Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 40

Thread: major problem

  1. 2012-08-13, 17:01 #21
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Just post up the log when you get it.
  2. 2012-08-13, 18:39 #22
    abadubs
    abadubs is offline
    Member
    Join Date
    Jun 2007
    Posts
    65

    Default

    17 hours and only 20% scanned if I go by the bar coverage...
  3. 2012-08-13, 19:09 #23
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Go ahead and start that over....it should not take THAT long. It may take several hours but not like that. When you get the log post it up.
  4. 2012-08-14, 02:49 #24
    abadubs
    abadubs is offline
    Member
    Join Date
    Jun 2007
    Posts
    65

    Default

    I think it stopped when computer would go into hybernation

    C:\Program Files (x86)\Wishpot\~ietb.dll probably a variant of Win32/Adware.BHO.NHL application
    C:\Qoobox\Quarantine\C\ProgramData\7531E8D10057385E1A75048EF875F002\7531E8D10057385E1A75048EF875F002.exe.vir a variant of Win32/Kryptik.AJVP trojan
    C:\Qoobox\Quarantine\C\Users\Terri\AppData\Local\xlgoeaqp.exe.vir Win32/TrojanDownloader.Zortob.B trojan
    C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll a variant of Win32/Adware.Gamevance.BM application
    C:\Users\Terri\AppData\LocalLow\GuffinsEI\Installr\Cache\360E925B.exe a variant of Win32/Toolbar.MyWebSearch.O application
  5. 2012-08-14, 03:34 #25
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Run OTL.exe
    • Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL


      :Services

      :Files
      C:\Program Files (x86)\Wishpot\~ietb.dll
      C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
      C:\Users\Terri\AppData\LocalLow\GuffinsEI\Installr\Cache\360E925B.exe
      ipconfig /flushdns /c

      :Commands
      [purity]
      [emptytemp]
      [resethosts]
      [start explorer]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done
    • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

    ----------

    In your next reply please post the log made by OTL and let me know how your system is running.
  6. 2012-08-15, 05:37 #26
    abadubs
    abadubs is offline
    Member
    Join Date
    Jun 2007
    Posts
    65

    Default

    Thank you so much for all of your time and work. I haven't had time to be on the computer but nothing is making me work from safe mode anymore. I will get tea timer turned back on spybot and get Avast back up to date. Many blessings to you!

    OTL logfile created on: 8/14/2012 11:30:47 AM - Run 3
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Terri\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.75 Gb Total Physical Memory | 4.35 Gb Available Physical Memory | 75.74% Memory free
    14.54 Gb Paging File | 13.11 Gb Available in Paging File | 90.21% Paging File free
    Paging file location(s): c:\pagefile.sys 9000 20000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 920.49 Gb Total Space | 834.02 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
    Drive D: | 10.92 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: TERRI-PC | User Name: Terri | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Terri\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)
    PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
    PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\sync_util.dll ()
    MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\SyncPrefLib.dll ()
    MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobeXMPFiles.dll ()
    MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobeXMP.dll ()
    MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
    MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll ()
    MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll ()
    MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll ()
    MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll ()
    MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( )
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
    SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
    SRV - (lxdu_device) -- C:\Windows\SysWOW64\lxducoms.exe ( )


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
    DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{80491696-5B23-4A47-B706-8532AB94855B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
    IE - HKLM\..\SearchScopes,DefaultScope = {9bd172ba-3f40-4303-bca1-0484b5ba2a7b}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{80491696-5B23-4A47-B706-8532AB94855B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
    IE - HKCU\..\SearchScopes,DefaultScope = {80491696-5B23-4A47-B706-8532AB94855B}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{80491696-5B23-4A47-B706-8532AB94855B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.48\coFFFw\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/15 09:56:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 13:40:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2011/07/26 23:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terri\AppData\Roaming\Mozilla\Extensions
    [2012/05/29 19:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\k6jfvrz1.default\extensions
    [2011/12/31 14:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: (Enabled) = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\chromeNPAPI.dll
    CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: Angry Birds = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: YouTube = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: ArcadeWeb = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
    CHR - Extension: Evernote Web Clipper = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.6_0\
    CHR - Extension: Gmail = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/08/14 11:28:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
    O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
    O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKCU..\Run: [PhotoshopElementsSyncAgent] C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F8F2CBC-0F16-4956-BBBB-BD062B837358}: DhcpNameServer = 192.168.15.1 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/12 17:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
    [2012/08/12 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/12 16:20:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Terri\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/12 13:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
    [2012/08/12 12:47:22 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/08/10 21:40:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Terri\Desktop\OTL.exe
    [2012/08/10 17:58:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/10 17:55:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/08/10 13:26:23 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Terri\Desktop\ComboFix.exe
    [2012/08/10 08:37:24 | 000,063,488 | -H-- | C] (AhnLab, Inc.) -- C:\Windows\SysNative\dcomance64.dll
    [2012/08/09 13:27:46 | 000,000,000 | ---D | C] -- C:\Users\Terri\Documents\vistaprint 6-22_files
    [2012/08/08 12:02:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/08 12:02:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/08 12:02:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/08 12:02:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/04 23:44:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Terri\Desktop\aswMBR.exe
    [2012/08/04 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Terri\Documents\Attach
    [2012/08/04 14:13:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/08/04 14:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2012/08/04 14:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

    ========== Files - Modified Within 30 Days ==========

    [2012/08/14 11:37:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 11:37:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/14 11:36:55 | 000,731,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/14 11:36:55 | 000,627,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/14 11:36:55 | 000,107,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/14 11:30:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/14 11:29:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/14 11:29:46 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/14 11:28:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
    [2012/08/14 11:26:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/14 11:25:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/13 19:48:20 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/12 17:36:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 16:21:58 | 000,002,450 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    [2012/08/12 16:20:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Terri\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/10 21:41:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Terri\Desktop\OTL.exe
    [2012/08/10 13:26:23 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Terri\Desktop\ComboFix.exe
    [2012/08/10 08:38:40 | 000,000,022 | ---- | M] () -- C:\Users\Terri\Documents\Label_Copy_Fedex.zip
    [2012/08/10 08:37:24 | 000,063,488 | -H-- | M] (AhnLab, Inc.) -- C:\Windows\SysNative\dcomance64.dll
    [2012/08/09 13:27:46 | 000,136,287 | ---- | M] () -- C:\Users\Terri\Documents\vistaprint 6-22.htm
    [2012/08/09 13:24:44 | 000,078,336 | ---- | M] () -- C:\Users\Terri\Documents\Vistaprint order 6-22.msg
    [2012/08/09 12:51:24 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2012/08/04 23:44:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Terri\Desktop\aswMBR.exe
    [2012/08/04 23:24:21 | 000,004,204 | ---- | M] () -- C:\Users\Terri\Documents\Attach.zip
    [2012/08/04 14:12:37 | 000,000,907 | ---- | M] () -- C:\Users\Terri\Desktop\ERUNT.lnk
    [2012/08/03 23:31:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTerri.job
    [2012/08/03 13:28:26 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
    [2012/08/03 07:40:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/08/03 07:40:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/15 18:46:03 | 000,027,136 | ---- | M] () -- C:\Users\Terri\Documents\Hannah Stair.msg

    ========== Files Created - No Company Name ==========

    [2012/08/12 17:36:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/12 13:43:15 | 000,002,450 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
    [2012/08/10 08:35:58 | 000,000,022 | ---- | C] () -- C:\Users\Terri\Documents\Label_Copy_Fedex.zip
    [2012/08/09 13:27:42 | 000,136,287 | ---- | C] () -- C:\Users\Terri\Documents\vistaprint 6-22.htm
    [2012/08/09 13:24:44 | 000,078,336 | ---- | C] () -- C:\Users\Terri\Documents\Vistaprint order 6-22.msg
    [2012/08/08 12:02:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/08 12:02:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/08 12:02:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/08 12:02:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/08 12:02:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/04 23:24:21 | 000,004,204 | ---- | C] () -- C:\Users\Terri\Documents\Attach.zip
    [2012/08/04 14:12:37 | 000,000,907 | ---- | C] () -- C:\Users\Terri\Desktop\ERUNT.lnk
    [2012/07/15 18:46:03 | 000,027,136 | ---- | C] () -- C:\Users\Terri\Documents\Hannah Stair.msg
    [2012/05/24 15:58:00 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
    [2012/03/31 09:11:10 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
    [2012/03/31 09:10:53 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
    [2012/02/22 15:46:57 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
    [2012/02/22 15:46:57 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
    [2012/02/22 15:46:57 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
    [2012/02/22 15:45:57 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
    [2012/02/22 15:45:57 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
    [2012/02/22 15:45:56 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
    [2012/02/22 15:45:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
    [2012/02/22 15:45:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
    [2012/02/22 15:45:55 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
    [2012/02/22 15:45:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
    [2012/02/22 15:45:55 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
    [2012/02/22 15:45:55 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
    [2012/02/22 15:45:55 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
    [2012/02/22 15:45:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
    [2012/02/22 15:45:55 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
    [2012/02/22 15:45:55 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
    [2012/02/22 15:45:55 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
    [2012/02/10 02:13:57 | 000,870,128 | ---- | C] () -- C:\Users\Terri\AppData\Roaming\mcs.rma
    [2012/01/12 04:23:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2011/11/15 21:15:22 | 000,030,042 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpBROCHURE-WHAT-IS-MASSAGE-LIKE-INSIDE.JPG
    [2011/11/15 21:15:22 | 000,030,031 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpBROCHURE-WHAT-IS-MASSAGE-LIKE-INSIDE.0
    [2011/10/16 17:12:09 | 000,055,320 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmp262886_2297414356286_1276920425_2735367_6373855_N.JPG
    [2011/08/13 11:59:26 | 000,200,488 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/05/26 20:57:19 | 000,011,840 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpHEADREST.0
    [2011/05/26 20:57:19 | 000,008,218 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpHEADREST.JPG
    [2011/03/12 15:20:33 | 000,841,947 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.2
    [2011/03/12 15:20:28 | 000,844,210 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.1
    [2011/03/12 15:20:27 | 000,842,791 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.JPG
    [2011/03/12 15:20:26 | 000,854,390 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.0
    [2010/12/10 18:05:12 | 000,037,404 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.4
    [2010/12/10 18:05:11 | 000,037,018 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.3
    [2010/12/10 18:05:10 | 000,035,511 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.2
    [2010/12/10 18:05:09 | 000,035,162 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.JPG
    [2010/12/10 18:05:09 | 000,035,162 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.1
    [2010/12/10 18:04:45 | 000,042,058 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.0
    [2010/10/05 22:01:37 | 003,050,546 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpDSC01316.JPG
    [2010/09/10 19:12:18 | 000,000,632 | RHS- | C] () -- C:\Users\Terri\ntuser.pol
    [2010/08/15 14:11:32 | 002,768,285 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0001.JPG
    [2010/08/15 14:10:52 | 002,833,958 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0002.JPG
    [2010/08/15 14:10:10 | 002,912,637 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0003.0
    [2010/08/15 14:10:10 | 001,195,955 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0003.JPG
    [2010/08/08 11:55:21 | 000,000,316 | ---- | C] () -- C:\Users\Terri\AppData\Roaming\wklnhst.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:C43BFB01

    < End of report >
  7. 2012-08-15, 06:21 #27
    abadubs
    abadubs is offline
    Member
    Join Date
    Jun 2007
    Posts
    65

    Default

    see what you think on the new OTL, but Avast still detects the dcomance win 32 trojan and something adware on OTL.
  8. 2012-08-15, 18:16 #28
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    something adware on OTL
    What do you mean?
  9. 2012-08-16, 11:30 #29
    abadubs
    abadubs is offline
    Member
    Join Date
    Jun 2007
    Posts
    65

    Default

    It won't let me copy the file name. starts out C:\_OTL\MovedFiles\ ...arcadewebchrome.dll

    the other is C:\Windows\System32\dcomance64.dll

    Both are listed as High severity.
    Shall I repair, delete, move to chest, ignore or run something other than avast for the fix?
  10. 2012-08-16, 18:02 #30
    jeffce
    jeffce is offline
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    C:\_OTL\MovedFiles\ ...arcadewebchrome.dll
    Ok don't worry about this. It is already quarantined by OTL and will be removed shortly.
    ----------

    First open an elevated command prompt > Click Start and type cmd in Start Search.
    When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.

    Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)
    Code:
    del C:\Windows\System32\dcomance64.dll
    Close the Command Prompt box.
    --------

    Once that is completed let me know what malware problems you are still having.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules