:Processes
FacebookMessenger.exe 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.allgameshome.com/
IE - HKLM\..\SearchScopes,DefaultScope = {807FC1E6-CF7E-4B46-B5A0-A988A18689CA} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox 
IE - HKLM\..\SearchScopes\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}: "URL" = http://start.allgameshome.com/results.php?category=web&s={searchTerms} 
IE - HKLM\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.myplaycity.com/results.php?category=web&s={searchTerms} 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Äi?i://home.myplaycity.com/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Äi?i://home.myplaycity.com/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} 
IE - HKU\S-1-5-21-896558980-977426591-2796425657-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found 
IE - HKU\S-1-5-21-896558980-977426591-2796425657-1000\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} 
IE - HKU\S-1-5-21-896558980-977426591-2796425657-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://tbsearch.ask.com/redirect?client=ie&tb=VRS&o=&src=crm&q={searchTerms}&locale= 
IE - HKU\S-1-5-21-896558980-977426591-2796425657-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.myplaycity.com/results.php?category=web&s={searchTerms} 
FF - user.js - File not found 
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) 
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Sara\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer 
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Sara\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll 
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Sara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - Extension: Pesquisa do Google = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ 
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) 
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\S-1-5-21-896558980-977426591-2796425657-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. 
O4 - HKU\S-1-5-21-896558980-977426591-2796425657-1000..\Run: [Facebook Update] C:\Users\Sara\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O4 - Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\debug.log ()
O4 - Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Sara\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe (Facebook)
O33 - MountPoints2\{ad5378c2-7f30-11e1-a2ea-e8039a439679}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2012/07/17 16:15:04 | 000,001,070 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-896558980-977426591-2796425657-1000UA.job 
[2012/07/16 13:15:02 | 000,001,048 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-896558980-977426591-2796425657-1000Core.job 
[2012/07/12 13:27:53 | 000,001,277 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk 
[2011/11/28 23:54:15 | 000,120,112 | ---- | C] () -- C:\windows\Wiainst.exe

:Files
C:\Users\Sara\AppData\Local\Facebook
C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook

:Commands
[Purity]
[emptytemp]
[emptyjava]
[emtyflash]
[CREATERESTOREPOINT]
[Reboot]