:OTL
PRC - [2011/08/21 17:45:37 | 000,713,728 | ---- | M] (People Can Fly) -- C:\WINDOWS\system32\spxcoins32.exe
PRC - [2011/08/21 17:45:37 | 000,713,728 | ---- | M] (People Can Fly) -- C:\WINDOWS\system32\extmgr32.exe
SRV - [2011/08/21 17:45:37 | 000,713,728 | ---- | M] (People Can Fly) [Auto | Running] -- C:\WINDOWS\system32\extmgr32.exe -- (TermService32)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/facesmooch3/{F262AD4B-D5FB-4A05-A719-4C5D835FC251}
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Mapit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3003485&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.selectedEngine: "Mapit Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3003485&SearchSource=2&q="
[2011/09/07 07:11:04 | 000,000,000 | ---D | M] (Mapit Community Toolbar) -- C:\Documents and Settings\User Dayma\Application Data\Mozilla\Firefox\Profiles\vlapgxuu.default\extensions\{46a21652-3f93-437d-aac0-caa1f6713da0}
[2011/06/28 13:43:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\User Dayma\Application Data\Mozilla\Firefox\Profiles\vlapgxuu.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/19 18:08:52 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\User Dayma\Application Data\Mozilla\Firefox\Profiles\vlapgxuu.default\searchplugins\bing.xml
[2011/08/31 11:29:26 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\User Dayma\Application Data\Mozilla\Firefox\Profiles\vlapgxuu.default\searchplugins\conduit.xml
[2011/02/22 22:11:46 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\User Dayma\Application Data\Mozilla\Firefox\Profiles\vlapgxuu.default\searchplugins\search.xml
[2010/07/19 18:22:55 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}
[2011/09/02 19:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (no name) - {01C5413A-4795-4293-9B22-2588934EBCD2} - C:\WINDOWS\system32\avmeter32.dll (People Can Fly)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [conhost] C:\Documents and Settings\User Dayma\Application Data\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKCU..\Run: [Weather] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\User Dayma\Start Menu\Programs\Startup\setup_9.0.0.722_05.05.2011_13-36.lnk = C:\Documents and Settings\User Dayma\Desktop\Virus Removal Tool\setup_9.0.0.722_05.05.2011_13-36\startup.exe ()
O4 - Startup: C:\Documents and Settings\User Dayma\Start Menu\Programs\Startup\setup_9.0.0.722_06.06.2011_12-48.lnk = File not found
F3 - HKCU WinNT: Load - (C:\DOCUME~1\USERDA~1\LOCALS~1\Temp\csrss.exe) - C:\Documents and Settings\User Dayma\Local Settings\Temp\csrss.exe ()
O20 - AppInit_DLLs: (C:\WINDOWS\system32\msxml632.dll) - C:\WINDOWS\system32\msxml632.dll (People Can Fly)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\User Dayma\Application Data\dwm.exe) - C:\Documents and Settings\User Dayma\Application Data\dwm.exe ()
[2011/08/21 17:45:40 | 000,713,728 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\spxcoins32.exe
[2011/08/21 17:45:39 | 000,713,728 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\extmgr32.exe
[2011/08/21 17:45:39 | 000,156,160 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\msxml632.dll
[2011/08/21 17:45:38 | 000,332,288 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\avmeter32.dll
[2011/09/07 09:37:17 | 000,036,731 | ---- | M] () -- C:\Documents and Settings\User Dayma\Application Data\ED3A.8CD
[2011/09/06 18:40:33 | 000,186,368 | ---- | M] () -- C:\Documents and Settings\User Dayma\Application Data\dwm.exe
[2011/09/04 17:18:14 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\WinMaximizer-User Dayma-Startup.job
[2011/08/21 17:45:40 | 000,000,103 | ---- | M] () -- C:\WINDOWS\System32\1584379562
[2011/08/21 17:45:39 | 000,156,160 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\msxml632.dll
[2011/08/21 17:45:38 | 000,332,288 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\avmeter32.dll
[2011/08/21 17:45:37 | 000,713,728 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\spxcoins32.exe
[2011/08/21 17:45:37 | 000,713,728 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\extmgr32.exe
[2011/08/23 20:53:20 | 000,186,368 | ---- | C] () -- C:\Documents and Settings\User Dayma\Application Data\dwm.exe
[2011/08/23 20:53:01 | 000,036,731 | ---- | C] () -- C:\Documents and Settings\User Dayma\Application Data\ED3A.8CD
[2011/08/21 17:45:39 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\1584379562

:Commands
[emptytemp]