Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus through adobe reader or flash...? [Closed]

Started by andilee , Sep 01 2012 04:44 PM

  • This topic is locked This topic is locked

#1
andilee
Posted 01 September 2012 - 04:44 PM

andilee

    Member

  • Member
  • PipPip
  • 17 posts
virus probably through adobe flash or reader
just scanned otl:

OTL logfile created on: 9/1/2012 5:30:10 PM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Andrea\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.73% Memory free
7.81 Gb Paging File | 6.15 Gb Available in Paging File | 78.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 25.66 Gb Free Space | 21.52% Space Free | Partition Type: NTFS
Drive D: | 153.85 Gb Total Space | 4.53 Gb Free Space | 2.94% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: SWEETIE | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/01 17:27:58 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Downloads\OTL.exe
PRC - [2012/08/26 09:58:49 | 001,193,176 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/24 21:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/22 20:23:37 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/04 15:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/10/04 15:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/21 18:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 19:23:50 | 000,400,384 | ---- | M] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Users\Andrea\AppData\Local\Temp\wzcb98\JavaRa.exe
PRC - [2010/11/15 13:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/26 09:58:49 | 001,193,176 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/22 20:23:26 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/04 15:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/03 19:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/08/13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/22 20:23:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/06/14 12:40:08 | 000,828,032 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\temp\0230951346537999mcinst.exe -- (0230951346537999mcinstcleanup)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/08 17:48:30 | 000,092,800 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 21:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 21:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 04:41:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/03 04:41:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 22:35:40 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 22:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/31 02:42:04 | 002,769,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/02 13:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 13:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/25 22:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/31 05:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/20 08:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 04:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 12:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000c860000a5ac7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS472
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = browseforchange/search/redirect/?type=default&user_id=1e7ab745-7402-46f5-b796-9f714b0a78a0&query={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smile...DS&a=6OyytkGr1t
IE - HKCU\..\SearchScopes\{ED358191-76A4-4D80-AF05-59D365B619F9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.toltecspirit.com/"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\Andrea\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/01 17:19:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/01 08:22:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/20 02:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2012/08/21 16:21:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions
[2012/08/14 22:03:51 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/08/21 16:21:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/09/01 08:22:23 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/07/28 14:08:44 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/06/12 13:58:09 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/06/09 01:34:13 | 000,002,324 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\askcom.xml
[2012/04/06 02:29:31 | 000,002,264 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\audiblecom.xml
[2012/04/10 14:23:07 | 000,002,172 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\MyStart Search.xml
[2012/06/11 14:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/27 19:00:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/05 08:47:11 | 000,088,908 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
[1832/11/28 23:37:17 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\[email protected]
[2012/07/22 20:23:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 21:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/11 22:39:51 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
[2012/08/24 21:00:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
CHR - Extension: Skype Click to Call = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: Yontoo = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Vuze Remote = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\
CHR - Extension: Gmail = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/02 15:32:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Spotify] C:\Users\Andrea\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Andrea\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andrea\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA99E6A4-0090-4232-ADB1-A32A4D50F9BF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/01 17:23:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/09/01 14:00:48 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/09/01 08:46:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/09/01 08:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/08/27 07:30:33 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Plex
[2012/08/26 21:56:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center
[2012/08/26 21:55:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2012/08/26 15:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/26 14:56:09 | 000,000,000 | R--D | C] -- C:\Users\Andrea\Dropbox
[2012/08/26 14:54:52 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/26 14:54:10 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Dropbox
[2012/08/26 09:59:01 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Spotify
[2012/08/26 09:57:41 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\Spotify
[2012/08/23 13:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012/08/23 13:54:25 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\WinZip
[2012/08/23 13:54:19 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012/08/23 13:54:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\winzip
[2012/08/20 16:17:43 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{9605CA95-7C59-48DB-94A7-25B19FA92AD4}
[2012/08/14 22:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/08/14 22:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/08/14 22:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012/08/12 06:14:59 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\financial peace
[2012/08/12 05:00:51 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{C7BEC43A-0CF3-44EF-8A94-404E65728654}
[2012/08/12 05:00:39 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{C43F7A69-148E-4482-9327-0E384F52CB08}
[2012/08/11 12:53:34 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{8A680381-576C-4C58-A34D-82DD5525F71A}
[2012/08/11 12:53:19 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{8E33C487-8607-4C5E-BE0C-786FBBFBB8CC}
[2012/08/10 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{1B52447C-D7CD-4064-960C-F30C88E6EF4B}
[2012/08/10 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{A831EE1B-30F6-4B54-8CBE-1C37550A3454}
[2012/08/08 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{721B4605-89EA-40F2-B762-FDA542869632}
[2012/08/08 22:15:58 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{4DFD34AC-C1FB-405F-9A21-144D63DAB517}
[2012/08/08 10:15:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{9AD5DC73-9776-4BDA-90B2-9D5C46D46EB2}
[2012/08/08 10:15:25 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{A993310F-BF71-49C4-A3DC-79E53FF06A9C}
[2012/08/07 22:12:53 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\air-purifier-review_files
[2012/08/07 20:52:39 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\fedschoolloansuzeorman_files
[2012/08/07 10:52:11 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{BE329E01-B6A7-47C4-9B6D-3CF011B24085}
[2012/08/06 22:33:29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{B7311D95-FA0C-45D1-9D5F-D8A9F8A058A4}
[2012/08/06 10:32:55 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{D5712435-555B-404A-ADFD-DFA43C2EB149}
[2012/08/05 22:32:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{FE11ADD4-C598-4172-9B24-AF59229E0CB6}
[2012/08/05 22:32:11 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{B58F7482-A796-4CD9-823B-F0CF4BFB2895}
[2012/08/05 07:58:50 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{C49EE7FE-29FF-4647-8F14-A4005391F949}
[2012/08/05 07:58:36 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{B330A687-FA92-439A-931F-98886998B999}
[2012/08/04 13:01:17 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{C9519909-F06D-456E-81BE-74F0B4A5AF80}
[2012/08/04 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{A677E4DE-0936-4BC2-925F-F2A2EF5DBC3F}
[2012/08/03 13:32:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{B8B0ADC4-5BA3-447D-B438-788D1B4A2D6B}
[2012/08/03 13:32:11 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{A5C343EF-AD0D-4CE2-A4B7-4DFC7F4DD92A}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/01 17:24:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 17:24:21 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/01 17:12:25 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/01 17:12:23 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2012/09/01 17:11:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/01 17:11:40 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 15:11:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/01 15:09:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001UA.job
[2012/09/01 14:02:13 | 000,003,480 | ---- | M] () -- C:\bootsqm.dat
[2012/08/30 08:03:39 | 000,081,650 | ---- | M] () -- C:\Users\Andrea\Desktop\2012-08-02163038.jpg
[2012/08/30 08:03:39 | 000,081,650 | ---- | M] () -- C:\Users\Andrea\Desktop\2012-08-02163038 (2).jpg
[2012/08/30 05:22:52 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001Core.job
[2012/08/29 08:02:00 | 000,100,093 | ---- | M] () -- C:\Users\Andrea\Desktop\2012-08-18161627.jpg
[2012/08/27 16:01:54 | 000,005,632 | ---- | M] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 14:26:54 | 000,347,529 | ---- | M] () -- C:\Users\Andrea\Documents\weddingbeedress250.png
[2012/08/27 14:17:29 | 000,306,196 | ---- | M] () -- C:\Users\Andrea\Documents\drugstore dot com.png
[2012/08/26 15:41:54 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/26 15:41:54 | 000,002,096 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/26 15:16:29 | 002,296,300 | ---- | M] () -- C:\Users\Andrea\Desktop\Calendar starting aug 26 2012.dotm
[2012/08/26 15:12:58 | 000,023,057 | ---- | M] () -- C:\Users\Andrea\Documents\first time cleaning track sheet - time etc.dotx
[2012/08/26 15:11:33 | 000,013,195 | ---- | M] () -- C:\Users\Andrea\Desktop\Downloads - Shortcut.lnk
[2012/08/26 15:10:52 | 000,033,549 | ---- | M] () -- C:\Users\Andrea\Documents\invoice template.dotx
[2012/08/26 15:07:14 | 000,213,710 | ---- | M] () -- C:\Users\Andrea\Documents\newemail.png
[2012/08/26 14:56:09 | 000,001,043 | ---- | M] () -- C:\Users\Andrea\Desktop\Dropbox.lnk
[2012/08/26 14:55:02 | 000,001,053 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/26 09:58:59 | 000,001,813 | ---- | M] () -- C:\Users\Andrea\Desktop\Spotify.lnk
[2012/08/26 09:51:38 | 000,798,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/26 09:51:38 | 000,674,310 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/26 09:51:38 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/23 15:47:02 | 000,037,546 | ---- | M] () -- C:\Users\Andrea\Desktop\GGG.csv
[2012/08/23 13:54:27 | 000,002,321 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/08/23 13:41:27 | 012,025,392 | ---- | M] () -- C:\Users\Andrea\Desktop\workbook_answers.pdf
[2012/08/23 13:16:19 | 000,336,262 | ---- | M] () -- C:\Users\Andrea\Desktop\tmmo_babysteps.pdf
[2012/08/22 20:29:50 | 000,438,567 | ---- | M] () -- C:\Users\Andrea\Documents\glasses receipt.png
[2012/08/22 18:44:11 | 000,036,128 | ---- | M] () -- C:\Users\Andrea\Documents\plog082212.csv
[2012/08/22 18:28:34 | 000,001,815 | ---- | M] () -- C:\Users\Andrea\Desktop\game201208220001 - Shortcut.lnk
[2012/08/22 17:51:41 | 000,010,599 | ---- | M] () -- C:\Users\Andrea\Documents\playerpicks80.pdf
[2012/08/21 08:49:49 | 000,001,163 | ---- | M] () -- C:\Users\Andrea\Desktop\13880385_75x75.jpg
[2012/08/21 08:49:38 | 000,001,678 | ---- | M] () -- C:\Users\Andrea\Desktop\13460550_75x75.jpg
[2012/08/21 07:19:04 | 000,193,885 | ---- | M] () -- C:\Users\Andrea\Documents\sprintbillpaid082112.png
[2012/08/16 16:22:55 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/15 20:14:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\IMG_5266.jpg
[2012/08/15 17:37:59 | 000,434,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 18:27:27 | 000,036,942 | ---- | M] () -- C:\Users\Andrea\Desktop\dressonmodel.jpg
[2012/08/14 18:26:26 | 000,019,163 | ---- | M] () -- C:\Users\Andrea\Desktop\dressonmanacan.jpg
[2012/08/09 23:36:17 | 000,045,911 | ---- | M] () -- C:\Users\Andrea\Desktop\www.wisc.png
[2012/08/09 16:01:44 | 000,197,097 | ---- | M] () -- C:\Users\Andrea\Documents\chasepayment aug9 plus 250chk scott and electric check i believe.png
[2012/08/09 12:33:42 | 000,295,254 | ---- | M] () -- C:\Users\Andrea\Documents\encore nationwide.png
[2012/08/07 22:13:03 | 000,160,506 | ---- | M] () -- C:\Users\Andrea\Desktop\air-purifier-review.html
[2012/08/07 20:53:02 | 000,029,160 | ---- | M] () -- C:\Users\Andrea\Desktop\suze fedloan.htm
[2012/08/05 13:31:02 | 000,001,087 | ---- | M] () -- C:\Users\Andrea\Desktop\Documents - Shortcut.lnk
[2012/08/04 12:37:25 | 000,044,909 | ---- | M] () -- C:\Users\Andrea\Desktop\CLEANINGFLYERSHARPENED.jpg
[2012/08/04 11:49:03 | 000,070,777 | ---- | M] () -- C:\Users\Andrea\Desktop\cleaningflyer.jpg
[2012/08/03 13:54:45 | 000,032,699 | ---- | M] () -- C:\Users\Andrea\Desktop\cleaning service.jpg
[2012/08/03 13:31:42 | 000,101,431 | ---- | M] () -- C:\Users\Andrea\Desktop\bestphotoof masons.jpg
[2012/08/03 13:31:11 | 000,075,056 | ---- | M] () -- C:\Users\Andrea\Desktop\masonwedcnt.jpg
[2012/08/03 13:30:55 | 000,101,431 | ---- | M] () -- C:\Users\Andrea\Desktop\masonjarsweddingcenter.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/01 14:02:13 | 000,003,480 | ---- | C] () -- C:\bootsqm.dat
[2012/08/30 08:44:01 | 000,081,650 | ---- | C] () -- C:\Users\Andrea\Desktop\2012-08-02163038 (2).jpg
[2012/08/30 08:03:25 | 000,081,650 | ---- | C] () -- C:\Users\Andrea\Desktop\2012-08-02163038.jpg
[2012/08/29 08:01:56 | 000,100,093 | ---- | C] () -- C:\Users\Andrea\Desktop\2012-08-18161627.jpg
[2012/08/27 14:26:54 | 000,347,529 | ---- | C] () -- C:\Users\Andrea\Documents\weddingbeedress250.png
[2012/08/27 14:17:29 | 000,306,196 | ---- | C] () -- C:\Users\Andrea\Documents\drugstore dot com.png
[2012/08/26 15:16:28 | 002,296,300 | ---- | C] () -- C:\Users\Andrea\Desktop\Calendar starting aug 26 2012.dotm
[2012/08/26 15:12:57 | 000,023,057 | ---- | C] () -- C:\Users\Andrea\Documents\first time cleaning track sheet - time etc.dotx
[2012/08/26 15:11:42 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/08/26 15:11:42 | 000,002,096 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/26 15:11:33 | 000,013,195 | ---- | C] () -- C:\Users\Andrea\Desktop\Downloads - Shortcut.lnk
[2012/08/26 15:10:48 | 000,033,549 | ---- | C] () -- C:\Users\Andrea\Documents\invoice template.dotx
[2012/08/26 15:07:13 | 000,213,710 | ---- | C] () -- C:\Users\Andrea\Documents\newemail.png
[2012/08/26 14:56:09 | 000,001,043 | ---- | C] () -- C:\Users\Andrea\Desktop\Dropbox.lnk
[2012/08/26 14:55:02 | 000,001,053 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/26 09:58:59 | 000,001,813 | ---- | C] () -- C:\Users\Andrea\Desktop\Spotify.lnk
[2012/08/26 09:58:59 | 000,001,799 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/08/23 13:54:27 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012/08/23 13:41:26 | 012,025,392 | ---- | C] () -- C:\Users\Andrea\Desktop\workbook_answers.pdf
[2012/08/23 13:16:19 | 000,336,262 | ---- | C] () -- C:\Users\Andrea\Desktop\tmmo_babysteps.pdf
[2012/08/23 09:54:52 | 000,037,546 | ---- | C] () -- C:\Users\Andrea\Desktop\GGG.csv
[2012/08/22 20:29:50 | 000,438,567 | ---- | C] () -- C:\Users\Andrea\Documents\glasses receipt.png
[2012/08/22 18:28:34 | 000,001,815 | ---- | C] () -- C:\Users\Andrea\Desktop\game201208220001 - Shortcut.lnk
[2012/08/22 17:51:41 | 000,010,599 | ---- | C] () -- C:\Users\Andrea\Documents\playerpicks80.pdf
[2012/08/22 17:44:00 | 000,036,128 | ---- | C] () -- C:\Users\Andrea\Documents\plog082212.csv
[2012/08/21 08:49:48 | 000,001,163 | ---- | C] () -- C:\Users\Andrea\Desktop\13880385_75x75.jpg
[2012/08/21 08:49:36 | 000,001,678 | ---- | C] () -- C:\Users\Andrea\Desktop\13460550_75x75.jpg
[2012/08/21 07:19:04 | 000,193,885 | ---- | C] () -- C:\Users\Andrea\Documents\sprintbillpaid082112.png
[2012/08/15 20:14:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\IMG_5266.jpg
[2012/08/14 18:27:27 | 000,036,942 | ---- | C] () -- C:\Users\Andrea\Desktop\dressonmodel.jpg
[2012/08/14 18:26:25 | 000,019,163 | ---- | C] () -- C:\Users\Andrea\Desktop\dressonmanacan.jpg
[2012/08/09 23:36:12 | 000,045,911 | ---- | C] () -- C:\Users\Andrea\Desktop\www.wisc.png
[2012/08/09 16:01:40 | 000,197,097 | ---- | C] () -- C:\Users\Andrea\Documents\chasepayment aug9 plus 250chk scott and electric check i believe.png
[2012/08/09 12:33:42 | 000,295,254 | ---- | C] () -- C:\Users\Andrea\Documents\encore nationwide.png
[2012/08/07 22:12:52 | 000,160,506 | ---- | C] () -- C:\Users\Andrea\Desktop\air-purifier-review.html
[2012/08/07 20:52:38 | 000,029,160 | ---- | C] () -- C:\Users\Andrea\Desktop\suze fedloan.htm
[2012/08/05 13:31:02 | 000,001,087 | ---- | C] () -- C:\Users\Andrea\Desktop\Documents - Shortcut.lnk
[2012/08/04 12:37:25 | 000,044,909 | ---- | C] () -- C:\Users\Andrea\Desktop\CLEANINGFLYERSHARPENED.jpg
[2012/08/04 11:49:03 | 000,070,777 | ---- | C] () -- C:\Users\Andrea\Desktop\cleaningflyer.jpg
[2012/08/03 13:54:43 | 000,032,699 | ---- | C] () -- C:\Users\Andrea\Desktop\cleaning service.jpg
[2012/08/03 13:31:42 | 000,101,431 | ---- | C] () -- C:\Users\Andrea\Desktop\bestphotoof masons.jpg
[2012/08/03 13:31:07 | 000,075,056 | ---- | C] () -- C:\Users\Andrea\Desktop\masonwedcnt.jpg
[2012/08/03 13:30:54 | 000,101,431 | ---- | C] () -- C:\Users\Andrea\Desktop\masonjarsweddingcenter.jpg
[2012/06/06 15:36:22 | 000,225,413 | ---- | C] () -- C:\Users\Andrea\AVGInstLog.cab
[2012/04/29 12:33:51 | 000,002,235 | ---- | C] () -- C:\Users\Andrea\Kindle.lnk
[2012/04/20 12:35:25 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/18 12:24:54 | 000,033,134 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\UserTile.png
[2012/04/01 14:44:14 | 000,240,855 | ---- | C] () -- C:\Users\Andrea\StudentNotebook.onepkg
[2012/04/01 09:27:39 | 000,005,632 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 20:30:58 | 000,007,607 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2012/01/07 22:19:43 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/11/03 05:19:25 | 000,812,508 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 22:50:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 22:49:58 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 22:49:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 22:49:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 22:49:47 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/02/20 01:51:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ASUS WebStorage
[2012/06/07 00:40:32 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG
[2012/08/26 23:19:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Azureus
[2012/03/30 12:25:26 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Babylon
[2012/04/23 10:39:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/01 17:12:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Dropbox
[2012/06/07 15:38:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\IObit
[2012/02/24 02:07:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nuance
[2012/05/02 19:49:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Primal 3D Body
[2012/03/11 22:40:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Shutterfly
[2012/08/06 06:37:51 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Smilebox
[2012/07/19 07:50:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\SoftGrid Client
[2012/09/01 17:16:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Spotify
[2012/05/02 13:59:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer
[2012/03/10 14:27:06 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TP
[2012/03/09 20:01:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Windows Live Writer
[2012/02/20 04:20:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zeon
[2009/07/14 00:08:49 | 000,017,878 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\encore background.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\background encore signed.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

Advertisements

#2
WhiteHat
Posted 02 September 2012 - 11:17 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTl
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000c860000a5ac7
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = browseforchange/search/redirect/?type=default&user_id=1e7ab745-7402-46f5-b796-9f714b0a78a0&query={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smile...DS&a=6OyytkGr1t
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q="
[2012/08/21 16:21:23 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2012/06/09 01:34:13 | 000,002,324 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\askcom.xml
[2012/07/28 14:08:44 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/04/06 02:29:31 | 000,002,264 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\audiblecom.xml
[2012/04/10 14:23:07 | 000,002,172 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\MyStart Search.xml
[2012/03/11 22:39:51 | 000,002,127 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
CHR - Extension: Yontoo = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Yontoo = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\
CHR - Extension: Vuze Remote = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

:Files
ipconfig /flushdns /c

:Commands
[CREATERESTOREPOINT]
[EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY:

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#3
andilee
Posted 02 September 2012 - 01:08 PM

andilee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Moved files

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\Plugins folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\modules folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\askcom.xml moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\skin folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\locale folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\content folder moved successfully.
Folder move failed. C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected] scheduled to be moved on reboot.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\audiblecom.xml moved successfully.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\searchplugins\MyStart Search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0 folder moved successfully.
File C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0 not found.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\plugins folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Options folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\rssItem folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\popup folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\icons\useful_components folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\icons\urlGadget folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\icons folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\base64\searchBox folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\base64\rssItem folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\base64\ifarme folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\base64\icons folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\base64\dyamincMenu folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media\base64 folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Media folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\utils\interface folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\utils folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\usage folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\translation folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\toolbarsManager folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\toolbarInfo folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\settings folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\serviceMap folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\login folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\jsonData folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\feed folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\cookieMonster folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\ContextMenuService folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\aliasReplace folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\alerts folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services\404 folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\services folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\popup\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\popup\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\popup folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\lib folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\xmlMenu\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\xmlMenu\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\xmlMenu\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\xmlMenu folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\urlGadget\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\urlGadget\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\urlGadget\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\urlGadget folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\multiRssItem\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\multiRssItem\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\multiRssItem\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\multiRssItem folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\menuPanel\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\menuPanel\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\menuPanel\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\menuPanel folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\gadgets\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\gadgets\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\gadgets folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\factories\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\factories\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\factories folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\dynamicMenu\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\dynamicMenu\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\dynamicMenu\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\dynamicMenu\consts folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\dynamicMenu folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\contextMenu\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\contextMenu\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\contextMenu\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\contextMenu folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\container folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\components\view\InjectScript folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\components\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\components\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\components\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\components folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items\about folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\items folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\css folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\compatibility folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\API\Toolbar folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\API\Component\view folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\API\Component\model folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\API\Component\controller folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\API\Component folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js\API folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\js folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0\Css folder moved successfully.
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.15.10_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andrea\Desktop\cmd.bat deleted successfully.
C:\Users\Andrea\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Andrea
->Temp folder emptied: 300232651 bytes
->Temporary Internet Files folder emptied: 207198703 bytes
->Java cache emptied: 104653 bytes
->FireFox cache emptied: 57133371 bytes
->Google Chrome cache emptied: 14804368 bytes
->Flash cache emptied: 54143 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116175527 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 2199934 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 8544896148 bytes

Total Files Cleaned = 8,815.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 09022012_131143

Files\Folders moved on Reboot...
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected] folder moved successfully.
File\Folder C:\Users\Andrea\AppData\Local\Temp\etilqs_AdIY8so3svzeyGJ not found!
C:\Users\Andrea\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andrea\AppData\Local\Mozilla\Firefox\Profiles\mp3ikg4o.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\Windows\temp\TMP000004FC9D161A41C9F974F0 not found!
File\Folder C:\Windows\temp\TMP000005121649315209FBF751 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#4
WhiteHat
Posted 02 September 2012 - 07:07 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

You forgot to post the other logs:
  • aswMBR report.
  • MalwareBytes Anti-Malware report

  • 0

#5
andilee
Posted 03 September 2012 - 09:59 AM

andilee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-02 14:30:22
-----------------------------
14:30:22.967 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:22.967 Number of processors: 2 586 0x2A07
14:30:22.967 ComputerName: SWEETIE UserName: Andrea
14:30:24.146 Initialize success
14:30:34.913 AVAST engine defs: 12090201
14:33:18.110 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:33:18.126 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:33:18.157 Disk 0 MBR read successfully
14:33:18.157 Disk 0 MBR scan
14:33:18.173 Disk 0 Windows 7 default MBR code
14:33:18.173 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
14:33:18.204 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 122098 MB offset 52430848
14:33:18.298 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 157545 MB offset 302487552
14:33:18.376 Disk 0 scanning C:\Windows\system32\drivers
14:33:36.357 Service scanning
14:34:15.696 Modules scanning
14:34:15.696 Disk 0 trace - called modules:
14:34:15.727 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:34:16.242 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006eca060]
14:34:16.242 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa800465bc40]
14:34:16.242 5 ACPI.sys[fffff88000f857a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800465e050]
14:34:17.084 AVAST engine scan C:\Windows
14:34:20.500 AVAST engine scan C:\Windows\system32
14:38:32.740 AVAST engine scan C:\Windows\system32\drivers
14:38:48.327 AVAST engine scan C:\Users\Andrea
14:49:20.583 AVAST engine scan C:\ProgramData
14:51:00.676 Scan finished successfully
10:56:55.196 Disk 0 MBR has been saved successfully to "C:\Users\Andrea\Desktop\MBR.dat"
10:56:55.336 The log file has been saved successfully to "C:\Users\Andrea\Desktop\aswMBR.txt"
  • 0

#6
andilee
Posted 03 September 2012 - 11:09 AM

andilee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.03.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: SWEETIE [administrator]

9/3/2012 11:01:31 AM
mbam-log-2012-09-03 (11-01-31).txt

Scan type: Full scan (C:\|D:\|E:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333562
Time elapsed: 57 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Andrea\Downloads\freeopener_715.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)
  • 0

#7
andilee
Posted 03 September 2012 - 11:10 AM

andilee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OH! AND BECAUSE I DON'T THINK I"VE MENTIONED,
THANK YOU THANK YOU THANK YOU THANK YOU THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • 0

#8
WhiteHat
Posted 03 September 2012 - 11:33 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
How is your computer?

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#9
andilee
Posted 03 September 2012 - 05:59 PM

andilee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Vuze\.install4j\i4j_extf_27_5p83tu.dll a variant of Win32/Bunndle application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjgdgbgbdgdgdigcdedidedgdhda\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\cnet2_PeerBlock-Setup_v1_1_r518_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\cnet2_tiff-pdf-converter-trial_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\cnet_ShutterflyStudioInstaller_ext_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\PDFConverterSetup.exe Win32/InstallCore.P application cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\setup-pdflite-ic-0.6(1).exe a variant of Win32/InstallCore.N application deleted - quarantined
C:\Users\Andrea\Downloads\setup-pdflite-ic-0.6.exe a variant of Win32/InstallCore.N application deleted - quarantined
C:\Users\Andrea\Downloads\The_four_day_win.exe multiple threats cleaned by deleting - quarantined
C:\Users\Andrea\Downloads\WinZip165(1).exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\09022012_131143\C_Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\09022012_131143\C_Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]\content\overlay.js Win32/Adware.Yontoo application cleaned by deleting - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-06 152742\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-06 152742\Backup files 3.zip multiple threats deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-06 152742\Backup files 4.zip multiple threats deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-10 145602\Backup files 1.zip Win32/BHO.OEI trojan deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-19 202815\Backup files 1.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-19 202815\Backup files 2.zip multiple threats deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-19 202815\Backup files 3.zip multiple threats deleted - quarantined
D:\SWEETIE\Backup Set 2012-08-06 152742\Backup Files 2012-08-26 190007\Backup files 1.zip a variant of Win32/OpenInstall application deleted - quarantined
D:\SWEETIE\Backup Set 2012-09-02 213348\Backup Files 2012-09-02 213348\Backup files 2.zip a variant of Win32/InstallCore.D application deleted - quarantined
D:\SWEETIE\Backup Set 2012-09-02 213348\Backup Files 2012-09-02 213348\Backup files 3.zip a variant of Win32/InstallIQ application deleted - quarantined
D:\SWEETIE\Backup Set 2012-09-02 213348\Backup Files 2012-09-02 213348\Backup files 4.zip multiple threats deleted - quarantined
D:\SWEETIE\Backup Set 2012-09-02 213348\Backup Files 2012-09-02 213348\Backup files 5.zip multiple threats deleted - quarantined
D:\SWEETIE\Backup Set 2012-09-02 213348\Backup Files 2012-09-02 213348\Backup files 7.zip Win32/BHO.OEI trojan deleted - quarantined
  • 0

#10
WhiteHat
Posted 03 September 2012 - 07:31 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?

Apparently the log generated by Eset Online Scanner is incomplete. Can you send me the log again?
  • 0

#11
andilee
Posted 04 September 2012 - 09:21 AM

andilee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
oh shoot, I didn't realize. Okay, I'm on it. I will run it again. ...hmmm thought it said complete. Anyway, yes I will post it when through. Thank you! Computer seems to run good :)
  • 0

#12
WhiteHat
Posted 04 September 2012 - 12:02 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Ok, I will wait.
  • 0

#13
WhiteHat
Posted 02 December 2012 - 09:43 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP