Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Removal HELP needed for Spyware or Malware

Started by kid@hrt , Aug 05 2012 03:31 PM

  • Please log in to reply

#1
kid@hrt
Posted 05 August 2012 - 03:31 PM

kid@hrt

    Member

  • Member
  • PipPip
  • 55 posts
Hi
I’m not sure if I have a malware problem or a hardware problem. The computer is using a lot of both CPU memory and physical memory. While using the internet, I usually use Chrome; the screen will flash and look scrambled. It will flash and scramble until I shut down the browser. It is very random. The first time it happened I was on Google maps. The browser will freeze often also. I also noticed while using either Word or Excel 2010 the program will freeze and the cursor will move across the page from left to right. While moving it seems to erase what is on the page. I save quickly and it never has actually deleted any info.
I checked task manager and there are many services running. I don’t usually check the task manager so this may be normal. I checked while use Chrome and it showed 3 chrome applications running at the same time. Physical memory was 33% when I last checked, which is not to bad its been worse. Also the last time I restarted random icons showed up on my desktop. One is named desktop.ini and the other is Thumbs.db they open in notebook and have random info.

I accidentally ran the full scan. so the one I am attaching is the 2nd run.

Thanks for listening

Lisa

OTL logfile created on: 8/5/2012 5:12:46 PM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Mom\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.97 Gb Total Physical Memory | 4.57 Gb Available Physical Memory | 76.59% Memory free
11.93 Gb Paging File | 10.51 Gb Available in Paging File | 88.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.73 Gb Total Space | 176.42 Gb Free Space | 75.80% Space Free | Partition Type: NTFS
Drive Z: | 100.00 Mb Total Space | 71.31 Mb Free Space | 71.32% Space Free | Partition Type: NTFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/05 16:02:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
PRC - [2012/01/04 10:40:48 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/15 09:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/29 13:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/03 16:03:20 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 20:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/04 10:40:48 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/02 09:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/05/25 02:09:14 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/23 03:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/08/12 12:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010/02/17 14:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2010/02/17 14:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/10/31 03:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2011/02/04 10:27:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006/10/31 03:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 1B 0B 65 D6 AD CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000003067529c86
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Mom\AppData\Local\RewardsArcadeSuite\1950\Firefox [2012/02/18 17:31:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\PogoDGC\firefox [2012/07/20 18:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/03 20:20:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/03 16:15:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/08/04 19:20:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/08/03 16:15:17 | 000,000,000 | ---D | M]

[2012/08/03 18:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2010/12/05 19:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/08/03 20:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 20:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/31 15:17:25 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/07/13 20:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.comcast.net/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.comcast.net/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Mom\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Mom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Disabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Zoho Invoice = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj\1.1_0\
CHR - Extension: Word Game = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffheaiejndglafjapaaopiddibnhnhjk\1.0_0\
CHR - Extension: Send to Kindle = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\2.6.4_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
CHR - Extension: Free Invoice Maker = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kebnkbogolcjifklpmgidaaoogjflajp\0.0.0.1_0\
CHR - Extension: Wave Accounting = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.1_0\
CHR - Extension: The Secret of Grisly Manor = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpaadcbfeeiehmjlfbgpafdjbeikhgff\1.0_0\
CHR - Extension: Crosswords = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\namaaebnjgplgpilcfdllaonknandpjf\1.10_0\

Hosts file not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5AA37F8-C1BB-4651-A345-B8D6F02AE8C5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5AA37F8-C1BB-4651-A345-B8D6F02AE8C5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/05 16:02:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/08/05 15:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hoyle®
[2012/08/03 20:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/03 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/08/03 18:46:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/08/03 16:15:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/08/03 15:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/08/03 15:10:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/08/03 15:10:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/08/02 19:23:31 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\Amazon
[2012/08/02 19:22:08 | 000,101,680 | ---- | C] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/08/02 19:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/08/02 19:21:44 | 005,291,440 | ---- | C] (Amazon.com, Inc.) -- C:\Users\Mom\Documents\SendToKindleForPC-installer.exe
[2012/08/02 14:32:23 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\FreeFileViewer
[2012/08/02 14:23:44 | 003,907,920 | ---- | C] (Piriform Ltd) -- C:\Users\Mom\Documents\ccsetup321.exe
[2012/08/02 04:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/08/02 04:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/08/02 03:47:40 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\FileTypeAssistant
[2012/08/01 12:52:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Assistant
[2012/08/01 12:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Offers from Freeze.com
[2012/08/01 12:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\WeCareReminder
[2012/07/25 14:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/25 14:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/25 14:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/25 14:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/20 19:27:05 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Mystery of Mortlake Mansion
[2012/07/20 19:27:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MortlakeMansion
[2012/07/20 19:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC
[2012/07/20 18:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PogoDGC
[2012/07/20 18:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2012/07/20 18:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Games
[2012/07/20 14:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
[2012/07/20 14:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2012/07/20 14:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\word
[2012/07/19 13:28:57 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Local\MigWiz
[2012/07/16 18:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/16 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Mom\AppData\Roaming\Ad-Aware Antivirus
[2012/07/12 09:16:53 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/05 17:10:15 | 000,028,872 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat
[2012/08/05 16:59:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2005915866-3535303436-4220142520-1000UA.job
[2012/08/05 16:56:13 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 16:56:13 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 16:50:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 16:50:54 | 511,205,375 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/05 16:38:13 | 000,057,366 | ---- | M] () -- C:\Users\Mom\Desktop\chrome 2.gif
[2012/08/05 16:24:17 | 000,097,699 | ---- | M] () -- C:\Users\Mom\Desktop\chrome.jpg
[2012/08/05 16:22:36 | 000,117,691 | ---- | M] () -- C:\Users\Mom\Desktop\desktop.jpg
[2012/08/05 16:02:40 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/08/04 23:24:33 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2005915866-3535303436-4220142520-1000Core.job
[2012/08/04 19:20:27 | 000,002,114 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/08/04 19:15:37 | 000,028,358 | ---- | M] () -- C:\Users\Mom\Desktop\559146_10151003310344353_1397574428_n.jpg
[2012/08/03 22:14:28 | 000,102,742 | ---- | M] () -- C:\Users\Mom\Desktop\Driving Directions from 1553 Swamp Pike, Gilbertsville, Pennsylvania 19525 to 200 Campbell Bay Rd, Swanton, Vermont 05488 _ MapQuest.pdf
[2012/08/03 20:20:49 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/03 15:44:36 | 000,459,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/02 19:55:45 | 000,739,728 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/02 19:55:45 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/02 19:55:45 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/02 19:22:08 | 000,101,680 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2012/08/02 19:21:47 | 005,291,440 | ---- | M] (Amazon.com, Inc.) -- C:\Users\Mom\Documents\SendToKindleForPC-installer.exe
[2012/08/02 16:48:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/08/02 16:48:46 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/08/02 14:27:30 | 000,019,960 | ---- | M] () -- C:\Users\Mom\Documents\cc_20120802_142704.reg
[2012/08/02 14:23:50 | 003,907,920 | ---- | M] (Piriform Ltd) -- C:\Users\Mom\Documents\ccsetup321.exe
[2012/08/01 20:34:59 | 000,232,941 | ---- | M] () -- C:\Users\Mom\Desktop\AAA_Temporary_Card (2).pdf
[2012/08/01 20:34:25 | 000,232,940 | ---- | M] () -- C:\Users\Mom\Desktop\AAA_Temporary_Card (1).pdf
[2012/08/01 17:01:21 | 000,002,441 | ---- | M] () -- C:\Users\Mom\Desktop\Google Chrome.lnk
[2012/07/25 17:23:24 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/25 14:31:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/25 11:37:58 | 000,002,364 | ---- | M] () -- C:\Windows\MyHeritage.INI
[2012/07/20 19:03:25 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Mystery of Mortlake Mansion.lnk
[2012/07/20 18:55:01 | 000,001,922 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk
[2012/07/20 18:55:01 | 000,001,898 | ---- | M] () -- C:\Users\Mom\Documents\Play Pogo Games.lnk
[2012/07/20 18:54:42 | 007,027,752 | ---- | M] () -- C:\Users\Mom\Documents\mystery-of-mortlake-mansion-setup.exe
[2012/07/20 17:05:34 | 000,189,440 | ---- | M] () -- C:\Users\Mom\Documents\KB933828.msp
[2012/07/20 14:22:46 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/05 16:38:10 | 000,057,366 | ---- | C] () -- C:\Users\Mom\Desktop\chrome 2.gif
[2012/08/05 16:24:17 | 000,097,699 | ---- | C] () -- C:\Users\Mom\Desktop\chrome.jpg
[2012/08/05 16:22:36 | 000,117,691 | ---- | C] () -- C:\Users\Mom\Desktop\desktop.jpg
[2012/08/04 19:20:27 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012/08/04 19:15:36 | 000,028,358 | ---- | C] () -- C:\Users\Mom\Desktop\559146_10151003310344353_1397574428_n.jpg
[2012/08/03 22:14:27 | 000,102,742 | ---- | C] () -- C:\Users\Mom\Desktop\Driving Directions from 1553 Swamp Pike, Gilbertsville, Pennsylvania 19525 to 200 Campbell Bay Rd, Swanton, Vermont 05488 _ MapQuest.pdf
[2012/08/03 20:20:49 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/03 20:20:49 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/02 14:27:19 | 000,019,960 | ---- | C] () -- C:\Users\Mom\Documents\cc_20120802_142704.reg
[2012/08/01 20:34:58 | 000,232,941 | ---- | C] () -- C:\Users\Mom\Desktop\AAA_Temporary_Card (2).pdf
[2012/08/01 20:34:25 | 000,232,940 | ---- | C] () -- C:\Users\Mom\Desktop\AAA_Temporary_Card (1).pdf
[2012/07/25 14:31:39 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/20 19:03:25 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Mystery of Mortlake Mansion.lnk
[2012/07/20 18:55:01 | 000,001,922 | ---- | C] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Play Pogo Games.lnk
[2012/07/20 18:55:01 | 000,001,898 | ---- | C] () -- C:\Users\Mom\Documents\Play Pogo Games.lnk
[2012/07/20 18:54:21 | 007,027,752 | ---- | C] () -- C:\Users\Mom\Documents\mystery-of-mortlake-mansion-setup.exe
[2012/07/20 17:05:33 | 000,189,440 | ---- | C] () -- C:\Users\Mom\Documents\KB933828.msp
[2012/07/20 14:22:34 | 000,002,655 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
[2012/07/03 01:06:44 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012/06/24 16:09:18 | 000,007,606 | ---- | C] () -- C:\Users\Mom\AppData\Local\Resmon.ResmonCfg
[2012/06/18 02:15:36 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/05/11 19:14:43 | 000,000,515 | ---- | C] () -- C:\Windows\Viewer.INI
[2012/05/11 13:22:20 | 000,002,364 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/05/11 13:19:59 | 000,454,656 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012/02/18 17:31:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/04/24 16:49:45 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/24 16:49:45 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/01/05 20:31:26 | 000,028,872 | ---- | C] () -- C:\Users\Mom\AppData\Roaming\wklnhst.dat
[2011/01/05 19:52:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/05 19:47:20 | 000,755,554 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/07/16 16:55:31 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ad-Aware Antivirus
[2012/03/31 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Babylon
[2012/03/31 15:24:06 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2011/08/05 09:59:54 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Crayon Physics Deluxe
[2012/07/17 13:59:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\foobar2000
[2012/08/02 14:32:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FreeFileViewer
[2011/11/01 18:44:48 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Frogwares
[2011/08/03 18:41:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GTM_Bodie
[2012/06/18 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\HD Tune Pro
[2011/08/03 19:22:10 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Lazy 8 Studios
[2011/11/03 16:20:00 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\LolClient
[2012/05/11 18:27:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\MyHeritage
[2012/07/20 19:27:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Mystery of Mortlake Mansion
[2010/12/02 20:14:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\OpenOffice.org
[2011/08/25 18:21:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PlayFirst
[2010/12/21 18:37:32 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\runic games
[2011/01/05 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Template
[2012/05/11 13:19:59 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/12/05 19:37:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Thunderbird
[2012/07/19 07:29:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 08 August 2012 - 10:51 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP