2012/01/14 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{291426BE-65F3-4CDF-8569-F51C31566069}
    [2012/01/13 18:43:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{70A12C4E-C05C-49B2-A70F-6C01743393AE}
    [2012/01/13 18:43:28 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{57ACF140-D182-422C-8919-0DC29C21E557}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  17. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    ========== Files - Modified Within 30 Days ==========

    [2012/02/12 13:13:06 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/02/12 13:12:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    [2012/02/12 13:02:06 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/12 13:01:55 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000UA.job
    [2012/02/12 13:01:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/12 13:01:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/12 13:01:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/12 08:41:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/12 08:16:49 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000Core.job
    [2012/02/12 08:15:46 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\ComboFix.exe
    [2012/02/10 18:21:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/10 18:20:31 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
    [2012/02/09 19:14:02 | 000,000,512 | ---- | M] () -- C:\Users\Carmen\Desktop\MBR.dat
    [2012/02/09 18:56:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
    [2012/02/09 18:47:59 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/09 18:47:02 | 260,852,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 13:54:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
    [2012/02/09 13:42:00 | 000,302,592 | ---- | M] () -- C:\Users\Carmen\Desktop\gmer.exe
    [2012/02/09 13:32:05 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2012/02/09 13:27:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2012/02/09 13:26:31 | 002,349,520 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
    [2012/02/09 12:52:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/08 19:16:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/08 19:16:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/08 18:07:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/02/08 17:47:40 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/01/30 17:40:38 | 000,003,128 | ---- | M] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
    [2012/01/27 23:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
    [2012/01/26 05:05:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/01/25 18:39:27 | 000,002,627 | ---- | M] () -- C:\Users\Carmen\Desktop\Microsoft Office Word 2007.lnk
    [2012/01/22 19:13:27 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Carmen.job
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/12 13:12:37 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/02/12 13:12:34 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/02/12 08:21:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/12 08:21:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/12 08:21:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/12 08:21:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/12 08:21:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/09 19:14:02 | 000,000,512 | ---- | C] () -- C:\Users\Carmen\Desktop\MBR.dat
    [2012/02/09 18:47:02 | 260,852,946 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 13:42:00 | 000,302,592 | ---- | C] () -- C:\Users\Carmen\Desktop\gmer.exe
    [2012/02/09 13:32:05 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2012/02/09 12:52:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/08 18:07:24 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/01/30 17:40:37 | 000,003,128 | ---- | C] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
    [2011/06/23 16:50:40 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
    [2010/10/14 20:19:14 | 000,001,940 | ---- | C] () -- C:\Users\Carmen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/06/22 20:36:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/18 20:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/01/18 20:38:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/01/18 20:38:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/01/16 22:52:07 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/10/26 19:34:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2009/10/26 19:34:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2009/10/26 19:34:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2009/10/26 19:34:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2009/10/26 19:34:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2009/10/26 19:34:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2009/10/26 19:34:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2009/10/26 19:34:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2009/10/26 19:34:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2009/10/26 19:34:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2009/10/26 19:34:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2009/10/26 19:34:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/10/26 19:22:59 | 000,000,079 | ---- | C] () -- C:\Windows\EPNX510.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/02/21 20:44:08 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
    [2009/02/21 20:44:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
    [2009/02/02 18:53:50 | 000,000,000 | ---- | C] () -- C:\Users\Carmen\AppData\Roaming\wklnhst.dat
    [2008/08/24 11:25:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
    [2008/03/17 11:22:47 | 000,000,680 | ---- | C] () -- C:\Users\Carmen\AppData\Local\d3d9caps.dat
    [2008/03/11 16:06:51 | 000,046,592 | ---- | C] () -- C:\Users\Carmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/03/07 15:38:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
    [2008/03/07 15:38:31 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2008/03/07 15:38:31 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2008/03/07 15:38:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2008/03/07 15:38:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/03/07 08:02:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/03/07 08:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/03/07 07:57:19 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2006/11/10 16:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:44:53 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/10/25 12:54:54 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

    ========== LOP Check ==========

    [2010/08/04 21:00:13 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Epson
    [2011/11/26 16:45:16 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\GARMIN
    [2011/07/23 07:19:58 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\go
    [2008/08/24 11:29:16 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\InterTrust
    [2009/10/28 04:35:04 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Leader Technologies
    [2009/10/27 19:46:06 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Leadertech
    [2011/05/25 12:28:17 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\PCDr
    [2009/02/02 18:53:52 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\Template
    [2011/10/13 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\webex
    [2011/03/02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke
    [2012/02/12 13:12:37 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2012/02/10 18:11:55 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/02/12 13:13:06 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2012/02/12 08:48:41 | 000,014,902 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/03/07 15:38:41 | 000,004,692 | RH-- | M] () -- C:\dell.sdr
    [2010/11/28 10:23:38 | 000,000,090 | ---- | M] () -- C:\error.log
    [2008/03/07 08:02:43 | 000,022,729 | ---- | M] () -- C:\newfile.enc
    [2008/03/07 08:02:43 | 000,022,729 | ---- | M] () -- C:\newkey
    [2012/02/10 18:13:05 | 2450,845,696 | -HS- | M] () -- C:\pagefile.sys
    [2008/03/07 08:21:03 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
    [2012/01/30 17:40:38 | 000,003,128 | ---- | M] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}

    < %systemroot%\Fonts\*.com >
    [2006/11/02 06:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 06:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 06:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/09/09 04:28:45 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 01:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/01/18 11:38:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/03 04:48:58 | 000,000,574 | -HS- | M] () -- C:\Users\Carmen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/09 18:56:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
    [2012/02/10 18:20:31 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
    [2012/02/12 08:15:46 | 004,402,217 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\ComboFix.exe
    [2011/11/26 16:39:46 | 011,194,616 | ---- | M] (Garmin International) -- C:\Users\Carmen\Desktop\GarminLifetimeUpdaterInstaller.exe
    [2012/02/09 13:42:00 | 000,302,592 | ---- | M] () -- C:\Users\Carmen\Desktop\gmer.exe
    [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    [2010/06/22 20:30:27 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Carmen\Desktop\SkypeSetup.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/11/28 10:23:23 | 000,000,402 | -HS- | M] () -- C:\Users\Carmen\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/02/09 13:27:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  18. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Extras log

    OTL Extras logfile created on: 2/12/2012 1:09:29 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carmen\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.60% Memory free
    4.22 Gb Paging File | 2.64 Gb Available in Paging File | 62.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.23 Gb Total Space | 47.02 Gb Free Space | 47.38% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.62% Space Free | Partition Type: NTFS

    Computer Name: CARMEN-PC | User Name: Carmen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00134A53-F718-4503-BD0F-B9B93E0E4790}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{070C7B6B-37DA-4B6D-8F82-D7D1A97F6700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1122A53E-316E-45C2-BB49-9A0760CD7760}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{1C8BA6A4-1159-4F5A-B160-0AE13102A6E5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2416422B-0500-474B-9C62-1EB6B519547C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{320CE166-BBA8-4E10-BC13-8690ABCE9AA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{32F453C8-ECF1-42EA-BFCE-D6537592EE83}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{3D1E42E2-C173-4AF6-9B84-DF430A6F3B60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41C5D45B-D730-4DF6-A8D5-CC78C06614CF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{5651361D-22A3-4C70-AD56-7E966AC908B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{59FC0D57-5885-4F4C-A922-E928B4BA81DB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{6B64890A-BBAE-426D-92CE-6BB2C7D1F01A}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{82897144-502C-43D1-BCCD-B7DFD66B3310}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{83B33E06-3C72-4493-855F-BD1B30CA24CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{88BAEF85-522E-4BB9-934D-18A8BDE26781}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A8535CCF-C6E9-4DA1-B0B7-C12AF82AAD42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B1FE4432-9AE4-41EB-8930-9A397985A0EB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B5904BF5-5407-4A2E-A736-AC1C7E60CFCF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DA0D5FC7-CF3D-4930-9F9D-9E3F6A26A1A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E1E8A144-7EEF-4A7E-A3AB-24B4128F3667}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{F0333117-15E2-4C6D-B6F9-4909DE29D204}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{F68747C6-48D0-49A4-BED0-608DB22FA169}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0FF257B1-D444-4068-9312-0D83E2FE8E6F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{1EC58C67-8B80-461C-9F4A-16972D14180D}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
    "{23EC96FD-F597-4CD9-8562-D6630F8110EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2B0BC0EE-D13F-454F-857A-6813B7AA5638}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{38B3FF6A-CA4F-4341-B9C4-E338FEE4D085}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{39FC16AB-BCD9-416E-BE7D-BEF8E3E4CFA1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4F7B96A1-DA92-46C7-972C-B058D2B445C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5C6EB85C-F721-4A19-A755-EC0453B26FA1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
    "{7B8424F4-6AB0-43D3-AAB7-7514EFD9DE1B}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
    "{7C069038-8EF0-4B3C-8D4C-6C46D9EEB8AC}" = protocol=6 | dir=out | app=system |
    "{80E92E85-01CD-4686-BEDE-0EBC96693F1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{817B5611-1E27-41BA-8E0E-16C98640148D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8C33C779-AAD6-41FD-A499-C434E3A3A3C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{946895DD-7AA0-4769-8996-6F09E6C6664D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{954E78C7-B893-43C7-A88C-84F048F4FA60}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{96B3C632-64A9-4BF9-BD5F-C8FEE7106A2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{ACBAC05C-1E88-4AA5-B889-472A8D49BACF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AFA9EF25-56B6-4AFE-8DEE-C81FC84B9535}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{B4764AAB-7048-463C-B713-48ADC76F0621}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
    "{C3C48731-7C9A-49F3-9634-7D769B53F41C}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
    "{C3C5B145-283B-428C-9F0E-C5843A7B70BE}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
    "{CAA7AF37-9AE0-41BB-93A0-2A9CFF6FDBD0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{CBC47604-3B28-4D25-B1C7-1EE09964314C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{D2437257-1EF0-436E-826F-D77A1293CED6}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{D63CC2A4-0CC3-4D42-9E0B-D200AF4C8658}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{D831CA9E-44C7-4051-A1D2-84EBA3F7C72F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{D9F669FE-7194-460A-9244-AEFA8A90C863}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E4D98FC2-3C6D-479A-A587-3A681510F536}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EE49F32D-D03A-4B05-B152-D51621FABE6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FB10AE42-EE39-426E-BF0D-4336CA8D3D20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{4D32B257-9F91-456C-ADB6-248EF460C1CB}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "TCP Query User{574B0E66-8A85-4786-A6CC-89CA4421EE2F}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{07ACD282-5D2F-449E-8E51-5C8729981114}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
    "UDP Query User{B79A93D9-CDF2-4AEB-88AB-287D31C8DCB9}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{07453869-D17D-4159-A23D-0A956CE96448}" = ArcSoft Print Creations
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
    "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
    "{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
    "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69EB5C18-1222-41F1-8C75-69B5F55F4321}" = Garmin Lifetime Updater
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
    "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = ZTE Mobile Connection Manager
    "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
    "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
    "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6C82F8F-2031-4825-8CC3-98C5960875C1}" = Epson CreativeZone
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0839DB3-FBB8-4D14-936F-1D457A088224}" = Bing Bar
    "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
    "Dell Support Center" = Dell Support Center
    "Dell Webcam Center" = Dell Webcam Center
    "Dell Webcam Manager" = Dell Webcam Manager
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "EPSON NX510 Series" = EPSON NX510 Series Printer Uninstall
    "EPSON Scanner" = EPSON Scan
    "Google Chrome" = Google Chrome
    "Google Desktop" = Google Desktop
    "LTCM Client" = LTCM Client
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "N360" = Norton 360
    "Network MagicUninstall" = Network Magic
    "NSS" = Norton Security Scan
    "NST" = Norton Safe Web Lite
    "QuickTime" = QuickTime
    "RealPlayer 12.0" = RealPlayer
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "The Weather Channel Toolbar" = The Weather Channel Toolbar
    "WhiteSmoke" = WhiteSmoke
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3559462696-599919631-1170467733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "Game Organizer" = EasyBits GO

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2/8/2012 7:51:28 PM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
    Description =

    Error - 2/8/2012 11:02:42 PM | Computer Name = Carmen-PC | Source = EventSystem | ID = 4621
    Description =

    Error - 2/8/2012 11:02:50 PM | Computer Name = Carmen-PC | Source = ESENT | ID = 505
    Description = wuaueng.dll (1224) SUS20ClientDataStore: An attempt to open the compressed
    file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write
    access failed because it could not be converted to a normal file. The open file
    operation will fail with error -4005 (0xfffff05b). To prevent this error in the
    future you can manually decompress the file and change the compression state of
    the containing folder to uncompressed. Writing to this file when it is compressed
    is not supported.

    Error - 2/9/2012 9:55:58 AM | Computer Name = Carmen-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
    0x4d76255d, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a,
    exception code 0xc0000005, fault offset 0x003c464f, process id 0x940, application
    start time 0x01cce731fa0a9c0d.

    Error - 2/9/2012 3:15:24 PM | Computer Name = Carmen-PC | Source = EventSystem | ID = 4622
    Description =

    Error - 2/10/2012 8:19:55 PM | Computer Name = Carmen-PC | Source = Perflib | ID = 1010
    Description =

    Error - 2/10/2012 8:19:59 PM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
    Description =

    Error - 2/12/2012 10:12:53 AM | Computer Name = Carmen-PC | Source = Perflib | ID = 1010
    Description =

    Error - 2/12/2012 10:12:55 AM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
    Description =

    Error - 2/12/2012 11:00:18 AM | Computer Name = Carmen-PC | Source = Perflib | ID = 1008
    Description =

    [ OSession Events ]
    Error - 10/19/2008 1:29:10 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 88665
    seconds with 6060 seconds of active time. This session ended with a crash.

    Error - 12/8/2008 9:06:39 AM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 82978
    seconds with 4680 seconds of active time. This session ended with a crash.

    Error - 11/15/2009 8:55:48 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3532
    seconds with 1020 seconds of active time. This session ended with a crash.

    Error - 4/25/2010 12:34:36 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15832
    seconds with 3060 seconds of active time. This session ended with a crash.

    Error - 10/6/2010 8:16:42 PM | Computer Name = Carmen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
    Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
    lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 2/12/2012 10:25:48 AM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/12/2012 10:35:33 AM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/12/2012 10:41:48 AM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 2/12/2012 3:01:16 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2012 3:01:17 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2012 3:01:21 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2012 3:01:23 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2012 3:01:25 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2012 3:01:27 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 2/12/2012 3:01:29 PM | Computer Name = Carmen-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I can't continue because you didn't answer my question:
    [​IMG]
     
  20. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    Sorry. I don't really know. I will have to give it back to the lady who it belongs to. I will send it to her tomorrow and have her use it and then get the input from her. I uninstalled software that she didn't even need or use. She had several anti-virus programs, and she told me she only bought one. I will get back with you on how it is working as soon as she lets me know.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    No. We're not done. I need YOU to check how things are.
     
  22. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    i think it is running faster and better. before it was taken 10 min or longer just to start up. I am going to run a full virus scan tonight, to make sure it no longer pops up anything. She told me Norton was always finding some virus, and it was causing problems on her laptop. I noticed even the internet is running better. She had 3 virus software programs on her computer and she had never cleaned it, like with ccleaner. Is there anything in particular I need to look for or any other scnas I might need to do?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
      IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
      O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
      O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Ranges: GD ([http] in Local intranet)
      [2011/03/02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  24. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    New OTL log

    OTL logfile created on: 2/13/2012 6:05:17 AM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Carmen\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.78 Gb Available Physical Memory | 39.23% Memory free
    4.22 Gb Paging File | 2.57 Gb Available in Paging File | 61.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 99.23 Gb Total Space | 60.87 Gb Free Space | 61.35% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.26 Gb Free Space | 62.62% Space Free | Partition Type: NTFS

    Computer Name: CARMEN-PC | User Name: Carmen | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccsvchst.exe
    PRC - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/04/11 00:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2009/01/12 09:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2007/12/21 09:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
    PRC - [2007/11/12 05:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    PRC - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
    PRC - [2007/09/07 16:27:08 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
    PRC - [2007/09/07 00:50:02 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
    PRC - [2007/09/07 00:49:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
    PRC - [2007/09/07 00:49:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
    PRC - [2007/08/27 23:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
    PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/11 05:45:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
    MOD - [2012/01/11 05:45:51 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
    MOD - [2011/10/13 15:00:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/13 14:58:24 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
    MOD - [2008/12/22 09:50:28 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
    MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
    MOD - [2007/12/14 21:54:06 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
    MOD - [2007/12/12 00:01:24 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/05/28 18:31:25 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
    SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
    SRV - [2011/02/15 01:59:26 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/14 01:30:50 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/05/22 23:39:05 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe -- (NSL)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/16 21:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
    SRV - [2007/11/12 05:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/11/12 05:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
    SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


    ========== Driver Services (SafeList) ==========

    DRV - [2012/02/08 18:27:30 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2012/02/08 18:27:30 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/12/15 17:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/11/30 20:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/09/28 04:19:42 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/09/28 04:19:42 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120212.017\NAVENG.SYS -- (NAVENG)
    DRV - [2011/08/06 22:15:07 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/04/20 19:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/30 21:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 21:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/14 20:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 00:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/26 23:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS -- (SymIRON)
    DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2009/11/05 15:54:54 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2007/12/14 21:54:26 | 000,111,104 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
    DRV - [2007/11/12 05:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
    DRV - [2007/09/07 00:49:56 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/09/06 10:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/09/06 10:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/09/06 10:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/08/27 23:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
    DRV - [2006/11/02 01:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 01:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://latam.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 09 5D 14 9B C3 CB 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
    IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Carmen\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/12 06:16:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/05/22 17:07:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2012/02/08 22:53:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_5_2 [2012/02/10 18:14:20 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Carmen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
    CHR - Extension: SiteAdvisor = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
    CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
    CHR - Extension: Skype Click to Call = C:\Users\Carmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\

    O1 HOSTS File: ([2012/02/12 08:41:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\CoIEPlg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LTCM Client] C:\Program Files\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
    O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [QuickTime Task] C:\Windows\System32\qttask.exe ()
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
    O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
    O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
    O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{062FBCAD-1BE0-4E78-A4E8-285B5BE5135A}: DhcpNameServer = 192.168.1.1 24.159.64.23 24.217.201.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F2E8D66-A0DF-4FFD-ABBD-0163C1E4B4FB}: DhcpNameServer = 192.168.2.1 192.168.1.254
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864-AsianInfl3.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/12 13:12:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
    [2012/02/12 13:06:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    [2012/02/12 13:02:08 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
    [2012/02/12 08:49:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/12 08:48:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\temp
    [2012/02/12 08:21:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/12 08:21:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/12 08:21:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/12 08:21:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/12 08:21:22 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/02/12 08:17:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/10 18:20:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
    [2012/02/09 18:55:21 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
    [2012/02/09 13:54:49 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
    [2012/02/09 13:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
    [2012/02/09 13:25:49 | 000,026,672 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\pnarp.sys
    [2012/02/09 13:24:26 | 000,027,696 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\purendis.sys
    [2012/02/09 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
    [2012/02/09 12:52:42 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Roaming\Malwarebytes
    [2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/09 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/09 12:52:32 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/09 12:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/09 12:28:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/02/09 07:52:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4D777996-B5B9-42A5-8A42-4F6E69F05135}
    [2012/02/09 07:52:22 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6B47D91-37A2-41FF-AFDA-3797433EF7B7}
    [2012/02/08 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/02/08 18:07:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/02/08 17:50:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8A9B67BA-04E7-47BD-A46A-079EB1BDC3F7}
    [2012/01/31 05:38:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FD9FD575-3166-4040-8144-ED07F6B7FB1B}
    [2012/01/31 05:38:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{69AD96E4-9019-4BAB-97D8-9212B1D509B5}
    [2012/01/30 17:37:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE4E1254-5161-4AE1-B6CE-65D729A2794E}
    [2012/01/30 17:37:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9311BD5D-BD4A-404B-AAE6-A204F2396C05}
    [2012/01/29 21:30:52 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9BFC352D-9628-4B34-8A19-3BFC9C52F441}
    [2012/01/29 21:30:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D6C51CE1-DC82-439C-9C78-3BCBF7E74D83}
    [2012/01/28 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B770D65B-98CE-4D9B-A4B6-3E1F5211ABBE}
    [2012/01/28 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FFC26A4B-D4FB-4DD8-828F-5C77B784CF37}
    [2012/01/27 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E80E3F77-C3FE-41CD-AA2A-F972ACD08AA5}
    [2012/01/27 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{504FC1E2-4FCC-4E04-9950-6B79E964A64A}
    [2012/01/26 20:00:35 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F413D285-720B-4977-97A1-CD3DF39BFA76}
    [2012/01/26 20:00:16 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{430475DA-1D80-4DFA-83C0-DAB1007172C1}
    [2012/01/26 05:39:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0F3BC3D5-1F79-462E-BCDB-ECAC8AD5188B}
    [2012/01/26 05:39:45 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B66D0372-ADBA-4D60-8A9D-216296ED8365}
    [2012/01/25 17:39:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A95153E8-42D1-45D1-B383-5E0D0B0E43A3}
    [2012/01/25 17:38:51 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{D0F9ECD2-C563-4754-AC63-2DB3FE0532E3}
    [2012/01/25 05:38:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E6F3E526-F148-4D05-B95D-9A08EA0A1D09}
    [2012/01/25 05:38:04 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{587E446F-8913-4C1D-9AA9-FC6746662CBE}
    [2012/01/24 17:37:33 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{2C12B25F-5BD8-4577-B74F-19D084EA0FFF}
    [2012/01/24 17:37:18 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{30B961DB-905D-45E4-9026-FB475E8AD76D}
    [2012/01/24 05:36:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{F0D0E600-3F03-49B5-812A-AEED3219B762}
    [2012/01/24 05:36:27 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{151DA06A-0164-4613-A898-DB22B5A5BB88}
    [2012/01/23 17:35:55 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A6DF4A03-B234-47AC-B8C6-D594C965EF8E}
    [2012/01/23 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4EAE4A8A-67C0-40FF-B769-A2593FF2D10D}
    [2012/01/22 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{0A35C6E0-818F-43EE-84CC-55194632941E}
    [2012/01/22 21:17:50 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EC15F02A-AA7D-411F-A337-98181F4EB7EB}
    [2012/01/22 13:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\security1
    [2012/01/22 10:03:15 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Apps
    [2012/01/22 09:17:07 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{36AF7653-1DFA-45DE-A72B-239322A378A2}
    [2012/01/22 09:16:53 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{88CAB705-EA63-4D31-8927-BC314D99EEF7}
    [2012/01/21 17:55:44 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{11A7AE9C-4816-4486-B2A5-0414823A06E7}
    [2012/01/21 06:22:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\Conduit
    [2012/01/21 06:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\System
    [2012/01/21 05:55:11 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{7FE3D98B-E363-4BC9-B5F0-B4F28C47DB03}
    [2012/01/21 05:54:58 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9872670C-6235-484D-BEC3-F4131BBE463D}
    [2012/01/20 16:36:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CBA5E7A9-0E01-44F9-A4CD-C81117AFC440}
    [2012/01/20 16:36:13 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{60BE822B-2C41-4093-B12F-96F523614792}
    [2012/01/20 04:35:37 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{3416D9BF-7BBC-4674-BBC9-4A21B0E7FF16}
    [2012/01/20 04:35:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DE9685C2-7A49-4AD1-8DB1-8A0B258DB334}
    [2012/01/19 04:30:49 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{EB2BE341-3DF9-418A-BA10-8D2648CC4039}
    [2012/01/19 04:30:30 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E85A1CF6-3897-48F2-9BF9-F11EA3352E9F}
    [2012/01/18 16:26:38 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{84C37193-1D1B-4ED0-9857-EE1579F8C253}
    [2012/01/18 16:26:24 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{8D826B8F-921C-408B-AF07-BE7E8E1ED04E}
    [2012/01/17 18:39:05 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{A696B82A-C493-44E7-A92C-453CB810A47B}
    [2012/01/17 18:38:48 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{4FD5CC71-8687-4FBF-8BC7-42B8EEB53DF1}
    [2012/01/17 04:34:10 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{574E080C-FEB4-49CA-9C98-48D259A2E757}
    [2012/01/17 04:33:57 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1598BF2D-B0E4-49F3-BDCC-EA6955D8E959}
    [2012/01/16 13:40:21 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{1D04F414-C7F5-4CFF-96EE-7DF8C50368DB}
    [2012/01/16 13:40:09 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{FA38D31A-9AE1-423C-98EC-7CBC0421172F}
    [2012/01/15 23:15:19 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{75CC9E34-B9CA-42E4-8111-1E3C070577FC}
    [2012/01/15 23:11:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{E5DA6508-D2F0-4399-BD28-6DE159A30774}
    [2012/01/15 23:04:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{CE17ADD0-16C0-46F8-99D7-7825DEFB2E64}
    [2012/01/15 08:40:41 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{6DEFF753-5FE3-41F7-9647-0543A41B652D}
    [2012/01/15 08:40:23 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{9C10798A-C870-4584-B358-A54F89E83923}
    [2012/01/14 19:22:25 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{DB363842-2693-4256-8D7B-798F6E62CD13}
    [2012/01/14 19:22:12 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{B87299FF-6EB5-44D6-B240-87CC19797066}
    [2012/01/14 07:21:29 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{46B249FF-0B10-4CAE-89E1-AACCBDDFA12C}
    [2012/01/14 07:21:08 | 000,000,000 | ---D | C] -- C:\Users\Carmen\AppData\Local\{291426BE-65F3-4CDF-8569-F51C31566069}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  25. alhoover81

    alhoover81 TS Rookie Topic Starter Posts: 72

    ========== Files - Modified Within 30 Days ==========

    [2012/02/13 06:09:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/13 06:09:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/12 23:11:12 | 000,000,560 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Carmen.job
    [2012/02/12 20:26:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000UA.job
    [2012/02/12 20:22:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/12 20:21:34 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3559462696-599919631-1170467733-1000Core.job
    [2012/02/12 20:14:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/12 20:08:13 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/02/12 20:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/12 13:12:37 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/02/12 13:06:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Carmen\Desktop\OTL.exe
    [2012/02/12 08:41:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/10 18:20:31 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Carmen\Desktop\boot_cleaner.exe
    [2012/02/09 19:14:02 | 000,000,512 | ---- | M] () -- C:\Users\Carmen\Desktop\MBR.dat
    [2012/02/09 18:56:12 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Carmen\Desktop\aswMBR.exe
    [2012/02/09 18:47:59 | 000,379,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/09 18:47:02 | 260,852,946 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 13:54:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Carmen\Desktop\dds.scr
    [2012/02/09 13:42:00 | 000,302,592 | ---- | M] () -- C:\Users\Carmen\Desktop\gmer.exe
    [2012/02/09 13:32:05 | 000,001,942 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2012/02/09 13:27:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2012/02/09 13:26:31 | 002,349,520 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\Cat.DB
    [2012/02/09 12:52:35 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/08 19:16:20 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/08 19:16:20 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/08 18:07:25 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/02/08 17:47:40 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2012/01/30 17:40:38 | 000,003,128 | ---- | M] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
    [2012/01/27 23:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0502000.00D\isolate.ini
    [2012/01/26 05:05:55 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/01/25 18:39:27 | 000,002,627 | ---- | M] () -- C:\Users\Carmen\Desktop\Microsoft Office Word 2007.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/02/12 13:12:37 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/02/12 13:12:34 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2012/02/12 08:21:44 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/12 08:21:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/12 08:21:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/12 08:21:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/12 08:21:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/09 19:14:02 | 000,000,512 | ---- | C] () -- C:\Users\Carmen\Desktop\MBR.dat
    [2012/02/09 18:47:02 | 260,852,946 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/09 13:42:00 | 000,302,592 | ---- | C] () -- C:\Users\Carmen\Desktop\gmer.exe
    [2012/02/09 13:32:05 | 000,001,942 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
    [2012/02/09 12:52:35 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/02/08 18:07:24 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/01/30 17:40:37 | 000,003,128 | ---- | C] () -- C:\{1AF85737-A9FF-40DD-A6A6-29576625E5C7}
    [2011/06/23 16:50:40 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
    [2010/10/14 20:19:14 | 000,001,940 | ---- | C] () -- C:\Users\Carmen\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/06/22 20:36:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/01/18 20:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2010/01/18 20:38:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/01/18 20:38:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2010/01/16 22:52:07 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/10/26 19:34:51 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2009/10/26 19:34:51 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2009/10/26 19:34:51 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2009/10/26 19:34:51 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2009/10/26 19:34:51 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2009/10/26 19:34:51 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2009/10/26 19:34:51 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2009/10/26 19:34:51 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2009/10/26 19:34:51 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2009/10/26 19:34:51 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2009/10/26 19:34:51 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2009/10/26 19:34:51 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2009/10/26 19:34:51 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2009/10/26 19:34:51 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2009/10/26 19:22:59 | 000,000,079 | ---- | C] () -- C:\Windows\EPNX510.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/02/21 20:44:08 | 000,327,680 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
    [2009/02/21 20:44:08 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
    [2009/02/02 18:53:50 | 000,000,000 | ---- | C] () -- C:\Users\Carmen\AppData\Roaming\wklnhst.dat
    [2008/08/24 11:25:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\qttask.exe
    [2008/03/17 11:22:47 | 000,000,680 | ---- | C] () -- C:\Users\Carmen\AppData\Local\d3d9caps.dat
    [2008/03/11 16:06:51 | 000,046,592 | ---- | C] () -- C:\Users\Carmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/03/07 15:38:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
    [2008/03/07 15:38:31 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2008/03/07 15:38:31 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2008/03/07 15:38:29 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
    [2008/03/07 15:38:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/03/07 08:02:47 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/03/07 08:02:46 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
    [2008/03/07 07:57:19 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
    [2006/11/10 16:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:44:53 | 000,379,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2001/10/25 12:54:54 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

    ========== Custom Scans ==========


    < >

    < SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) >

    < IE - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found >

    < O3 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. >

    < O4 - Startup: C:\Users\Carmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found >

    < O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found >

    < O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found >

    < O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.) >
    Invalid Switch: ultrashim.cab (Reg Error: Key error.)


    < O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) >

    < O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) >
    Invalid Switch: gp.cab (Reg Error: Key error.)


    < O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Domains: localhost ([]http in Local intranet) >

    < O15 - HKU\S-1-5-21-3559462696-599919631-1170467733-1000\..Trusted Ranges: GD ([http] in Local intranet) >

    < [2011/03/02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke >
    Invalid Switch: 02 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Carmen\AppData\Roaming\WhiteSmoke


    < >

    < :Commands >

    < [purity] >

    < [emptytemp] >

    < [emptyjava] >

    < [emptyflash] >

    < [Reboot] >

    < End of report >
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...