Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect, jemacpv redirect, random BSOD [Solved]


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How long has it been scanning ?
  • 0

Advertisements


#32
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
15 minutes, I'd guess
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets kill the TDL file and keep our fingers crossed that it goes first time

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Windows\system32\drivers\avgldx86.sys

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#34
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OK, it's running. How long is it likely to take?
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTL should take only a minute or two at the most
  • 0

#36
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
It is sitting there, Not Responding and with the Vista circle spinning.

The top line in the Custom window is
[emptytemp]
.
  • 0

#37
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Processing is now complete and it's rebooting!
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Once you have rebooted could you re-run aswMBR please
  • 0

#39
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OK. First I shall post the log files:

From the Custom script:
-----------------------------------------------------------------
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Public\Downloads\cmd.bat deleted successfully.
C:\Users\Public\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\system32\drivers\avgldx86.sys not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Beth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ellie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mary Ellen
->Temp folder emptied: 183234492 bytes
->Temporary Internet Files folder emptied: 855087 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77843150 bytes
->Google Chrome cache emptied: 53211159 bytes
->Flash cache emptied: 576 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 833085639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,095.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01142012_164220

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
----------------------------------------------------------------------

OTL log:
OTL logfile created on: 1/14/2012 5:19:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary Ellen\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.36% Memory free
6.68 Gb Paging File | 5.78 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.09 Gb Total Space | 55.39 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive D: | 88.68 Gb Total Space | 17.35 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.48% Space Free | Partition Type: NTFS

Computer Name: GALADRIEL | User Name: Mary Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/21 09:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () -- C:\Program Files\MONyog\bin\MONyog.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/07/23 01:27:00 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files\My Programs\PureText.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 21:35:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 21:33:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:23:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/12/14 15:34:44 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/11/07 15:15:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/09 11:13:26 | 000,055,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () [Auto | Running] -- C:\Program Files\MONyog\bin\MONyog.exe -- (MONyog)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2012/01/12 09:21:35 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2009/07/29 19:04:30 | 000,129,888 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2009/07/29 19:04:30 | 000,032,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/24 17:43:26 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/21 01:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/31 05:14:40 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0071113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Images"
FF - prefs.js..browser.startup.homepage: "http://mecurtin.drea...width.org/read"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\FireFox2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\FireFox2\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 11:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 11:04:00 | 000,000,000 | ---D | M]

[2008/06/23 10:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Extensions
[2012/01/08 22:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions
[2011/07/13 09:49:54 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/06/25 20:32:25 | 000,000,000 | ---D | M] (del.icio.us) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2011/05/19 12:48:19 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/10/06 11:27:40 | 000,000,000 | ---D | M] (CopyAllUrls) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2011/12/23 18:00:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/25 09:03:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/12 09:46:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2007/11/18 15:11:12 | 000,000,000 | ---D | M] ("Header Monitor") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648}
[2011/06/09 19:47:17 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/01/26 13:17:26 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\afom@idevfh
[2010/03/02 21:12:01 | 000,000,000 | ---D | M] ("DapperFox") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/09/28 23:35:45 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/11/12 09:46:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/12/16 17:58:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/06/03 18:40:16 | 000,001,820 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\bing.xml
[2010/01/29 22:59:04 | 000,004,898 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\google-images.xml
[2006/11/20 22:03:04 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\IMDB-1.xml
[2006/10/26 22:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\imdb.xml
[2008/08/18 01:18:24 | 000,002,109 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\youtube-video-search.xml
[2011/11/30 11:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 11:28:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{4CC4A13B-94A6-7568-370D-5F9DE54A9C7F}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AdBlock = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.12_0\
CHR - Extension: AVG Safe Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/14 16:42:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EPSON18F106 (Epson Stylus NX420)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PureText] C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe - Shortcut.lnk = C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: ed.gov ([fafsa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iis.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thawte.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([digitalid] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D85E079C-05D8-4ABD-8C1B-B34DEE204AA3}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O24 - Desktop BackupWallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell\AutoRun\command - "" = H:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 16:42:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/14 16:21:03 | 000,000,000 | --SD | C] -- C:\thingy27140t
[2012/01/14 16:20:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/14 16:20:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/14 16:20:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/14 16:20:24 | 000,000,000 | --SD | C] -- C:\thingy
[2012/01/14 16:19:29 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\Mary Ellen\Desktop\thingy.exe
[2012/01/13 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/13 14:42:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 14:12:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/13 14:05:08 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Mary Ellen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/13 14:04:48 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Users\Mary Ellen\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/12 17:16:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mary Ellen\Desktop\aswMBR.exe
[2012/01/11 22:41:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
[2012/01/11 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\Desktop\GooredFix Backups
[2012/01/11 19:08:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/11 15:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot Search Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/10 16:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/10 15:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/09 23:13:06 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/09 14:04:13 | 000,000,000 | ---D | C] -- C:\symbols
[2012/01/09 13:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2012/01/09 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2012/01/09 13:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2010/04/13 15:25:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.sys
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/14 17:15:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 17:15:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:15:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/14 17:15:10 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 17:10:10 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000UA.job
[2012/01/14 16:43:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/14 16:42:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/14 16:19:29 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\Mary Ellen\Desktop\thingy.exe
[2012/01/14 15:37:29 | 000,018,261 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\avptool_sysinfo.zip
[2012/01/14 15:18:46 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000.job
[2012/01/14 15:14:28 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000Core.job
[2012/01/14 12:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/13 18:05:31 | 113,275,352 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\setup_11.0.0.1245.x01_2012_01_14_02_38.exe
[2012/01/13 14:05:08 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Mary Ellen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/13 14:04:49 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Users\Mary Ellen\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/13 14:02:00 | 000,468,904 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Geeks to Go instructions.pdf
[2012/01/13 10:52:09 | 236,976,715 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/12 19:59:15 | 000,014,217 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Word 2010 Shortcuts Table of Contents.pdf
[2012/01/12 19:46:22 | 000,096,773 | ---- | M] () -- C:\Users\Mary Ellen\Documents\TocWordShortcuts.pdf
[2012/01/12 19:10:57 | 000,002,401 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/12 19:06:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\MBR.dat
[2012/01/12 17:16:09 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mary Ellen\Desktop\aswMBR.exe
[2012/01/12 09:21:35 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
[2012/01/11 19:07:50 | 000,000,735 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:49 | 000,023,537 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 01:41:01 | 009,051,028 | ---- | M] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | M] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/09 22:22:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/08 08:15:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2012/01/08 02:07:22 | 000,128,512 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/07 01:12:02 | 000,002,110 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Google Chrome.lnk
[2012/01/07 01:12:02 | 000,002,072 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/03 08:43:13 | 000,853,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/03 08:43:13 | 000,184,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/27 15:29:11 | 000,048,075 | ---- | M] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/23 12:27:04 | 002,276,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/18 20:54:43 | 000,417,020 | ---- | M] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:49 | 000,236,529 | ---- | M] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\pevadudu
[2012/01/14 16:20:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/14 16:20:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/14 16:20:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/14 16:20:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/14 16:20:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/14 15:43:57 | 000,018,261 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\avptool_sysinfo.zip
[2012/01/13 18:04:33 | 113,275,352 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\setup_11.0.0.1245.x01_2012_01_14_02_38.exe
[2012/01/13 18:00:28 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/13 14:01:51 | 000,468,904 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Geeks to Go instructions.pdf
[2012/01/12 19:59:13 | 000,014,217 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Word 2010 Shortcuts Table of Contents.pdf
[2012/01/12 19:46:20 | 000,096,773 | ---- | C] () -- C:\Users\Mary Ellen\Documents\TocWordShortcuts.pdf
[2012/01/12 19:06:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\MBR.dat
[2012/01/11 19:07:50 | 000,000,735 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:47 | 000,023,537 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 01:40:53 | 009,051,028 | ---- | C] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/10 15:30:30 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/27 15:32:49 | 000,048,075 | ---- | C] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/18 20:56:38 | 000,417,020 | ---- | C] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:44 | 000,236,529 | ---- | C] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[2011/02/01 17:15:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A790E581A6.sys
[2011/02/01 17:15:42 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/26 13:38:08 | 000,001,322 | ---- | C] () -- C:\Windows\ntbackup.ini
[2010/04/13 15:27:30 | 000,001,057 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\vso_ts_preview.xml
[2010/04/13 15:25:10 | 000,087,608 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\inst.exe
[2010/04/13 15:25:10 | 000,007,887 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.cat
[2010/04/13 15:25:10 | 000,001,144 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.inf
[2010/01/11 20:54:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/11 10:41:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\prvlcl.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/10 18:49:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/10 18:49:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 18:48:25 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/07 06:03:48 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/12/24 03:02:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/10 17:31:24 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2008/09/01 07:51:08 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2008/08/27 14:00:42 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2008/08/23 16:48:52 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/15 01:10:29 | 000,050,075 | ---- | C] () -- C:\Windows\php.ini
[2008/05/26 10:07:57 | 000,131,072 | ---- | C] () -- C:\Windows\gswin32c.exe
[2008/01/12 17:47:37 | 000,007,592 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\d3d9caps.dat
[2007/12/17 20:53:41 | 002,035,712 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2007/12/17 16:01:11 | 000,048,899 | ---- | C] () -- C:\Windows\firstphp.ini
[2007/11/19 21:56:06 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/11/19 21:56:06 | 000,000,084 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/11/18 14:41:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/18 14:13:58 | 000,000,472 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/18 13:45:17 | 000,128,512 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 10:47:55 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/11/09 23:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:43 | 002,276,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,853,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,184,110 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/28 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Abine
[2009/07/16 16:41:13 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\acccore
[2007/11/18 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\aignes
[2010/10/28 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Amazon
[2011/03/29 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\calibre
[2011/06/09 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/14 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox
[2012/01/13 11:00:43 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\FileZilla
[2011/06/24 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\GSplit
[2008/12/10 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\gtk-2.0
[2008/11/17 15:59:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\IsolatedStorage
[2011/02/01 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Jasc
[2011/06/17 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\MySQL
[2009/06/22 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NCH Swift Sound
[2011/03/23 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NexusFont
[2007/11/27 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\pdf995
[2010/05/30 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\SmartDraw
[2011/04/17 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Spesoft Free CD Ripper
[2011/10/22 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\TeamViewer
[2010/05/14 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Vso
[2010/07/19 13:19:58 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\Backup All.job
[2009/08/03 14:41:48 | 000,000,704 | ---- | M] () -- C:\Windows\Tasks\Daily Backkup.job
[2012/01/14 17:14:15 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/27 07:02:17 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\vrydoidt.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Billable Time.jpg:Roxio EMC Stream
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
@Alternate Data Stream - 1033 bytes -> C:\Users\Public\Documents\IDOC Notification - Your Next Step for Financial Aid.eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Public\Documents\IDOC Reminder - Your Next Step for Financial Aid.eml:OECustomProperty

< End of report >
------------------------------------------------------------------
  • 0

#40
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here is the aswMBR log:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-14 17:30:57
-----------------------------
17:30:57.816 OS Version: Windows 6.0.6002 Service Pack 2
17:30:57.816 Number of processors: 2 586 0xF0B
17:30:57.817 ComputerName: GALADRIEL UserName:
17:31:16.845 Initialize success
17:31:30.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:30.693 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
17:31:30.713 Disk 0 MBR read successfully
17:31:30.715 Disk 0 MBR scan
17:31:30.717 Disk 0 Windows VISTA default MBR code
17:31:30.739 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:31:30.751 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
17:31:30.770 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137310 MB offset 21084160
17:31:30.773 Disk 0 Partition - 00 0F Extended LBA 90811 MB offset 302295105
17:31:30.804 Disk 0 Partition - 00 05 Extended 90811 MB offset 302295167
17:31:30.856 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 90811 MB offset 302295168
17:31:30.866 Disk 0 scanning sectors +488278016
17:31:30.983 Disk 0 scanning C:\Windows\system32\drivers
17:31:48.184 Service scanning
17:31:50.280 Modules scanning
17:32:08.439 Disk 0 trace - called modules:
17:32:08.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:32:08.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85708620]
17:32:08.462 3 CLASSPNP.SYS[8abab8b3] -> nt!IofCallDriver -> [0x850addd8]
17:32:08.466 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b1528]
17:32:08.470 Scan finished successfully
17:32:35.719 Disk 0 MBR has been saved successfully to "C:\Users\Mary Ellen\Desktop\MBR.dat"
17:32:35.723 The log file has been saved successfully to "C:\Users\Mary Ellen\Desktop\aswMBR2.txt"
  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As I suspected Combofix appears to have removed the main elements

Could you go to this MS Page and run the small fixit about halfway down

Once done could you check for redirects please
  • 0

#42
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
So far, all three browsers (Mozilla, IE, Chrome) look good.

What do I do now?
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Two things :

First breathe a sigh of relief :lol:

Next run a sweep for orphans and check that the system is performing properly... Reinstall AVG if not already done so

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#44
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
You are my PERSONAL HERO.

Before I do any of this, should I re-activate my firewall?
  • 0

#45
DoctorScience

DoctorScience

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Well, I *can't* turn on Windows Firewall, so I am proceeding without it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP