Google redirect, jemacpv redirect, random BSOD [Solved]
Started by
DoctorScience
, Jan 11 2012 10:04 PM
#31
Posted 14 January 2012 - 03:33 PM
#32
Posted 14 January 2012 - 03:35 PM
15 minutes, I'd guess
#33
Posted 14 January 2012 - 03:38 PM
OK lets kill the TDL file and keep our fingers crossed that it goes first time
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files
ipconfig /flushdns /c
C:\Windows\system32\drivers\avgldx86.sys
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#34
Posted 14 January 2012 - 03:43 PM
OK, it's running. How long is it likely to take?
#35
Posted 14 January 2012 - 03:57 PM
OTL should take only a minute or two at the most
#36
Posted 14 January 2012 - 04:02 PM
It is sitting there, Not Responding and with the Vista circle spinning.
The top line in the Custom window is
The top line in the Custom window is
[emptytemp].
#37
Posted 14 January 2012 - 04:14 PM
Processing is now complete and it's rebooting!
#38
Posted 14 January 2012 - 04:17 PM
Once you have rebooted could you re-run aswMBR please
#39
Posted 14 January 2012 - 04:26 PM
OK. First I shall post the log files:
From the Custom script:
-----------------------------------------------------------------
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Public\Downloads\cmd.bat deleted successfully.
C:\Users\Public\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\system32\drivers\avgldx86.sys not found.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Beth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Ellie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mary Ellen
->Temp folder emptied: 183234492 bytes
->Temporary Internet Files folder emptied: 855087 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77843150 bytes
->Google Chrome cache emptied: 53211159 bytes
->Flash cache emptied: 576 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 833085639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,095.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01142012_164220
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
----------------------------------------------------------------------
OTL log:
OTL logfile created on: 1/14/2012 5:19:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary Ellen\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.36% Memory free
6.68 Gb Paging File | 5.78 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.09 Gb Total Space | 55.39 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive D: | 88.68 Gb Total Space | 17.35 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.48% Space Free | Partition Type: NTFS
Computer Name: GALADRIEL | User Name: Mary Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/21 09:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () -- C:\Program Files\MONyog\bin\MONyog.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/07/23 01:27:00 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files\My Programs\PureText.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/13 21:35:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 21:33:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:23:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/12/14 15:34:44 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/11/07 15:15:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/09 11:13:26 | 000,055,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () [Auto | Running] -- C:\Program Files\MONyog\bin\MONyog.exe -- (MONyog)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2012/01/12 09:21:35 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2009/07/29 19:04:30 | 000,129,888 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2009/07/29 19:04:30 | 000,032,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/24 17:43:26 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/21 01:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/31 05:14:40 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0071113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google Images"
FF - prefs.js..browser.startup.homepage: "http://mecurtin.drea...width.org/read"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\FireFox2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\FireFox2\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 11:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 11:04:00 | 000,000,000 | ---D | M]
[2008/06/23 10:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Extensions
[2012/01/08 22:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions
[2011/07/13 09:49:54 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/06/25 20:32:25 | 000,000,000 | ---D | M] (del.icio.us) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2011/05/19 12:48:19 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/10/06 11:27:40 | 000,000,000 | ---D | M] (CopyAllUrls) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2011/12/23 18:00:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/25 09:03:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/12 09:46:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2007/11/18 15:11:12 | 000,000,000 | ---D | M] ("Header Monitor") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648}
[2011/06/09 19:47:17 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/01/26 13:17:26 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\afom@idevfh
[2010/03/02 21:12:01 | 000,000,000 | ---D | M] ("DapperFox") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/09/28 23:35:45 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/11/12 09:46:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/12/16 17:58:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/06/03 18:40:16 | 000,001,820 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\bing.xml
[2010/01/29 22:59:04 | 000,004,898 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\google-images.xml
[2006/11/20 22:03:04 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\IMDB-1.xml
[2006/10/26 22:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\imdb.xml
[2008/08/18 01:18:24 | 000,002,109 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\youtube-video-search.xml
[2011/11/30 11:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 11:28:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{4CC4A13B-94A6-7568-370D-5F9DE54A9C7F}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AdBlock = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.12_0\
CHR - Extension: AVG Safe Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/14 16:42:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EPSON18F106 (Epson Stylus NX420)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PureText] C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe - Shortcut.lnk = C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: ed.gov ([fafsa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iis.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thawte.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([digitalid] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D85E079C-05D8-4ABD-8C1B-B34DEE204AA3}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O24 - Desktop BackupWallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell\AutoRun\command - "" = H:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/14 16:42:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/14 16:21:03 | 000,000,000 | --SD | C] -- C:\thingy27140t
[2012/01/14 16:20:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/14 16:20:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/14 16:20:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/14 16:20:24 | 000,000,000 | --SD | C] -- C:\thingy
[2012/01/14 16:19:29 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\Mary Ellen\Desktop\thingy.exe
[2012/01/13 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/13 14:42:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 14:12:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/13 14:05:08 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Mary Ellen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/13 14:04:48 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Users\Mary Ellen\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/12 17:16:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mary Ellen\Desktop\aswMBR.exe
[2012/01/11 22:41:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
[2012/01/11 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\Desktop\GooredFix Backups
[2012/01/11 19:08:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/11 15:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot Search Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/10 16:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/10 15:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/09 23:13:06 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/09 14:04:13 | 000,000,000 | ---D | C] -- C:\symbols
[2012/01/09 13:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2012/01/09 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2012/01/09 13:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2010/04/13 15:25:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.sys
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/14 17:15:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 17:15:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:15:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/14 17:15:10 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 17:10:10 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000UA.job
[2012/01/14 16:43:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/14 16:42:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/14 16:19:29 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\Mary Ellen\Desktop\thingy.exe
[2012/01/14 15:37:29 | 000,018,261 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\avptool_sysinfo.zip
[2012/01/14 15:18:46 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000.job
[2012/01/14 15:14:28 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000Core.job
[2012/01/14 12:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/13 18:05:31 | 113,275,352 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\setup_11.0.0.1245.x01_2012_01_14_02_38.exe
[2012/01/13 14:05:08 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Mary Ellen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/13 14:04:49 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Users\Mary Ellen\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/13 14:02:00 | 000,468,904 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Geeks to Go instructions.pdf
[2012/01/13 10:52:09 | 236,976,715 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/12 19:59:15 | 000,014,217 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Word 2010 Shortcuts Table of Contents.pdf
[2012/01/12 19:46:22 | 000,096,773 | ---- | M] () -- C:\Users\Mary Ellen\Documents\TocWordShortcuts.pdf
[2012/01/12 19:10:57 | 000,002,401 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/12 19:06:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\MBR.dat
[2012/01/12 17:16:09 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mary Ellen\Desktop\aswMBR.exe
[2012/01/12 09:21:35 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
[2012/01/11 19:07:50 | 000,000,735 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:49 | 000,023,537 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 01:41:01 | 009,051,028 | ---- | M] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | M] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/09 22:22:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/08 08:15:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2012/01/08 02:07:22 | 000,128,512 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/07 01:12:02 | 000,002,110 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Google Chrome.lnk
[2012/01/07 01:12:02 | 000,002,072 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/03 08:43:13 | 000,853,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/03 08:43:13 | 000,184,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/27 15:29:11 | 000,048,075 | ---- | M] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/23 12:27:04 | 002,276,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/18 20:54:43 | 000,417,020 | ---- | M] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:49 | 000,236,529 | ---- | M] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\pevadudu
[2012/01/14 16:20:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/14 16:20:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/14 16:20:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/14 16:20:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/14 16:20:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/14 15:43:57 | 000,018,261 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\avptool_sysinfo.zip
[2012/01/13 18:04:33 | 113,275,352 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\setup_11.0.0.1245.x01_2012_01_14_02_38.exe
[2012/01/13 18:00:28 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/13 14:01:51 | 000,468,904 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Geeks to Go instructions.pdf
[2012/01/12 19:59:13 | 000,014,217 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Word 2010 Shortcuts Table of Contents.pdf
[2012/01/12 19:46:20 | 000,096,773 | ---- | C] () -- C:\Users\Mary Ellen\Documents\TocWordShortcuts.pdf
[2012/01/12 19:06:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\MBR.dat
[2012/01/11 19:07:50 | 000,000,735 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:47 | 000,023,537 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 01:40:53 | 009,051,028 | ---- | C] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/10 15:30:30 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/27 15:32:49 | 000,048,075 | ---- | C] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/18 20:56:38 | 000,417,020 | ---- | C] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:44 | 000,236,529 | ---- | C] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[2011/02/01 17:15:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A790E581A6.sys
[2011/02/01 17:15:42 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/26 13:38:08 | 000,001,322 | ---- | C] () -- C:\Windows\ntbackup.ini
[2010/04/13 15:27:30 | 000,001,057 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\vso_ts_preview.xml
[2010/04/13 15:25:10 | 000,087,608 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\inst.exe
[2010/04/13 15:25:10 | 000,007,887 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.cat
[2010/04/13 15:25:10 | 000,001,144 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.inf
[2010/01/11 20:54:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/11 10:41:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\prvlcl.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/10 18:49:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/10 18:49:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 18:48:25 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/07 06:03:48 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/12/24 03:02:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/10 17:31:24 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2008/09/01 07:51:08 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2008/08/27 14:00:42 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2008/08/23 16:48:52 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/15 01:10:29 | 000,050,075 | ---- | C] () -- C:\Windows\php.ini
[2008/05/26 10:07:57 | 000,131,072 | ---- | C] () -- C:\Windows\gswin32c.exe
[2008/01/12 17:47:37 | 000,007,592 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\d3d9caps.dat
[2007/12/17 20:53:41 | 002,035,712 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2007/12/17 16:01:11 | 000,048,899 | ---- | C] () -- C:\Windows\firstphp.ini
[2007/11/19 21:56:06 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/11/19 21:56:06 | 000,000,084 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/11/18 14:41:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/18 14:13:58 | 000,000,472 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/18 13:45:17 | 000,128,512 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 10:47:55 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/11/09 23:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:43 | 002,276,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,853,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,184,110 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/09/28 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Abine
[2009/07/16 16:41:13 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\acccore
[2007/11/18 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\aignes
[2010/10/28 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Amazon
[2011/03/29 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\calibre
[2011/06/09 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/14 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox
[2012/01/13 11:00:43 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\FileZilla
[2011/06/24 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\GSplit
[2008/12/10 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\gtk-2.0
[2008/11/17 15:59:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\IsolatedStorage
[2011/02/01 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Jasc
[2011/06/17 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\MySQL
[2009/06/22 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NCH Swift Sound
[2011/03/23 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NexusFont
[2007/11/27 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\pdf995
[2010/05/30 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\SmartDraw
[2011/04/17 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Spesoft Free CD Ripper
[2011/10/22 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\TeamViewer
[2010/05/14 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Vso
[2010/07/19 13:19:58 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\Backup All.job
[2009/08/03 14:41:48 | 000,000,704 | ---- | M] () -- C:\Windows\Tasks\Daily Backkup.job
[2012/01/14 17:14:15 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/27 07:02:17 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\vrydoidt.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Billable Time.jpg:Roxio EMC Stream
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
@Alternate Data Stream - 1033 bytes -> C:\Users\Public\Documents\IDOC Notification - Your Next Step for Financial Aid.eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Public\Documents\IDOC Reminder - Your Next Step for Financial Aid.eml:OECustomProperty
< End of report >
------------------------------------------------------------------
From the Custom script:
-----------------------------------------------------------------
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Public\Downloads\cmd.bat deleted successfully.
C:\Users\Public\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\system32\drivers\avgldx86.sys not found.
========== COMMANDS ==========
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Beth
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Ellie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Mary Ellen
->Temp folder emptied: 183234492 bytes
->Temporary Internet Files folder emptied: 855087 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77843150 bytes
->Google Chrome cache emptied: 53211159 bytes
->Flash cache emptied: 576 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 833085639 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1,095.00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01142012_164220
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
----------------------------------------------------------------------
OTL log:
OTL logfile created on: 1/14/2012 5:19:23 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Mary Ellen\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 71.36% Memory free
6.68 Gb Paging File | 5.78 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.09 Gb Total Space | 55.39 Gb Free Space | 41.31% Space Free | Partition Type: NTFS
Drive D: | 88.68 Gb Total Space | 17.35 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.48% Space Free | Partition Type: NTFS
Computer Name: GALADRIEL | User Name: Mary Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/21 09:55:38 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () -- C:\Program Files\MONyog\bin\MONyog.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/07/23 01:27:00 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/09/23 22:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files\My Programs\PureText.exe
========== Modules (No Company Name) ==========
MOD - [2011/10/13 21:35:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 21:33:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:23:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/12/14 15:34:44 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/11/07 15:15:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/09 11:13:26 | 000,055,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () [Auto | Running] -- C:\Program Files\MONyog\bin\MONyog.exe -- (MONyog)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2012/01/12 09:21:35 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2009/07/29 19:04:30 | 000,129,888 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2009/07/29 19:04:30 | 000,032,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/24 17:43:26 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/21 01:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/31 05:14:40 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0071113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google Images"
FF - prefs.js..browser.startup.homepage: "http://mecurtin.drea...width.org/read"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\FireFox2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\FireFox2\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 11:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 11:04:00 | 000,000,000 | ---D | M]
[2008/06/23 10:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Extensions
[2012/01/08 22:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions
[2011/07/13 09:49:54 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/06/25 20:32:25 | 000,000,000 | ---D | M] (del.icio.us) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2011/05/19 12:48:19 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/10/06 11:27:40 | 000,000,000 | ---D | M] (CopyAllUrls) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2011/12/23 18:00:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/25 09:03:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/12 09:46:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2007/11/18 15:11:12 | 000,000,000 | ---D | M] ("Header Monitor") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648}
[2011/06/09 19:47:17 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/01/26 13:17:26 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\afom@idevfh
[2010/03/02 21:12:01 | 000,000,000 | ---D | M] ("DapperFox") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/09/28 23:35:45 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/11/12 09:46:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/12/16 17:58:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/06/03 18:40:16 | 000,001,820 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\bing.xml
[2010/01/29 22:59:04 | 000,004,898 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\google-images.xml
[2006/11/20 22:03:04 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\IMDB-1.xml
[2006/10/26 22:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\imdb.xml
[2008/08/18 01:18:24 | 000,002,109 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\youtube-video-search.xml
[2011/11/30 11:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 11:28:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{4CC4A13B-94A6-7568-370D-5F9DE54A9C7F}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AdBlock = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.12_0\
CHR - Extension: AVG Safe Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/01/14 16:42:21 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EPSON18F106 (Epson Stylus NX420)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PureText] C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe - Shortcut.lnk = C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: ed.gov ([fafsa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iis.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thawte.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([digitalid] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D85E079C-05D8-4ABD-8C1B-B34DEE204AA3}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O24 - Desktop BackupWallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell\AutoRun\command - "" = H:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/14 16:42:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/14 16:21:03 | 000,000,000 | --SD | C] -- C:\thingy27140t
[2012/01/14 16:20:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/14 16:20:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/14 16:20:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/14 16:20:24 | 000,000,000 | --SD | C] -- C:\thingy
[2012/01/14 16:19:29 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\Mary Ellen\Desktop\thingy.exe
[2012/01/13 18:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/01/13 14:42:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/13 14:12:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/13 14:05:08 | 001,692,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Mary Ellen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/13 14:04:48 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Users\Mary Ellen\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/12 17:16:00 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Mary Ellen\Desktop\aswMBR.exe
[2012/01/11 22:41:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
[2012/01/11 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\Desktop\GooredFix Backups
[2012/01/11 19:08:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/11 15:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot Search Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/10 16:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/10 15:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/09 23:13:06 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/09 14:04:13 | 000,000,000 | ---D | C] -- C:\symbols
[2012/01/09 13:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2012/01/09 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2012/01/09 13:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2010/04/13 15:25:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.sys
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/14 17:15:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/14 17:15:19 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:15:18 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 17:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/14 17:15:10 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 17:10:10 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000UA.job
[2012/01/14 16:43:21 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/14 16:42:21 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/14 16:19:29 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\Mary Ellen\Desktop\thingy.exe
[2012/01/14 15:37:29 | 000,018,261 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\avptool_sysinfo.zip
[2012/01/14 15:18:46 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000.job
[2012/01/14 15:14:28 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000Core.job
[2012/01/14 12:32:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/13 18:05:31 | 113,275,352 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\setup_11.0.0.1245.x01_2012_01_14_02_38.exe
[2012/01/13 14:05:08 | 001,692,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Mary Ellen\Desktop\avg_remover_stf_x86_2012_1796.exe
[2012/01/13 14:04:49 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Users\Mary Ellen\Desktop\avg_free_stb_all_2012_1901_cnet.exe
[2012/01/13 14:02:00 | 000,468,904 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Geeks to Go instructions.pdf
[2012/01/13 10:52:09 | 236,976,715 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/12 19:59:15 | 000,014,217 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Word 2010 Shortcuts Table of Contents.pdf
[2012/01/12 19:46:22 | 000,096,773 | ---- | M] () -- C:\Users\Mary Ellen\Documents\TocWordShortcuts.pdf
[2012/01/12 19:10:57 | 000,002,401 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/12 19:06:46 | 000,000,512 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\MBR.dat
[2012/01/12 17:16:09 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Mary Ellen\Desktop\aswMBR.exe
[2012/01/12 09:21:35 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mary Ellen\Desktop\OTL.exe
[2012/01/11 19:07:50 | 000,000,735 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:49 | 000,023,537 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 01:41:01 | 009,051,028 | ---- | M] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | M] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/09 22:22:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/08 08:15:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2012/01/08 02:07:22 | 000,128,512 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/07 01:12:02 | 000,002,110 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Google Chrome.lnk
[2012/01/07 01:12:02 | 000,002,072 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/03 08:43:13 | 000,853,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/03 08:43:13 | 000,184,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/27 15:29:11 | 000,048,075 | ---- | M] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/23 12:27:04 | 002,276,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/18 20:54:43 | 000,417,020 | ---- | M] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:49 | 000,236,529 | ---- | M] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\pevadudu
[2012/01/14 16:20:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/14 16:20:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/14 16:20:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/14 16:20:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/14 16:20:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/14 15:43:57 | 000,018,261 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\avptool_sysinfo.zip
[2012/01/13 18:04:33 | 113,275,352 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\setup_11.0.0.1245.x01_2012_01_14_02_38.exe
[2012/01/13 18:00:28 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/13 14:01:51 | 000,468,904 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Geeks to Go instructions.pdf
[2012/01/12 19:59:13 | 000,014,217 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Word 2010 Shortcuts Table of Contents.pdf
[2012/01/12 19:46:20 | 000,096,773 | ---- | C] () -- C:\Users\Mary Ellen\Documents\TocWordShortcuts.pdf
[2012/01/12 19:06:46 | 000,000,512 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\MBR.dat
[2012/01/11 19:07:50 | 000,000,735 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:47 | 000,023,537 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 01:40:53 | 009,051,028 | ---- | C] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/10 15:30:30 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/27 15:32:49 | 000,048,075 | ---- | C] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/18 20:56:38 | 000,417,020 | ---- | C] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:44 | 000,236,529 | ---- | C] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[2011/02/01 17:15:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A790E581A6.sys
[2011/02/01 17:15:42 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/26 13:38:08 | 000,001,322 | ---- | C] () -- C:\Windows\ntbackup.ini
[2010/04/13 15:27:30 | 000,001,057 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\vso_ts_preview.xml
[2010/04/13 15:25:10 | 000,087,608 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\inst.exe
[2010/04/13 15:25:10 | 000,007,887 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.cat
[2010/04/13 15:25:10 | 000,001,144 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.inf
[2010/01/11 20:54:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/11 10:41:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\prvlcl.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/10 18:49:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/10 18:49:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 18:48:25 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/07 06:03:48 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/12/24 03:02:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/10 17:31:24 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2008/09/01 07:51:08 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2008/08/27 14:00:42 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2008/08/23 16:48:52 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/15 01:10:29 | 000,050,075 | ---- | C] () -- C:\Windows\php.ini
[2008/05/26 10:07:57 | 000,131,072 | ---- | C] () -- C:\Windows\gswin32c.exe
[2008/01/12 17:47:37 | 000,007,592 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\d3d9caps.dat
[2007/12/17 20:53:41 | 002,035,712 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2007/12/17 16:01:11 | 000,048,899 | ---- | C] () -- C:\Windows\firstphp.ini
[2007/11/19 21:56:06 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/11/19 21:56:06 | 000,000,084 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/11/18 14:41:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/18 14:13:58 | 000,000,472 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/18 13:45:17 | 000,128,512 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 10:47:55 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/11/09 23:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:43 | 002,276,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,853,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,184,110 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/09/28 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Abine
[2009/07/16 16:41:13 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\acccore
[2007/11/18 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\aignes
[2010/10/28 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Amazon
[2011/03/29 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\calibre
[2011/06/09 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/14 15:39:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox
[2012/01/13 11:00:43 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\FileZilla
[2011/06/24 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\GSplit
[2008/12/10 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\gtk-2.0
[2008/11/17 15:59:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\IsolatedStorage
[2011/02/01 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Jasc
[2011/06/17 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\MySQL
[2009/06/22 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NCH Swift Sound
[2011/03/23 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NexusFont
[2007/11/27 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\pdf995
[2010/05/30 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\SmartDraw
[2011/04/17 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Spesoft Free CD Ripper
[2011/10/22 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\TeamViewer
[2010/05/14 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Vso
[2010/07/19 13:19:58 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\Backup All.job
[2009/08/03 14:41:48 | 000,000,704 | ---- | M] () -- C:\Windows\Tasks\Daily Backkup.job
[2012/01/14 17:14:15 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/27 07:02:17 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\vrydoidt.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Billable Time.jpg:Roxio EMC Stream
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
@Alternate Data Stream - 1033 bytes -> C:\Users\Public\Documents\IDOC Notification - Your Next Step for Financial Aid.eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Public\Documents\IDOC Reminder - Your Next Step for Financial Aid.eml:OECustomProperty
< End of report >
------------------------------------------------------------------
#40
Posted 14 January 2012 - 04:34 PM
Here is the aswMBR log:
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-14 17:30:57
-----------------------------
17:30:57.816 OS Version: Windows 6.0.6002 Service Pack 2
17:30:57.816 Number of processors: 2 586 0xF0B
17:30:57.817 ComputerName: GALADRIEL UserName:
17:31:16.845 Initialize success
17:31:30.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:30.693 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
17:31:30.713 Disk 0 MBR read successfully
17:31:30.715 Disk 0 MBR scan
17:31:30.717 Disk 0 Windows VISTA default MBR code
17:31:30.739 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:31:30.751 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
17:31:30.770 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137310 MB offset 21084160
17:31:30.773 Disk 0 Partition - 00 0F Extended LBA 90811 MB offset 302295105
17:31:30.804 Disk 0 Partition - 00 05 Extended 90811 MB offset 302295167
17:31:30.856 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 90811 MB offset 302295168
17:31:30.866 Disk 0 scanning sectors +488278016
17:31:30.983 Disk 0 scanning C:\Windows\system32\drivers
17:31:48.184 Service scanning
17:31:50.280 Modules scanning
17:32:08.439 Disk 0 trace - called modules:
17:32:08.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:32:08.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85708620]
17:32:08.462 3 CLASSPNP.SYS[8abab8b3] -> nt!IofCallDriver -> [0x850addd8]
17:32:08.466 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b1528]
17:32:08.470 Scan finished successfully
17:32:35.719 Disk 0 MBR has been saved successfully to "C:\Users\Mary Ellen\Desktop\MBR.dat"
17:32:35.723 The log file has been saved successfully to "C:\Users\Mary Ellen\Desktop\aswMBR2.txt"
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-14 17:30:57
-----------------------------
17:30:57.816 OS Version: Windows 6.0.6002 Service Pack 2
17:30:57.816 Number of processors: 2 586 0xF0B
17:30:57.817 ComputerName: GALADRIEL UserName:
17:31:16.845 Initialize success
17:31:30.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:31:30.693 Disk 0 Vendor: ST3250820AS 3.ADG Size: 238418MB BusType: 3
17:31:30.713 Disk 0 MBR read successfully
17:31:30.715 Disk 0 MBR scan
17:31:30.717 Disk 0 Windows VISTA default MBR code
17:31:30.739 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
17:31:30.751 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
17:31:30.770 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137310 MB offset 21084160
17:31:30.773 Disk 0 Partition - 00 0F Extended LBA 90811 MB offset 302295105
17:31:30.804 Disk 0 Partition - 00 05 Extended 90811 MB offset 302295167
17:31:30.856 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 90811 MB offset 302295168
17:31:30.866 Disk 0 scanning sectors +488278016
17:31:30.983 Disk 0 scanning C:\Windows\system32\drivers
17:31:48.184 Service scanning
17:31:50.280 Modules scanning
17:32:08.439 Disk 0 trace - called modules:
17:32:08.453 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:32:08.457 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85708620]
17:32:08.462 3 CLASSPNP.SYS[8abab8b3] -> nt!IofCallDriver -> [0x850addd8]
17:32:08.466 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850b1528]
17:32:08.470 Scan finished successfully
17:32:35.719 Disk 0 MBR has been saved successfully to "C:\Users\Mary Ellen\Desktop\MBR.dat"
17:32:35.723 The log file has been saved successfully to "C:\Users\Mary Ellen\Desktop\aswMBR2.txt"
#42
Posted 14 January 2012 - 04:51 PM
So far, all three browsers (Mozilla, IE, Chrome) look good.
What do I do now?
What do I do now?
#43
Posted 14 January 2012 - 04:55 PM
Two things :
First breathe a sigh of relief
Next run a sweep for orphans and check that the system is performing properly... Reinstall AVG if not already done so
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
First breathe a sigh of relief
Next run a sweep for orphans and check that the system is performing properly... Reinstall AVG if not already done so
Please download Malwarebytes' Anti-Malware
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish, so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
#44
Posted 14 January 2012 - 05:01 PM
You are my PERSONAL HERO.
Before I do any of this, should I re-activate my firewall?
Before I do any of this, should I re-activate my firewall?
#45
Posted 14 January 2012 - 05:16 PM
Well, I *can't* turn on Windows Firewall, so I am proceeding without it.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users