Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"alot" tool bar and search [Solved]


  • This topic is locked This topic is locked

#1
jettalvr00

jettalvr00

    Member

  • Member
  • PipPip
  • 21 posts
I somehow downloaded the alot tool bar and search engine. I went in and deleted the programs but it is still interfering with my google searches and it won't allow my netflix to go full screen on foxfire.


OTL logfile created on: 7/27/2012 5:38:42 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Melissa\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 40.75% Memory free
5.92 Gb Paging File | 3.77 Gb Available in Paging File | 63.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 271.09 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 05:38:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Downloads\OTL.exe
PRC - [2012/07/22 14:51:19 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/07/22 14:36:31 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/21 19:26:28 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/13 19:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 12:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/23 14:06:12 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll
MOD - [2012/07/23 11:38:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/07/23 11:38:14 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/23 11:38:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/23 11:37:51 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/07/23 11:37:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/23 11:37:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/23 11:37:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/23 11:37:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/07/22 20:10:12 | 002,905,936 | -HS- | M] () -- \\?\C:\Users\Melissa\AppData\LocalLow\PlayReady\Cache\S-1-5-21-1855049342-89377777-934223628-1000\MSPRindiv01.key
MOD - [2012/07/21 19:26:28 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/13 19:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/04/24 00:33:48 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\nsldap32v50.dll
MOD - [2009/04/16 13:03:22 | 000,166,400 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\libxslt.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/08/18 00:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/22 14:36:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/25 10:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/21 22:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/06/08 12:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/03 08:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 15:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/08 06:01:22 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/09/15 14:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 FA 2C 78 F1 68 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.2000.2(B)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://search.alot.c...ion=1.0.18000(G)&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 19:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/21 19:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions
[2012/07/26 14:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions
[2012/07/21 19:45:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
[2012/07/23 22:16:36 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
[2012/07/23 22:49:45 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
[2012/07/26 14:06:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\staged
[2012/07/23 22:16:35 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
[2012/07/23 22:22:14 | 000,002,205 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\searchplugins\alot-search.xml
[2012/07/21 19:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80B091B9-E692-4D91-AB86-66C1D2C9F6E2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 05:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/24 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Microsoft Games
[2012/07/23 22:17:33 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org
[2012/07/23 22:16:03 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
[2012/07/23 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2012/07/23 22:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/07/23 22:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/07/23 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/07/23 17:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/07/23 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/07/23 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/07/23 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\HP
[2012/07/23 17:33:54 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Adobe
[2012/07/23 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/07/23 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/07/23 17:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/07/23 11:28:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/07/23 11:28:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/07/22 20:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/22 20:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/22 20:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/22 14:37:49 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Google
[2012/07/22 14:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/22 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/07/22 14:36:35 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Google
[2012/07/22 14:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/07/22 14:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/22 11:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\SecondLife
[2012/07/22 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\SecondLife
[2012/07/22 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2012/07/22 11:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2012/07/21 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Macromedia
[2012/07/21 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Macromedia
[2012/07/21 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Adobe
[2012/07/21 19:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/07/21 19:26:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/21 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Mozilla
[2012/07/21 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Mozilla
[2012/07/21 19:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/21 19:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/21 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/21 19:10:23 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Intel Corporation
[2012/07/21 19:10:06 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/21 19:10:06 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Searches
[2012/07/21 19:10:06 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/21 19:10:06 | 000,000,000 | -H-D | C] -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/21 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Identities
[2012/07/21 19:09:49 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Contacts
[2012/07/21 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\VirtualStore
[2012/07/21 19:09:19 | 000,000,000 | --SD | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Videos
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Saved Games
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Pictures
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Music
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Links
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Favorites
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Downloads
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Documents
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Desktop
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\AppData\Local\Temporary Internet Files
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Templates
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Start Menu
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\SendTo
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Recent
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\PrintHood
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\NetHood
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Documents\My Videos
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Documents\My Pictures
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Documents\My Music
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\My Documents
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Local Settings
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\AppData\Local\History
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Cookies
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Application Data
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\AppData\Local\Application Data
[2012/07/21 19:09:19 | 000,000,000 | -H-D | C] -- C:\Users\Melissa\AppData
[2012/07/21 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Temp
[2012/07/21 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Microsoft
[2012/07/21 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Media Center Programs
[2012/07/21 19:09:03 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/07/12 18:04:24 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2012/07/12 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2012/07/12 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting
[2012/07/12 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netwaiting
[2012/07/12 18:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool
[2012/07/12 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2012/07/12 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Line Detect
[2012/07/12 18:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/07/12 18:00:40 | 000,000,000 | ---D | C] -- C:\Dell
[2012/07/12 18:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/12 18:00:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2012/07/12 17:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/07/12 17:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/07/12 17:59:42 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/07/12 17:59:42 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/07/12 17:59:41 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/07/12 17:59:41 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/07/12 17:59:41 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/07/12 17:59:41 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/07/12 17:59:41 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/07/12 17:59:41 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/07/12 17:59:40 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/07/12 17:59:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/07/12 17:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/07/12 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/07/12 17:59:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/07/12 17:59:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/12 17:58:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2012/07/12 17:58:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2012/07/12 17:58:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/07/12 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/07/12 17:58:35 | 000,000,000 | ---D | C] -- C:\Intel
[2012/07/12 17:55:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/07/12 17:54:18 | 001,594,368 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/07/12 17:53:00 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2012/07/12 17:51:31 | 000,000,000 | ---D | C] -- C:\Drivers

========== Files - Modified Within 30 Days ==========

[2012/07/27 05:42:12 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/27 05:17:15 | 000,737,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/27 05:17:15 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/27 05:17:15 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 05:12:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 05:12:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 14:51:18 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 14:20:00 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 14:20:00 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 05:38:48 | 000,283,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/24 05:38:15 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/24 00:23:34 | 000,020,604 | ---- | M] () -- C:\Users\Melissa\Documents\me2.odt
[2012/07/23 22:19:22 | 000,001,635 | ---- | M] () -- C:\Users\Melissa\Documents\me.odb
[2012/07/23 22:18:03 | 000,001,231 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012/07/23 22:16:03 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2012/07/23 22:14:11 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2012/07/23 17:43:15 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2012/07/23 17:43:15 | 000,001,231 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2012/07/23 17:32:45 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/23 11:31:27 | 000,001,433 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/23 07:52:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/23 07:52:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/22 14:49:40 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/22 14:37:27 | 000,002,235 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/21 22:07:58 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/07/21 22:07:58 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/07/21 19:14:23 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/21 19:09:37 | 000,015,150 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/07/12 18:04:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/07/12 18:01:17 | 000,001,957 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/07/12 09:29:52 | 004,534,272 | ---- | M] () -- C:\ProgramData\ReadOnlyInstaller.msi

========== Files Created - No Company Name ==========

[2012/07/24 00:23:33 | 000,020,604 | ---- | C] () -- C:\Users\Melissa\Documents\me2.odt
[2012/07/23 22:18:48 | 000,001,635 | ---- | C] () -- C:\Users\Melissa\Documents\me.odb
[2012/07/23 22:18:03 | 000,001,231 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012/07/23 22:16:03 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2012/07/23 22:14:11 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2012/07/23 17:43:15 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2012/07/23 17:43:15 | 000,001,231 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2012/07/23 17:32:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/23 17:32:45 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/23 07:52:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/23 07:52:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/22 14:37:27 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/22 14:37:27 | 000,002,235 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/22 14:36:39 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 14:36:39 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 19:26:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 19:14:23 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/21 19:14:23 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/21 19:11:58 | 000,001,433 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/21 19:10:14 | 000,001,405 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/21 19:10:09 | 000,001,439 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/21 19:09:37 | 000,015,150 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/07/21 19:09:19 | 000,000,290 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/21 19:09:19 | 000,000,272 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/12 18:04:24 | 000,012,288 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2012/07/12 18:04:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/07/12 18:01:17 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/07/12 17:59:44 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2012/07/12 17:55:02 | 2386,317,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/12 17:54:06 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/07/12 17:54:06 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/07/12 17:54:06 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/07/12 17:54:06 | 000,004,440 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/07/12 17:54:06 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/07/12 17:54:05 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/07/12 17:54:05 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/12 17:54:05 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2012/07/12 17:54:03 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012/07/12 17:54:03 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin
[2012/07/12 17:54:03 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/07/12 17:54:03 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2012/07/12 17:53:59 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/12 17:53:59 | 000,439,300 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2012/07/12 09:29:52 | 004,534,272 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi

========== LOP Check ==========

[2012/07/23 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org
[2012/07/22 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\SecondLife
[2009/07/14 00:08:49 | 000,003,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello jettalvr00 and welcome to the GeeksToGo forums

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


I am looking at your log now but before I reply, could you please send the Extras.txt log which should be in the same place as OTL, C:\Users\Melissa\Downloads

Thanks

Satchfan
  • 0

#3
jettalvr00

jettalvr00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry, I didn't realize there was more than one report...here you go.


OTL Extras logfile created on: 7/27/2012 5:38:42 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Melissa\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 40.75% Memory free
5.92 Gb Paging File | 3.77 Gb Available in Paging File | 63.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 271.09 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B1DDB3-2E93-43C8-941E-A2695F1407E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04BBB605-C3DB-45D8-AEA5-9C59765F451B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0834FBC6-2DF8-4933-B472-091B8D4DE4A8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{15864348-6899-416D-AF42-B4B11567FD83}" = rport=445 | protocol=6 | dir=out | app=system |
"{23765E30-B493-477D-8757-0BE2C32EF026}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2A0192F3-6A4F-4507-A506-4F3F11FCCEB8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{558AAF55-A05D-4CFF-9153-9F1D61BF851A}" = lport=139 | protocol=6 | dir=in | app=system |
"{61D74CEC-F1E7-4671-B240-6CC6C72D217F}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C68AF61-B737-4AD4-89DB-1624739E2688}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{748B2EA9-F37C-4040-B757-9D5ACDFDE66C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D3445A9-AA15-44B8-AE22-C0CD077206BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{89A2660D-B1F6-494C-9BF1-15E3A71194C8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F5D8D2F-FD35-47B5-A16A-BA92A2F3DC6D}" = rport=138 | protocol=17 | dir=out | app=system |
"{9537A9CD-70F1-4102-9C34-C87A52F0D78D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9BBD5E4C-DAC1-4E13-BE8F-9AFCE6F96038}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F6E762E-D220-46A8-AEEB-63BCC0829977}" = lport=137 | protocol=17 | dir=in | app=system |
"{A8A7E7C5-2F8D-4C37-AC8B-233D02637EBD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C706E02F-4B22-4D81-AC87-C081C6274BA4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CA845B9A-34D2-4676-8009-5E6520926BC6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5177008-9549-48D1-BABA-E075925932E9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7AD26E4-CDC3-4782-88D2-83DB13294356}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0479B70F-B8CE-4BC0-8A40-F51A63E1060A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1579158A-E72F-45E8-B7A0-62B8815376AF}" = protocol=58 | dir=in | [email protected],-28545 |
"{2B85427E-261C-4A15-865E-70A86A368B44}" = protocol=1 | dir=in | [email protected],-28543 |
"{2C4D073E-1E83-4A98-B6C6-440C8BA329A6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34661C3C-BFAF-4C4A-A856-DA76F1ADD5F3}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{54D92B1A-F773-4378-9F8E-5415A6186C9D}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{55A81CD2-FA54-4C84-83B8-D33BA860035D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{634F7172-ACC8-42FE-A5E5-9E07F500A6E3}" = protocol=1 | dir=out | [email protected],-28544 |
"{6A284C91-C0E4-4B31-B61F-8F7B8844B74E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7267DDC2-B5E1-4E2D-9F2C-79C3CEF35DF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B9427B5-E540-4D54-A33C-EE135A7E550D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8815278A-CB27-4D8D-8119-F38CCFC34820}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB1DF1D4-4EC3-4530-93AC-068025673926}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B29BB66E-9360-45AA-904B-A89CB348ABEB}" = protocol=6 | dir=out | app=system |
"{B6E7BC74-3650-4EFA-805A-B496BE2535A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BA1CFAA1-C08A-4AA8-BF23-3DBF4C5E4ED1}" = protocol=58 | dir=out | [email protected],-28546 |
"{BB406073-C4AF-4E5F-A18D-8B5F6F5E59E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C659A341-5EC1-47A4-9A0A-A40AC7C1AE0F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{CC4F42B8-D097-4FA9-8B7B-D619634F6524}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DDA567B9-6B38-4635-AEA6-683F27A34252}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F3A6447F-687C-40F3-BCBB-CE8A126CE8C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F55FE875-5262-4C33-9DF8-361F0046A491}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F85584F8-92D1-4077-8185-B46AA47C6060}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4052E8E9-1C3F-4B8B-AA81-2FD30885E98B}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"UDP Query User{DB3CF873-374B-427A-BE46-6FF5C64947D6}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{7D220A57-969F-4D09-9297-D48195A8ABDD}" = HP Deskjet 3050 J610 series Basic Device Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SecondLifeViewer" = SecondLifeViewer (remove only)

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 7/21/2012 8:18:28 PM | Computer Name = Melissa-PC | Source = bowser | ID = 8003
Description =

Error - 7/21/2012 8:52:14 PM | Computer Name = Melissa-PC | Source = bowser | ID = 8003
Description =

Error - 7/21/2012 9:19:06 PM | Computer Name = Melissa-PC | Source = bowser | ID = 8003
Description =

Error - 7/21/2012 10:37:47 PM | Computer Name = Melissa-PC | Source = bowser | ID = 8003
Description =

Error - 7/21/2012 11:01:50 PM | Computer Name = Melissa-PC | Source = bowser | ID = 8003
Description =

Error - 7/22/2012 12:28:28 PM | Computer Name = Melissa-PC | Source = bowser | ID = 8003
Description =


< End of report >
  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Thanks for the log.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.2000.2(B)
    FF - prefs.js..keyword.URL: "http://search.alot.com/web?src_id=30662&client_id=18e4f6f40a18b84894122c42&camp_id=4052&install_time=2012-07-24T03:16:37Z&pr=auto&tb_version=1.0.18000(G)&q="
    FF - user.js - File not found
    [2012/07/23 22:16:36 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
    [2012/07/23 22:49:45 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
    [2012/07/23 22:16:35 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
    [2012/07/23 22:22:14 | 000,002,205 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\searchplugins\alot-search.xml
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

=================================================

Download and run ComboFix

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • when finished, it will produce a report for you.
  • please post the C:\ComboFix.txt for further review.

Logs to include in the next post:

OTL fix log
New OTL log
ComboFix.txt


Thanks

Satchfan
  • 0

#5
jettalvr00

jettalvr00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Ok, I accidentally closed the fix log. Is there a way I can retrieve it now?


OTL logfile created on: 7/27/2012 10:56:42 AM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Melissa\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 68.91% Memory free
5.92 Gb Paging File | 4.91 Gb Available in Paging File | 82.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 270.99 Gb Free Space | 90.91% Space Free | Partition Type: NTFS

Computer Name: MELISSA-PC | User Name: Melissa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 05:38:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Downloads\OTL.exe
PRC - [2012/07/21 19:26:28 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
PRC - [2012/07/13 19:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 12:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/23 14:06:12 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll
MOD - [2012/07/23 11:38:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/07/23 11:38:14 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/23 11:38:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/23 11:37:51 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/07/23 11:37:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/23 11:37:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/23 11:37:40 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/23 11:37:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/07/21 19:26:28 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
MOD - [2012/07/13 19:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/08/18 00:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/22 14:36:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 19:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/08 12:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/25 10:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/21 22:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/06/08 12:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/03 08:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/11 15:11:42 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/11/06 15:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/08 06:01:22 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2009/09/15 14:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/01 15:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 15:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 15:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 15:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 FA 2C 78 F1 68 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 19:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/21 19:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Extensions
[2012/07/27 10:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions
[2012/07/21 19:45:22 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
[2012/07/27 10:54:58 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
[2012/07/21 19:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 19:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 19:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 19:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80B091B9-E692-4D91-AB86-66C1D2C9F6E2}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 10:51:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/27 05:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/24 05:41:18 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Microsoft Games
[2012/07/23 22:17:33 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org
[2012/07/23 22:16:03 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
[2012/07/23 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRE
[2012/07/23 22:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/07/23 22:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/07/23 17:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/07/23 17:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/07/23 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/07/23 17:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/07/23 17:42:50 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\HP
[2012/07/23 17:33:54 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Adobe
[2012/07/23 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/07/23 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/07/23 17:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/07/23 11:28:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/07/23 11:28:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/07/22 20:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/22 20:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/07/22 20:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/22 14:37:49 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Google
[2012/07/22 14:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/22 14:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/07/22 14:36:35 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Google
[2012/07/22 14:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/07/22 14:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/22 11:10:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\SecondLife
[2012/07/22 11:10:38 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\SecondLife
[2012/07/22 11:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2012/07/22 11:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2012/07/21 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Macromedia
[2012/07/21 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Macromedia
[2012/07/21 19:26:39 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Adobe
[2012/07/21 19:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/07/21 19:26:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/21 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Mozilla
[2012/07/21 19:14:46 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Mozilla
[2012/07/21 19:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/21 19:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/21 19:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/21 19:10:23 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Intel Corporation
[2012/07/21 19:10:06 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/21 19:10:06 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Searches
[2012/07/21 19:10:06 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/21 19:10:06 | 000,000,000 | -H-D | C] -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/21 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Identities
[2012/07/21 19:09:49 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Contacts
[2012/07/21 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\VirtualStore
[2012/07/21 19:09:19 | 000,000,000 | --SD | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Videos
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Saved Games
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Pictures
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Music
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Links
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Favorites
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Downloads
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Documents
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\Desktop
[2012/07/21 19:09:19 | 000,000,000 | R--D | C] -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\AppData\Local\Temporary Internet Files
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Templates
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Start Menu
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\SendTo
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Recent
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\PrintHood
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\NetHood
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Documents\My Videos
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Documents\My Pictures
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Documents\My Music
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\My Documents
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Local Settings
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\AppData\Local\History
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Cookies
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\Application Data
[2012/07/21 19:09:19 | 000,000,000 | -HSD | C] -- C:\Users\Melissa\AppData\Local\Application Data
[2012/07/21 19:09:19 | 000,000,000 | -H-D | C] -- C:\Users\Melissa\AppData
[2012/07/21 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Temp
[2012/07/21 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Local\Microsoft
[2012/07/21 19:09:19 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Media Center Programs
[2012/07/21 19:09:03 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/07/12 18:04:24 | 000,000,000 | ---D | C] -- C:\Windows\Dell
[2012/07/12 18:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2012/07/12 18:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting
[2012/07/12 18:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netwaiting
[2012/07/12 18:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool
[2012/07/12 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2012/07/12 18:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Line Detect
[2012/07/12 18:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Dell
[2012/07/12 18:00:40 | 000,000,000 | ---D | C] -- C:\Dell
[2012/07/12 18:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/12 18:00:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2012/07/12 17:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/07/12 17:59:50 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/07/12 17:59:42 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/07/12 17:59:42 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/07/12 17:59:41 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/07/12 17:59:41 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/07/12 17:59:41 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/07/12 17:59:41 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/07/12 17:59:41 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/07/12 17:59:41 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/07/12 17:59:40 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/07/12 17:59:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/07/12 17:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/07/12 17:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/07/12 17:59:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/07/12 17:59:19 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/12 17:58:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2012/07/12 17:58:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2012/07/12 17:58:38 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/07/12 17:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/07/12 17:58:35 | 000,000,000 | ---D | C] -- C:\Intel
[2012/07/12 17:55:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/07/12 17:54:18 | 001,594,368 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/07/12 17:53:00 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2012/07/12 17:51:31 | 000,000,000 | ---D | C] -- C:\Drivers

========== Files - Modified Within 30 Days ==========

[2012/07/27 11:00:45 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/27 11:00:45 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/27 11:00:45 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/27 10:53:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/27 10:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 10:53:30 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/27 10:47:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 10:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/26 14:20:00 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 14:20:00 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/24 05:38:48 | 000,283,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/24 00:23:34 | 000,020,604 | ---- | M] () -- C:\Users\Melissa\Documents\me2.odt
[2012/07/23 22:19:22 | 000,001,635 | ---- | M] () -- C:\Users\Melissa\Documents\me.odb
[2012/07/23 22:18:03 | 000,001,231 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012/07/23 22:16:03 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2012/07/23 22:14:11 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2012/07/23 17:43:15 | 000,002,236 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2012/07/23 17:43:15 | 000,001,231 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2012/07/23 17:32:45 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/23 11:31:27 | 000,001,433 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/23 07:52:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/23 07:52:43 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/22 14:49:40 | 000,002,336 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/22 14:37:27 | 000,002,235 | ---- | M] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/21 22:07:58 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/07/21 22:07:58 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/07/21 19:14:23 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/21 19:09:37 | 000,015,150 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/07/12 18:04:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/07/12 18:01:17 | 000,001,957 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/07/12 09:29:52 | 004,534,272 | ---- | M] () -- C:\ProgramData\ReadOnlyInstaller.msi

========== Files Created - No Company Name ==========

[2012/07/24 00:23:33 | 000,020,604 | ---- | C] () -- C:\Users\Melissa\Documents\me2.odt
[2012/07/23 22:18:48 | 000,001,635 | ---- | C] () -- C:\Users\Melissa\Documents\me.odb
[2012/07/23 22:18:03 | 000,001,231 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2012/07/23 22:16:03 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2012/07/23 22:14:11 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2012/07/23 17:43:15 | 000,002,236 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series.lnk
[2012/07/23 17:43:15 | 000,001,231 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 3050 J610 series Scan.lnk
[2012/07/23 17:32:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/23 17:32:45 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/23 07:52:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/23 07:52:43 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/22 14:37:27 | 000,002,336 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/22 14:37:27 | 000,002,235 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/22 14:36:39 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 14:36:39 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/21 19:26:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/21 19:14:23 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/21 19:14:23 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/21 19:11:58 | 000,001,433 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/21 19:10:14 | 000,001,405 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/07/21 19:10:09 | 000,001,439 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/21 19:09:37 | 000,015,150 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/07/21 19:09:19 | 000,000,290 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/21 19:09:19 | 000,000,272 | ---- | C] () -- C:\Users\Melissa\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/12 18:04:24 | 000,012,288 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2012/07/12 18:04:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/07/12 18:01:17 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/07/12 17:59:44 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2012/07/12 17:55:02 | 2386,317,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/12 17:54:06 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/07/12 17:54:06 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/07/12 17:54:06 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/07/12 17:54:06 | 000,004,440 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/07/12 17:54:06 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/07/12 17:54:05 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/07/12 17:54:05 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/12 17:54:05 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2012/07/12 17:54:03 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2012/07/12 17:54:03 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin
[2012/07/12 17:54:03 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/07/12 17:54:03 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2012/07/12 17:53:59 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/12 17:53:59 | 000,439,300 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2012/07/12 09:29:52 | 004,534,272 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi

========== LOP Check ==========

[2012/07/23 22:17:33 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org
[2012/07/22 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\SecondLife
[2009/07/14 00:08:49 | 000,003,874 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >





ComboFix 12-07-27.03 - Melissa 07/27/2012 11:10:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3034.1684 [GMT -5:00]
Running from: c:\users\Melissa\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ReadOnlyInstaller.msi
c:\programdata\uninstaller.exe
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome.manifest
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\background.html
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\browser.xul
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\crossrider.js
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\crossriderapi.js
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\dialog.js
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\options.js
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\options.xul
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\search_dialog.xul
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content\update.html
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults\preferences\prefs.js
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\install.rdf
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\locale\en-US\translations.dtd
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\button1.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\button2.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\button3.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\button4.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\button5.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\crossrider_statusbar.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\icon128.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\icon16.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\icon24.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\icon48.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\panelarrow-up.png
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\popup.css
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\popup.html
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\popup_binding.xml
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\skin.css
c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 16:13 . 2012-07-27 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 15:51 . 2012-07-27 15:51 -------- d-----w- C:\_OTL
2012-07-27 15:00 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4ACED603-EBC6-46EE-BA15-F1295110A68D}\mpengine.dll
2012-07-27 10:13 . 2012-07-27 10:13 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-24 03:15 . 2012-07-24 03:15 -------- d-----w- c:\program files (x86)\JRE
2012-07-24 03:15 . 2012-07-24 03:15 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-07-24 03:14 . 2012-07-24 03:20 -------- d-----w- c:\programdata\WeCareReminder
2012-07-23 22:43 . 2010-11-17 02:24 750440 ------w- c:\windows\system32\HPDiscoPM9311.dll
2012-07-23 22:43 . 2012-07-23 22:44 -------- d-----w- c:\programdata\HP
2012-07-23 22:43 . 2012-07-23 22:43 -------- d-----w- c:\program files (x86)\HP
2012-07-23 22:43 . 2012-07-23 22:43 -------- d-----w- c:\program files\HP
2012-07-23 22:32 . 2012-07-23 22:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-07-23 16:28 . 2012-07-23 16:28 -------- d-----w- c:\windows\SysWow64\Wat
2012-07-23 16:28 . 2012-07-23 16:28 -------- d-----w- c:\windows\system32\Wat
2012-07-23 16:03 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-07-23 16:03 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-07-23 15:59 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-23 12:55 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-07-23 12:55 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-07-23 12:55 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-23 12:55 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-07-23 12:55 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-07-23 12:55 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-07-23 12:55 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-23 12:55 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-07-23 12:55 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-23 12:55 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-07-23 12:43 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-07-23 12:43 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-07-23 12:43 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-07-23 12:43 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-07-23 12:43 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-07-23 12:43 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-07-23 12:43 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-07-23 12:41 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-07-23 12:41 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-07-23 01:09 . 2012-07-23 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-23 01:09 . 2012-07-23 01:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-22 19:36 . 2012-07-22 19:36 -------- d-----w- c:\program files\Google
2012-07-22 19:36 . 2012-07-22 19:37 -------- d-----w- c:\program files (x86)\Google
2012-07-22 16:25 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-07-22 16:25 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-07-22 16:25 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2012-07-22 16:25 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2012-07-22 16:25 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-07-22 16:25 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-07-22 16:25 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-07-22 16:25 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2012-07-22 16:25 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-07-22 16:25 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-07-22 16:23 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2012-07-22 16:23 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2012-07-22 16:23 . 2010-08-04 07:07 552960 ----a-w- c:\windows\system32\msdri.dll
2012-07-22 16:23 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-07-22 16:23 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-07-22 16:23 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-07-22 16:23 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2012-07-22 16:23 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2012-07-22 16:19 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-07-22 16:18 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2012-07-22 16:16 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-22 16:16 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-07-22 16:16 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-07-22 16:16 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-07-22 16:16 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-07-22 16:16 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-07-22 16:14 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2012-07-22 16:13 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-07-22 16:13 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-07-22 16:10 . 2012-07-22 16:10 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-07-22 16:05 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-07-22 16:05 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-07-22 00:26 . 2012-07-22 19:36 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-22 00:26 . 2012-07-22 19:36 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-22 00:26 . 2012-07-22 00:26 -------- d-----w- c:\windows\SysWow64\Macromed
2012-07-22 00:26 . 2012-07-22 00:26 -------- d-----w- c:\windows\system32\Macromed
2012-07-22 00:14 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-07-22 00:14 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-07-22 00:14 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-07-22 00:14 . 2012-07-22 00:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-22 00:14 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-07-22 00:14 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-07-22 00:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-22 00:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-22 00:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-22 00:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-22 00:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-22 00:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-22 00:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-22 00:09 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-22 00:09 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-22 00:09 . 2012-07-22 00:10 -------- d-----w- c:\users\Melissa
2012-07-22 00:09 . 2012-07-22 00:09 -------- d-----w- C:\Recovery
2012-07-12 23:04 . 2009-11-11 20:11 7367200 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2012-07-12 23:04 . 2009-11-11 20:11 232480 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2012-07-12 23:04 . 2012-07-12 23:04 -------- d-----w- c:\windows\Dell
2012-07-12 23:04 . 2009-11-11 20:11 7367200 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-07-12 23:04 . 2009-11-11 20:11 422432 ----a-w- c:\windows\system32\RtsUStor.dll
2012-07-12 23:04 . 2009-10-07 20:20 12288 ----a-w- c:\windows\EvtMessage.dll
2012-07-12 23:04 . 2012-07-12 23:04 -------- d-----w- c:\program files\DellTPad
2012-07-12 23:04 . 2012-07-12 23:04 -------- d-----w- c:\program files (x86)\Netwaiting
2012-07-12 23:03 . 2012-07-12 23:03 -------- d-----w- c:\program files\Modem Diagnostic Tool
2012-07-12 23:01 . 2012-07-12 23:01 -------- d-----w- c:\program files (x86)\Digital Line Detect
2012-07-12 23:01 . 2012-07-12 23:01 -------- d-----w- c:\programdata\Dell
2012-07-12 23:00 . 2012-07-12 23:00 -------- d-----w- C:\Dell
2012-07-12 23:00 . 2012-07-12 23:00 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2012-07-12 22:58 . 2012-07-12 22:58 -------- d-----w- c:\windows\SysWow64\x64
2012-07-12 22:58 . 2012-07-12 22:58 -------- d-----w- c:\windows\SysWow64\Lang
2012-07-12 22:58 . 2009-11-17 15:46 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe
2012-07-12 22:58 . 2012-07-12 22:59 -------- d-----w- c:\program files (x86)\Intel
2012-07-12 22:58 . 2009-11-02 19:03 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-07-12 22:58 . 2012-07-12 22:58 -------- d-----w- C:\Intel
2012-07-12 22:53 . 2009-11-06 20:01 439300 ----a-w- c:\windows\SysWow64\igcompkrng500.bin
2012-07-12 22:53 . 2009-11-06 20:01 439300 ----a-w- c:\windows\system32\igcompkrng500.bin
2012-07-12 22:53 . 2009-11-06 19:40 3802624 ----a-w- c:\windows\system32\igd10umd64.dll
2012-07-12 22:53 . 2009-11-06 19:33 3649536 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-07-12 22:53 . 2009-11-06 19:24 8095232 ----a-w- c:\windows\system32\ig4icd64.dll
2012-07-12 22:53 . 2009-11-06 19:25 5199872 ----a-w- c:\windows\system32\ig4dev64.dll
2012-07-12 22:53 . 2009-11-06 19:11 6042112 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-07-12 22:53 . 2009-11-17 15:46 387608 ----a-w- c:\windows\system32\hkcmd.exe
2012-07-12 22:53 . 2009-11-17 15:46 106008 ----a-w- c:\windows\system32\difx64.exe
2012-07-12 22:53 . 2009-11-06 19:12 3842048 ----a-w- c:\windows\SysWow64\ig4dev32.dll
2012-07-12 22:53 . 2009-11-06 18:52 108544 ----a-w- c:\windows\system32\hccutils.dll
2012-07-12 22:53 . 2010-06-25 15:33 76912 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2012-07-12 22:52 . 2010-06-01 02:38 105840 ----a-w- c:\windows\system32\Vxdif.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 17:25 . 2010-01-15 16:40 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2012-7-12 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 250056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 136176]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-10-08 60416]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-23 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CDFS
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-22 19:36]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 19:36]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-22 19:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-17 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-17 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-17 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-14 10918504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?ilc=17
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 11:16:25
ComboFix-quarantined-files.txt 2012-07-27 16:16
.
Pre-Run: 290,902,597,632 bytes free
Post-Run: 290,520,862,720 bytes free
.
- - End Of File - - B4F55856AEB22AE395185001CC82044D
  • 0

#6
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
The OTL fix log can be found at C:\_OTL\MovedFiles. The file name will consist of numbers that reflect the date and time the fix was run. It will be something like 27072012_111009.log.

I have to go out now but will try to reply later.

Satchfan
  • 0

#7
jettalvr00

jettalvr00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ not found.
Prefs.js: "http://search.alot.c...ion=1.0.18000(G)&q=" removed from keyword.URL
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\gen folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected] folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected] folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome\logo folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\extensions\[email protected] folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\hn7ye2ci.default\searchplugins\alot-search.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Melissa
->Temp folder emptied: 219449105 bytes
->Temporary Internet Files folder emptied: 107156618 bytes
->FireFox cache emptied: 262918011 bytes
->Flash cache emptied: 6689 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11762040 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46413680 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 618.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07272012_105104

Files\Folders moved on Reboot...
C:\Users\Melissa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W8EAC88Z\WiPlayer[1].htm moved successfully.
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...
File C:\Users\Melissa\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W8EAC88Z\WiPlayer[1].htm not found!
File C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...
  • 0

#8
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
That’s looking better.

Please open Windows explorer, (Windows key+E). and delete this folder:

c:\programdata\WeCareReminder

========================================================

Download Malwarebytes-Anti-Malware

Click here

  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please tell me how your computer is running and if there are any remaining problems.

Satchfan
  • 0

#9
jettalvr00

jettalvr00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
It's running awesome!!!!! Thanks!



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Melissa :: MELISSA-PC [administrator]

Protection: Enabled

7/28/2012 6:12:51 AM
mbam-log-2012-07-28 (06-12-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188751
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Looking good. A couple more scans and if all is well we should be ready to tidy up.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan


1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.


3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push FinishIf a log has been produced post it in your next reply.

NOTE. If Eset doesn't find any threats, it won't produce a log.

================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.
Satchfan
  • 0

#11
jettalvr00

jettalvr00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
no eset log


Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 12.0.742.100
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
  • 0

#12
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Your computer appears to be clean. :thumbsup:

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall Combofix

Follow these steps to uninstall Combofix
  • click START then RUN
  • now type Combofix /uninstall in the runbox and click OK.
Note the space between the X and the /, it needs to be there.
Posted Image
  • please follow the prompts to uninstall Combofix.
  • once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.
===================================================

Uninstall OTL

  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

You can just delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Antivirus

You have no active antivirus on your computer. If you use the Internet without an antivirus your computer will certainly become infected again. It is also imperative that you update your Antivirus software at least once a week, (even more if you wish). If you do not update it, it will not be able to catch any of the new variants of malware that come out on a daily basis.

Do NOT install more than one or they will fight against each other and render both ineffective.

Here are some of the better AV products.

Download and install one of these free antivirus programs:


Free Avast Home Edition
Avira AntiVir® Personal Edition Classic
Microsoft Security Essentials

===================================================

Windows updates

I notice that Windows updates are waiting to be installed. You have no Service Pack and this is a security risk. Click here for information on how to get the latest Windows updates:

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Install Spybot - Search and Destroy - Download and install Spybot Search and Destroy which provides real time spyware and hijacker protection .

You should scan your computer with the program on a regular basis as you would with your anti-virus software.

A tutorial on installing and using SS&D can be found here

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Safe computing

Satchfan
  • 0

#13
jettalvr00

jettalvr00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thank you so much!!!
  • 0

#14
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Tou're welcome :)
  • 0

#15
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP