I've run the following without identifying anything:
- MalWareBytes complete scan
- AVG complete scan
- TDSSkiller
- Goredfix
Herewith my OTL log:
OTL logfile created on: 1/11/2012 10:41:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Public\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 45.00% Memory free
6.73 Gb Paging File | 4.78 Gb Available in Paging File | 71.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.09 Gb Total Space | 52.91 Gb Free Space | 39.46% Space Free | Partition Type: NTFS
Drive D: | 88.68 Gb Total Space | 17.35 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
Drive E: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.48% Space Free | Partition Type: NTFS
Computer Name: GALADRIEL | User Name: Mary Ellen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/11 22:41:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Downloads\OTL.exe
PRC - [2011/12/12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/20 23:04:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/25 15:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () -- C:\Program Files\MONyog\bin\MONyog.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2008/01/19 02:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/07/23 01:27:00 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2003/08/21 02:00:00 | 000,028,672 | ---- | M] (http://www.SteveMiller.net) -- C:\Program Files\My Programs\PureText.exe
========== Modules (No Company Name) ==========
MOD - [2012/01/05 04:48:44 | 000,411,120 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll
MOD - [2012/01/05 04:48:43 | 003,767,792 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
MOD - [2012/01/05 04:47:19 | 000,122,880 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll
MOD - [2012/01/05 04:47:18 | 000,222,208 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll
MOD - [2012/01/05 04:47:17 | 001,746,432 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll
MOD - [2011/11/20 23:04:51 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 21:35:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 21:33:56 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:23:57 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/08/23 12:58:06 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2011/12/14 15:34:44 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/11/07 15:15:48 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 13:15:51 | 000,374,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/09/09 11:13:26 | 000,055,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/05/08 09:48:58 | 003,866,624 | ---- | M] () [Auto | Running] -- C:\Program Files\MONyog\bin\MONyog.exe -- (MONyog)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot Search Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/04 14:45:16 | 005,779,456 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL)
SRV - [2008/01/19 02:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/05/25 12:38:46 | 000,112,176 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
========== Driver Services (SafeList) ==========
DRV - [2012/01/10 16:38:06 | 000,023,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009/07/29 19:04:30 | 000,129,888 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2009/07/29 19:04:30 | 000,032,048 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/03/30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009/03/24 17:43:26 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/06/21 01:09:08 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/31 05:14:40 | 007,478,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/12/18 20:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=0071113
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mary Ellen\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 10:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: D:\FireFox2\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: D:\FireFox2\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 11:04:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 11:04:00 | 000,000,000 | ---D | M]
[2008/06/23 10:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Extensions
[2012/01/08 22:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions
[2011/07/13 09:49:54 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/06/25 20:32:25 | 000,000,000 | ---D | M] (del.icio.us) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2011/05/19 12:48:19 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011/10/06 11:27:40 | 000,000,000 | ---D | M] (CopyAllUrls) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2011/12/23 18:00:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/09/25 09:03:33 | 000,000,000 | ---D | M] (BlockSite) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/11/12 09:46:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2007/11/18 15:11:12 | 000,000,000 | ---D | M] ("Header Monitor") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{ed04d48b-30e0-46ce-9f8e-f2fab9947648}
[2011/06/09 19:47:17 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/01/26 13:17:26 | 000,000,000 | ---D | M] (AFOM Addon) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\afom@idevfh
[2010/03/02 21:12:01 | 000,000,000 | ---D | M] ("DapperFox") -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/09/28 23:35:45 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/11/12 09:46:02 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/12/16 17:58:59 | 000,000,000 | ---D | M] (TACO with Abine) -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\extensions\[email protected]
[2011/06/03 18:40:16 | 000,001,820 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\bing.xml
[2010/01/29 22:59:04 | 000,004,898 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\google-images.xml
[2006/11/20 22:03:04 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\IMDB-1.xml
[2006/10/26 22:22:18 | 000,001,679 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\imdb.xml
[2008/08/18 01:18:24 | 000,002,109 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Roaming\Mozilla\Firefox\Profiles\8caseicc.default\searchplugins\youtube-video-search.xml
[2011/11/30 11:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 11:28:36 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/12/23 10:00:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{4CC4A13B-94A6-7568-370D-5F9DE54A9C7F}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\MARY ELLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CASEICC.DEFAULT\EXTENSIONS\[email protected]
[2011/11/20 23:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/20 20:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 20:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.5.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: AOL Media Playback Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AdBlock = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.9_0\
CHR - Extension: AVG Safe Search = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Mary Ellen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mary Ellen\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Corel Photo Downloader] "c:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EPSON18F106 (Epson Stylus NX420)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [PureText] C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mary Ellen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe - Shortcut.lnk = C:\Program Files\My Programs\PureText.exe (http://www.SteveMiller.net)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: ed.gov ([fafsa] https in Trusted sites)
O15 - HKCU\..Trusted Domains: iis.net ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thawte.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: verisign.com ([digitalid] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D85E079C-05D8-4ABD-8C1B-B34DEE204AA3}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O24 - Desktop BackupWallPaper: D:\ME Pictures\SGA\stargate_springtime_by_mercscilla-d3fvfff.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell - "" = AutoRun
O33 - MountPoints2\{fbfeb11e-c809-11e0-853e-001aa09a7baa}\Shell\AutoRun\command - "" = H:\TLBootstrap_WPP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/11 19:26:13 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\Desktop\GooredFix Backups
[2012/01/11 19:08:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/01/11 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/01/11 15:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot Search Destroy
[2012/01/11 15:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/10 21:37:09 | 000,000,000 | ---D | C] -- C:\Users\Mary Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/10 16:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/01/10 15:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/01/09 23:13:06 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/09 14:04:13 | 000,000,000 | ---D | C] -- C:\symbols
[2012/01/09 13:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debugging Tools for Windows (x86)
[2012/01/09 13:51:03 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2012/01/09 13:49:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2010/04/13 15:25:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.sys
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/01/11 22:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/11 22:31:05 | 000,002,401 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/01/11 22:24:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/11 22:09:59 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000UA.job
[2012/01/11 21:47:24 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 21:47:24 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 21:47:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 21:47:12 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/11 21:47:10 | 257,612,363 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/11 19:07:50 | 000,000,735 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 18:21:21 | 086,549,387 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/01/11 16:07:49 | 000,023,537 | ---- | M] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 15:10:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000Core.job
[2012/01/11 01:41:01 | 009,051,028 | ---- | M] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | M] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/10 18:53:25 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498126754-284654439-1429999899-1000.job
[2012/01/10 18:16:41 | 000,471,704 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/01/10 16:38:06 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2012/01/10 12:44:36 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/01/09 22:22:12 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Public\Documents\tdsskiller.exe
[2012/01/08 08:15:28 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2012/01/08 02:07:22 | 000,128,512 | ---- | M] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/07 01:12:02 | 000,002,110 | ---- | M] () -- C:\Users\Mary Ellen\Desktop\Google Chrome.lnk
[2012/01/07 01:12:02 | 000,002,072 | ---- | M] () -- C:\Users\Mary Ellen\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/03 08:43:13 | 000,853,134 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/03 08:43:13 | 000,184,110 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/27 15:29:11 | 000,048,075 | ---- | M] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/23 12:27:04 | 002,276,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/23 10:00:14 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/18 20:54:43 | 000,417,020 | ---- | M] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:49 | 000,236,529 | ---- | M] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[8 C:\Users\Mary Ellen\Documents\*.tmp files -> C:\Users\Mary Ellen\Documents\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\ProgramData\pevadudu
[2012/01/11 19:07:50 | 000,000,735 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\NTREGOPT.lnk
[2012/01/11 19:07:50 | 000,000,716 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\ERUNT.lnk
[2012/01/11 16:07:47 | 000,023,537 | ---- | C] () -- C:\Users\Mary Ellen\Documents\Spybot - Search & Destroy scan report.pdf
[2012/01/11 15:46:38 | 000,001,029 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 13:21:46 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/11 01:40:53 | 009,051,028 | ---- | C] () -- C:\Users\Mary Ellen\Documents\RedOwl.zip
[2012/01/11 00:26:58 | 000,005,074 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\Attach.zip
[2012/01/11 00:15:01 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\defogger_reenable
[2012/01/10 21:37:09 | 000,001,958 | ---- | C] () -- C:\Users\Mary Ellen\Desktop\HiJackThis.lnk
[2012/01/10 15:30:30 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys
[2011/12/27 15:32:49 | 000,048,075 | ---- | C] () -- C:\Users\Public\Documents\Vermskog.gif
[2011/12/18 20:56:38 | 000,417,020 | ---- | C] () -- C:\Users\Public\Documents\Tractatus_de_butyro46-55.pdf
[2011/12/16 13:11:44 | 000,236,529 | ---- | C] () -- C:\Users\Mary Ellen\Documents\200+ useful Keyboard Shortcuts for Word 2010.pdf
[2011/02/01 17:15:43 | 000,000,088 | RHS- | C] () -- C:\ProgramData\A790E581A6.sys
[2011/02/01 17:15:42 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/04/26 13:38:08 | 000,001,322 | ---- | C] () -- C:\Windows\ntbackup.ini
[2010/04/13 15:27:30 | 000,001,057 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\vso_ts_preview.xml
[2010/04/13 15:25:10 | 000,087,608 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\inst.exe
[2010/04/13 15:25:10 | 000,007,887 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.cat
[2010/04/13 15:25:10 | 000,001,144 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Roaming\pcouffin.inf
[2010/01/11 20:54:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/11 10:41:44 | 000,000,000 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\prvlcl.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/10 18:49:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/10 18:49:10 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/10 18:48:25 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/07 06:03:48 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/12/24 03:02:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/10 17:31:24 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2008/11/20 22:17:12 | 000,118,784 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2008/11/20 22:17:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2008/09/01 07:51:08 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2008/08/27 14:00:42 | 000,166,912 | ---- | C] () -- C:\Windows\System32\libmcrypt.dll
[2008/08/23 16:48:52 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/08/15 01:10:29 | 000,050,075 | ---- | C] () -- C:\Windows\php.ini
[2008/05/26 10:07:57 | 000,131,072 | ---- | C] () -- C:\Windows\gswin32c.exe
[2008/01/12 17:47:37 | 000,007,592 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\d3d9caps.dat
[2007/12/17 20:53:41 | 002,035,712 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2007/12/17 16:01:11 | 000,048,899 | ---- | C] () -- C:\Windows\firstphp.ini
[2007/11/19 21:56:06 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2007/11/19 21:56:06 | 000,000,084 | ---- | C] () -- C:\Windows\wpd99.drv
[2007/11/18 14:41:26 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/11/18 14:13:58 | 000,000,472 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/11/18 13:45:17 | 000,128,512 | ---- | C] () -- C:\Users\Mary Ellen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 10:47:55 | 000,000,859 | ---- | C] () -- C:\Windows\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
[2006/11/09 23:45:20 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:43 | 002,276,840 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,853,134 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,184,110 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ==========
[2011/09/28 23:33:21 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Abine
[2009/07/16 16:41:13 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\acccore
[2007/11/18 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\aignes
[2010/10/28 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Amazon
[2011/09/23 07:49:03 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\AVG2012
[2011/03/29 19:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\calibre
[2011/06/09 13:48:53 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/11 22:25:31 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Dropbox
[2012/01/10 16:03:10 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\FileZilla
[2011/06/24 19:07:12 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\GSplit
[2008/12/10 14:54:44 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\gtk-2.0
[2008/11/17 15:59:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\IsolatedStorage
[2011/02/01 18:34:27 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Jasc
[2011/06/17 15:36:49 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\MySQL
[2009/06/22 14:25:32 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NCH Swift Sound
[2011/03/23 20:59:22 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\NexusFont
[2007/11/27 13:22:14 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\pdf995
[2010/05/30 21:21:02 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\SmartDraw
[2011/04/17 14:48:08 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Spesoft Free CD Ripper
[2011/10/22 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\TeamViewer
[2010/05/14 10:37:41 | 000,000,000 | ---D | M] -- C:\Users\Mary Ellen\AppData\Roaming\Vso
[2010/07/19 13:19:58 | 000,000,686 | ---- | M] () -- C:\Windows\Tasks\Backup All.job
[2009/08/03 14:41:48 | 000,000,704 | ---- | M] () -- C:\Windows\Tasks\Daily Backkup.job
[2012/01/11 19:17:05 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/27 07:02:17 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\vrydoidt.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Billable Time.jpg:Roxio EMC Stream
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:62E2D794
@Alternate Data Stream - 1033 bytes -> C:\Users\Public\Documents\IDOC Notification - Your Next Step for Financial Aid.eml:OECustomProperty
@Alternate Data Stream - 1009 bytes -> C:\Users\Public\Documents\IDOC Reminder - Your Next Step for Financial Aid.eml:OECustomProperty
< End of report >
HALP.