Just post up the log when you get it.
Just post up the log when you get it.
17 hours and only 20% scanned if I go by the bar coverage...
Go ahead and start that over....it should not take THAT long. It may take several hours but not like that. When you get the log post it up.
I think it stopped when computer would go into hybernation
C:\Program Files (x86)\Wishpot\~ietb.dll probably a variant of Win32/Adware.BHO.NHL application
C:\Qoobox\Quarantine\C\ProgramData\7531E8D10057385E1A75048EF875F002\7531E8D10057385E1A75048EF875F002.exe.vir a variant of Win32/Kryptik.AJVP trojan
C:\Qoobox\Quarantine\C\Users\Terri\AppData\Local\xlgoeaqp.exe.vir Win32/TrojanDownloader.Zortob.B trojan
C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll a variant of Win32/Adware.Gamevance.BM application
C:\Users\Terri\AppData\LocalLow\GuffinsEI\Installr\Cache\360E925B.exe a variant of Win32/Toolbar.MyWebSearch.O application
Run OTL.exe
- Copy/paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:Files
C:\Program Files (x86)\Wishpot\~ietb.dll
C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
C:\Users\Terri\AppData\LocalLow\GuffinsEI\Installr\Cache\360E925B.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
In your next reply please post the log made by OTL and let me know how your system is running.
Thank you so much for all of your time and work. I haven't had time to be on the computer but nothing is making me work from safe mode anymore. I will get tea timer turned back on spybot and get Avast back up to date. Many blessings to you!
OTL logfile created on: 8/14/2012 11:30:47 AM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Terri\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.75 Gb Total Physical Memory | 4.35 Gb Available Physical Memory | 75.74% Memory free
14.54 Gb Paging File | 13.11 Gb Available in Paging File | 90.21% Paging File free
Paging file location(s): c:\pagefile.sys 9000 20000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.49 Gb Total Space | 834.02 Gb Free Space | 90.61% Space Free | Partition Type: NTFS
Drive D: | 10.92 Gb Total Space | 1.59 Gb Free Space | 14.54% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: TERRI-PC | User Name: Terri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Terri\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\sync_util.dll ()
MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\SyncPrefLib.dll ()
MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobeXMPFiles.dll ()
MOD - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobeXMP.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll ()
MOD - C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll ()
========== Win32 Services (SafeList) ==========
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (lxdu_device) -- C:\Windows\SysWOW64\lxducoms.exe ( )
========== Driver Services (SafeList) ==========
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80491696-5B23-4A47-B706-8532AB94855B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {9bd172ba-3f40-4303-bca1-0484b5ba2a7b}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80491696-5B23-4A47-B706-8532AB94855B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {80491696-5B23-4A47-B706-8532AB94855B}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{80491696-5B23-4A47-B706-8532AB94855B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.48\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/15 09:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/06 13:40:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/07/26 23:55:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terri\AppData\Roaming\Mozilla\Extensions
[2012/05/29 19:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\k6jfvrz1.default\extensions
[2011/12/31 14:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: (Enabled) = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmdfpnpdmnjaffhcdbobdjpolhpacaem\1.0.5_0\chromeNPAPI.dll
CHR - plugin: ArcadeWeb Plugin (Enabled) = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\arcadewebchrome.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Angry Birds = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: ArcadeWeb = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgailgaldchajpkkmbjdlbimhdnmmgld\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.5.1_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.6_0\
CHR - Extension: Gmail = C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/08/14 11:28:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [lxduamon] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe ()
O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [PhotoshopElementsSyncAgent] C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsSyncAgent.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F8F2CBC-0F16-4956-BBBB-BD062B837358}: DhcpNameServer = 192.168.15.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/12 17:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/12 17:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/12 16:20:00 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Terri\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/12 13:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildTangent Games
[2012/08/12 12:47:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/10 21:40:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Terri\Desktop\OTL.exe
[2012/08/10 17:58:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/10 17:55:11 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/10 13:26:23 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Terri\Desktop\ComboFix.exe
[2012/08/10 08:37:24 | 000,063,488 | -H-- | C] (AhnLab, Inc.) -- C:\Windows\SysNative\dcomance64.dll
[2012/08/09 13:27:46 | 000,000,000 | ---D | C] -- C:\Users\Terri\Documents\vistaprint 6-22_files
[2012/08/08 12:02:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 12:02:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 12:02:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 12:02:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/04 23:44:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Terri\Desktop\aswMBR.exe
[2012/08/04 23:30:20 | 000,000,000 | ---D | C] -- C:\Users\Terri\Documents\Attach
[2012/08/04 14:13:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/04 14:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/04 14:12:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
========== Files - Modified Within 30 Days ==========
[2012/08/14 11:37:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 11:37:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 11:36:55 | 000,731,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 11:36:55 | 000,627,518 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 11:36:55 | 000,107,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 11:30:06 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 11:29:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 11:29:46 | 334,942,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 11:28:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/14 11:26:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 11:25:56 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 19:48:20 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/12 17:36:46 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 16:21:58 | 000,002,450 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/08/12 16:20:00 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Terri\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/10 21:41:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Terri\Desktop\OTL.exe
[2012/08/10 13:26:23 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Terri\Desktop\ComboFix.exe
[2012/08/10 08:38:40 | 000,000,022 | ---- | M] () -- C:\Users\Terri\Documents\Label_Copy_Fedex.zip
[2012/08/10 08:37:24 | 000,063,488 | -H-- | M] (AhnLab, Inc.) -- C:\Windows\SysNative\dcomance64.dll
[2012/08/09 13:27:46 | 000,136,287 | ---- | M] () -- C:\Users\Terri\Documents\vistaprint 6-22.htm
[2012/08/09 13:24:44 | 000,078,336 | ---- | M] () -- C:\Users\Terri\Documents\Vistaprint order 6-22.msg
[2012/08/09 12:51:24 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2012/08/04 23:44:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Terri\Desktop\aswMBR.exe
[2012/08/04 23:24:21 | 000,004,204 | ---- | M] () -- C:\Users\Terri\Documents\Attach.zip
[2012/08/04 14:12:37 | 000,000,907 | ---- | M] () -- C:\Users\Terri\Desktop\ERUNT.lnk
[2012/08/03 23:31:27 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTerri.job
[2012/08/03 13:28:26 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/08/03 07:40:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 07:40:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/15 18:46:03 | 000,027,136 | ---- | M] () -- C:\Users\Terri\Documents\Hannah Stair.msg
========== Files Created - No Company Name ==========
[2012/08/12 17:36:46 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/12 13:43:15 | 000,002,450 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2012/08/10 08:35:58 | 000,000,022 | ---- | C] () -- C:\Users\Terri\Documents\Label_Copy_Fedex.zip
[2012/08/09 13:27:42 | 000,136,287 | ---- | C] () -- C:\Users\Terri\Documents\vistaprint 6-22.htm
[2012/08/09 13:24:44 | 000,078,336 | ---- | C] () -- C:\Users\Terri\Documents\Vistaprint order 6-22.msg
[2012/08/08 12:02:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 12:02:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 12:02:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 12:02:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 12:02:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 23:24:21 | 000,004,204 | ---- | C] () -- C:\Users\Terri\Documents\Attach.zip
[2012/08/04 14:12:37 | 000,000,907 | ---- | C] () -- C:\Users\Terri\Desktop\ERUNT.lnk
[2012/07/15 18:46:03 | 000,027,136 | ---- | C] () -- C:\Users\Terri\Documents\Hannah Stair.msg
[2012/05/24 15:58:00 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/03/31 09:11:10 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDMain.INI
[2012/03/31 09:10:53 | 000,000,026 | ---- | C] () -- C:\Windows\FXOPDPMSV.INI
[2012/02/22 15:46:57 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2012/02/22 15:46:57 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2012/02/22 15:46:57 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2012/02/22 15:45:57 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2012/02/22 15:45:57 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2012/02/22 15:45:56 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2012/02/22 15:45:56 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2012/02/22 15:45:56 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2012/02/22 15:45:55 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2012/02/22 15:45:55 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2012/02/22 15:45:55 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2012/02/22 15:45:55 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2012/02/22 15:45:55 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
[2012/02/22 15:45:55 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2012/02/22 15:45:55 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2012/02/22 15:45:55 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
[2012/02/22 15:45:55 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
[2012/02/10 02:13:57 | 000,870,128 | ---- | C] () -- C:\Users\Terri\AppData\Roaming\mcs.rma
[2012/01/12 04:23:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/11/15 21:15:22 | 000,030,042 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpBROCHURE-WHAT-IS-MASSAGE-LIKE-INSIDE.JPG
[2011/11/15 21:15:22 | 000,030,031 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpBROCHURE-WHAT-IS-MASSAGE-LIKE-INSIDE.0
[2011/10/16 17:12:09 | 000,055,320 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmp262886_2297414356286_1276920425_2735367_6373855_N.JPG
[2011/08/13 11:59:26 | 000,200,488 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/26 20:57:19 | 000,011,840 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpHEADREST.0
[2011/05/26 20:57:19 | 000,008,218 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpHEADREST.JPG
[2011/03/12 15:20:33 | 000,841,947 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.2
[2011/03/12 15:20:28 | 000,844,210 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.1
[2011/03/12 15:20:27 | 000,842,791 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.JPG
[2011/03/12 15:20:26 | 000,854,390 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpSCAN0001.0
[2010/12/10 18:05:12 | 000,037,404 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.4
[2010/12/10 18:05:11 | 000,037,018 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.3
[2010/12/10 18:05:10 | 000,035,511 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.2
[2010/12/10 18:05:09 | 000,035,162 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.JPG
[2010/12/10 18:05:09 | 000,035,162 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.1
[2010/12/10 18:04:45 | 000,042,058 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpCIVIC.0
[2010/10/05 22:01:37 | 003,050,546 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpDSC01316.JPG
[2010/09/10 19:12:18 | 000,000,632 | RHS- | C] () -- C:\Users\Terri\ntuser.pol
[2010/08/15 14:11:32 | 002,768,285 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0001.JPG
[2010/08/15 14:10:52 | 002,833,958 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0002.JPG
[2010/08/15 14:10:10 | 002,912,637 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0003.0
[2010/08/15 14:10:10 | 001,195,955 | ---- | C] () -- C:\Users\Terri\AppData\Local\tmpMARLO_0003.JPG
[2010/08/08 11:55:21 | 000,000,316 | ---- | C] () -- C:\Users\Terri\AppData\Roaming\wklnhst.dat
========== Alternate Data Streams ==========
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:C43BFB01
< End of report >
see what you think on the new OTL, but Avast still detects the dcomance win 32 trojan and something adware on OTL.
What do you mean?something adware on OTL
It won't let me copy the file name. starts out C:\_OTL\MovedFiles\ ...arcadewebchrome.dll
the other is C:\Windows\System32\dcomance64.dll
Both are listed as High severity.
Shall I repair, delete, move to chest, ignore or run something other than avast for the fix?
Hi,
Ok don't worry about this. It is already quarantined by OTL and will be removed shortly.C:\_OTL\MovedFiles\ ...arcadewebchrome.dll
----------
First open an elevated command prompt > Click Start and type cmd in Start Search.
When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt.
Copy the contents of the code box > right click in the command window and select paste >> Press Enter (do one line at a time if there are more than one)
Close the Command Prompt box.Code:del C:\Windows\System32\dcomance64.dll
--------
Once that is completed let me know what malware problems you are still having.