Author Topic: 6 Trojans found by AVG (Read 1164 times)

mickapoo · « **on:** April 20, 2011, 06:46:19 AM »

First I was notified by my hosting company that two of my domains had their FTP information hijacked from my computer and posted on a 'hub' online. I am concerned about what other info is being stolen...

After slow performance I checked the task manager & Firefox was using over 300MB of resources!

Lastly, I ran a full scan using AVG and it found 6 trojans in various places.
I ran S&D three times, and each time it found more malware.

If you can help me sort this out and make sure that my computer is clean, I'd be ever grateful. I am so concerned now that much more information is being stolen, such as my personal c.c. info!

.................................................................................................

Here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:30:21 AM, on 4/20/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files\Firefox\firefox.exe
C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} (SiteBuilderEditor Class) - http://store02.prostores.com/storeadmin/utilities/pssbedit.cab
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 10136 bytes

....................................................................................................

Thank you!

mickapoo · « **Reply #1 on:** April 20, 2011, 06:49:26 AM »

I forgot to ask- would you like me to post the AVG log/report?

guestolo · « **Reply #2 on:** April 20, 2011, 09:07:57 AM »

[quote name='mickapoo' date='20 April 2011 - 04:49 AM' timestamp='1303300166' post='478089']
I forgot to ask- would you like me to post the AVG log/report?
[/quote]

Yes, go ahead
In addition:
Download [color="#FF0000"]OTL.exe[/color][/url] by OldTimer to your Desktop.

Close all windows and double click on OTL.exe to run it
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

mickapoo · « **Reply #3 on:** April 20, 2011, 10:47:32 AM »

Here is the OTL.Txt log:

OTL logfile created on: 4/20/2011 11:33:21 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 526.00 Mb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 35.29 Gb Free Space | 37.89% Space Free | Partition Type: NTFS

Computer Name: EV | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
PRC - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/20 09:33:42 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 09:33:25 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/30 15:53:59 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/20 09:33:25 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/06/19 17:27:23 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/06/19 17:27:12 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/06/19 17:27:10 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/19 17:26:59 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/20 09:33:42 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/20 09:33:41 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/04/04 14:42:24 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/26 00:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/03/01 12:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/14 12:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Documents%20and%20Settings/Evelyn/My%20Documents/My%20Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_494413fd.pac"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 21:56:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Firefox\components [2011/04/08 20:59:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/04/08 20:59:40 | 000,000,000 | ---D | M]

[2009/01/07 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Extensions
[2011/04/17 17:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions
[2010/09/20 14:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 09:00:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/09/06 09:04:23 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\[email protected]
[2009/01/29 22:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://store02.prostores.com/storeadmin/utilities/pssbedit.cab (SiteBuilderEditor Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/25 01:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 11:28:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/20 07:26:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evelyn\Recent
[2011/04/11 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/11 14:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/03 14:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\Adobe Mini Bridge CS5
[2011/04/03 14:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/02 10:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp

========== Files - Modified Within 30 Days ==========

[2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 09:46:57 | 074,676,211 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/20 09:43:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/20 07:29:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/19 14:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/15 11:27:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/04/12 18:01:37 | 000,496,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 18:01:36 | 000,084,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 17:57:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 12:55:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/03 09:51:35 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 02:28:48 | 001,441,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/02/11 22:07:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Overdub.ini
[2011/02/11 22:07:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\HYSBUAYB.SYS
[2011/02/04 15:45:55 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/10/07 18:33:20 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/06/17 17:47:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\PUTTY.RND
[2010/05/08 18:37:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/08 18:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 18:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/08 18:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/08 18:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/01 20:37:51 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\FEED65
[2009/12/01 20:37:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\mcs.rma
[2009/06/18 20:43:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2009/02/27 15:27:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/01/17 10:50:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/12 16:13:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/10 10:09:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/06/06 11:41:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/27 16:23:46 | 000,006,540 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PrimoPDFSet.xml
[2008/05/27 16:23:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\APUSet.xml
[2008/05/27 16:05:15 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/26 09:07:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2008/04/10 20:12:32 | 000,001,359 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/08 17:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/08 17:42:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/04 09:28:10 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/04 09:27:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/03 21:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:35:42 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/03/30 18:52:22 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 19:53:00 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/03/27 19:52:47 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/03/27 19:52:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/27 14:54:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/25 01:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 00:58:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 16:15:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 16:12:21 | 001,441,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,526 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,844 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

I don't see the Reports.txt file on the desktop- I do see that it posted the OTL.Txt file to the desktop (and it popped up as well), but nothing titled Reports. I also did a Search for it and nothing was found.

Thank you for your help!

guestolo · « **Reply #4 on:** April 23, 2011, 02:44:44 PM »

sorry for the delay
Open OTL.exe and under "Extra Registry"
Ensure that 'Use Safelist' is selected

Then click on Run Scan

Post back with both OTL.txt and Extra.txt

mickapoo · « **Reply #5 on:** April 23, 2011, 04:41:27 PM »

No apologies necessary, I so appreciate all the time & help you dedicate to help. Do you see anything suspicious so far?

Here is the OTL log:
................................................................................................
OTL logfile created on: 4/23/2011 5:31:58 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 457.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 35.22 Gb Free Space | 37.81% Space Free | Partition Type: NTFS

Computer Name: EV | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
PRC - [2011/03/26 20:46:16 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Firefox\firefox.exe
PRC - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/03/27 16:07:26 | 000,362,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/20 09:33:42 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 09:33:25 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/03/30 15:53:59 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010/06/19 17:27:18 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/03/27 16:07:20 | 000,751,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/20 09:33:25 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2005/01/06 17:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbucoms.exe -- (lxbu_device)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2010/06/19 17:27:23 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/06/19 17:27:12 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/06/19 17:27:10 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/19 17:26:59 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/20 09:33:42 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/20 09:33:41 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/04/04 14:42:24 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/11/04 11:37:28 | 000,043,552 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/10/11 22:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/10/11 21:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/10/11 21:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/26 00:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2005/03/01 12:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/14 12:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.4
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Documents%20and%20Settings/Evelyn/My%20Documents/My%20Music/Temp/Tunebite/.downloading/profile/rrproxy_ffox_494413fd.pac"

FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2009/11/30 21:56:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Firefox\components [2011/04/08 20:59:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Firefox\plugins [2011/04/08 20:59:40 | 000,000,000 | ---D | M]

[2009/01/07 13:04:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Extensions
[2011/04/20 20:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions
[2010/09/20 14:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/06 09:00:01 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/09/06 09:04:23 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\extensions\[email protected]
[2009/01/29 22:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LXBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.DLL ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DeviceEnum Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} http://mickapoo.spaces.live.com/PhotoUpload/MsnPUpld.cab (Windows Live Photo Upload Control)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} http://ipgweb.cce.hp.com/rdqnbk2/downloads/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F73BE1F4-82AA-4405-AB81-FAFB5A122359} http://store02.prostores.com/storeadmin/utilities/pssbedit.cab (SiteBuilderEditor Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Evelyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/25 01:01:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/20 11:28:39 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/20 07:26:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Evelyn\Recent
[2011/04/11 14:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/04/11 14:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/04/03 14:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\Adobe Mini Bridge CS5
[2011/04/03 14:54:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Evelyn\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/02 10:45:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\AdobeTemp

========== Files - Modified Within 30 Days ==========

[2011/04/23 17:29:59 | 074,825,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/23 16:43:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/21 14:43:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/20 11:28:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Evelyn\Desktop\OTL.exe
[2011/04/20 07:29:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Evelyn\Desktop\HijackThis.exe
[2011/04/15 11:27:48 | 000,001,456 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/04/12 18:01:37 | 000,496,526 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 18:01:36 | 000,084,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 17:57:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 12:55:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/04/03 09:51:35 | 000,120,320 | ---- | M] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/31 02:28:48 | 001,441,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/02/11 22:07:52 | 000,000,065 | ---- | C] () -- C:\WINDOWS\Overdub.ini
[2011/02/11 22:07:33 | 000,000,066 | ---- | C] () -- C:\WINDOWS\System32\HYSBUAYB.SYS
[2011/02/04 15:45:55 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/10/07 18:33:20 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2010/06/17 17:47:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\PUTTY.RND
[2010/05/08 18:37:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/08 18:37:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/08 18:37:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/08 18:37:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/08 18:37:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/01 20:37:51 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\FEED65
[2009/12/01 20:37:50 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\mcs.rma
[2009/06/18 20:43:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2009/02/27 15:27:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/01/17 10:50:13 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/12 16:13:43 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/06/10 10:09:52 | 000,000,044 | ---- | C] () -- C:\WINDOWS\SMWizard.INI
[2008/06/06 11:41:26 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/27 16:23:46 | 000,006,540 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\PrimoPDFSet.xml
[2008/05/27 16:23:45 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\Evelyn\Application Data\APUSet.xml
[2008/05/27 16:05:15 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/04/26 09:07:13 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbuvs.dll
[2008/04/10 20:12:32 | 000,001,359 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/04/08 17:51:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/04/08 17:42:49 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/04/04 09:28:10 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/04/04 09:27:44 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/04/03 21:23:40 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/02 15:35:42 | 000,102,236 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2008/03/30 18:52:22 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\Evelyn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 19:53:00 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2008/03/27 19:52:47 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2008/03/27 19:52:36 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/03/27 14:54:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/25 01:03:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 00:58:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 16:15:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 16:12:21 | 001,441,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,496,526 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,084,844 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 19:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 13:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 13:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

And here is the Extras.txt file:

.............................................................................................

OTL Extras logfile created on: 4/23/2011 5:31:58 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Evelyn\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 457.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.15 Gb Total Space | 35.22 Gb Free Space | 37.81% Space Free | Partition Type: NTFS

Computer Name: EV | User Name: Evelyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}" = HP Driver Diagnostics
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DF995F-2ACC-47E4-A33B-A703F4D39E92}" = CuteFTP 5.0 XP
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4FC19392-E4A5-4CCB-B45A-AB7E8126D3C9}" = Microsoft Easy Assist
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}" = Apache HTTP Server 2.2.14
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{BAFDD9A5-0E66-41B9-B163-1F217CFA7919}" = VolusionLiveChat
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Akamai" = Akamai NetSession Interface
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"AVG8Uninstall" = AVG 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitZipper_is1" = BitZipper 5.0.4
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core FTP LE 2.1" = Core FTP LE 2.1
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Lexmark 6200 Series" = Lexmark 6200 Series
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Orbit_is1" = Orbit Downloader
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"TheBestSpinner" = TheBestSpinner
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/5/2011 3:21:19 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2011 3:21:48 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/5/2011 4:44:48 PM | Computer Name = EV | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x031e0183.

Error - 4/6/2011 7:11:26 AM | Computer Name = EV | Source = Application Error | ID = 1000
Description = Faulting application trueimagemonitor.exe, version 13.0.0.7046, faulting
module unknown, version 0.0.0.0, fault address 0x003601ad.

Error - 4/6/2011 7:11:52 AM | Computer Name = EV | Source = Application Error | ID = 1001
Description = Fault bucket -1908680529.

Error - 4/12/2011 5:29:56 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2011 5:30:01 PM | Computer Name = EV | Source = Application Hang | ID = 1001
Description = Fault bucket -1932755128.

Error - 4/12/2011 5:31:59 PM | Computer Name = EV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/12/2011 5:39:32 PM | Computer Name = EV | Source = Application Hang | ID = 1001
Description = Fault bucket -1932755128.

Error - 4/15/2011 1:30:17 PM | Computer Name = EV | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x03210183.

[ System Events ]
Error - 4/6/2011 6:24:35 PM | Computer Name = EV | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/6/2011 6:24:42 PM | Computer Name = EV | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 4/8/2011 10:26:15 AM | Computer Name = EV | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/11/2011 4:13:44 PM | Computer Name = EV | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Netman service.

Error - 4/12/2011 5:57:34 PM | Computer Name = EV | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 4/12/2011 5:57:34 PM | Computer Name = EV | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 4/12/2011 5:57:34 PM | Computer Name = EV | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/14/2011 8:55:27 PM | Computer Name = EV | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 4/16/2011 9:54:49 AM | Computer Name = EV | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 4/22/2011 7:16:42 PM | Computer Name = EV | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the WZCSVC service.

< End of report >

guestolo · « **Reply #6 on:** April 23, 2011, 08:31:30 PM »

Nothing popping out at me off hand, let me take a deeper look
Also, you mentioned you would post the log from AVG
Can you please

mickapoo · « **Reply #7 on:** April 25, 2011, 07:39:01 AM »

Thank you!

"Infection";"Trojan horse Generic17.BSEI";"C:\_OTL\MovedFiles\05082010_174318\C_WINDOWS\Pzepea.exe";"";"4/19/2011, 10:20:43 PM"
"Infection";"Trojan horse Agent2.ASKC";"C:\_OTL\MovedFiles\05082010_174318\C_Documents and Settings\Evelyn\Local Settings\Temp\Phf.exe";"";"4/19/2011, 10:20:42 PM"
"Infection";"Trojan horse Agent2.ATVJ";"C:\System Volume Information\_restore{8B080C91-E883-4AFA-8349-C1FA433AD331}\RP324\A0043182.dll";"";"4/19/2011, 9:34:51 PM"
"Infection";"Trojan horse BHO.MHG";"C:\System Volume Information\_restore{8B080C91-E883-4AFA-8349-C1FA433AD331}\RP324\A0043181.dll";"";"4/19/2011, 9:34:50 PM"
"Infection";"Trojan horse Agent2.ATVJ";"C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\components\adproFfx.dll";"";"4/19/2011, 8:50:01 PM"
"Infection";"Trojan horse BHO.MHG";"C:\Program Files\HijackThis\backups\backup-20100505-160106-247.dll";"";"4/19/2011, 8:43:29 PM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[1].txt";"";"4/19/2011, 6:33:57 PM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"4/19/2011, 6:33:57 PM"
"Warning";"Found Tracking cookie.Webtrendslive";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"4/19/2011, 6:33:56 PM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[1].txt";"";"4/19/2011, 6:33:56 PM"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\Evelyn\Cookies\evelyn@ru4[1].txt";"";"4/19/2011, 6:33:56 PM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"4/19/2011, 6:33:55 PM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[1].txt";"";"4/19/2011, 6:33:55 PM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"4/19/2011, 6:33:55 PM"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pro-market[2].txt";"";"4/19/2011, 6:33:55 PM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[2].txt";"";"4/19/2011, 6:33:55 PM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[2].txt";"";"4/19/2011, 6:33:54 PM"
"Warning";"Found Tracking cookie.Webtrends";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"4/19/2011, 6:33:53 PM"
"Warning";"Found Tracking cookie.Liveperson";"C:\Documents and Settings\Evelyn\Cookies\evelyn@liveperson[1].txt";"";"4/19/2011, 6:33:53 PM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[2].txt";"";"4/19/2011, 6:33:52 PM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[2].txt";"";"4/19/2011, 6:33:51 PM"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\Evelyn\Cookies\evelyn@burstnet[2].txt";"";"4/19/2011, 6:33:51 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"4/19/2011, 6:33:51 PM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"4/19/2011, 6:33:50 PM"
"Warning";"Found Tracking cookie.Adtech";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adtech[1].txt";"";"4/19/2011, 6:33:50 PM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[1].txt";"";"4/19/2011, 6:33:50 PM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"4/19/2011, 6:33:49 PM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[1].txt";"";"4/19/2011, 6:33:49 PM"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@247realmedia[1].txt";"";"4/19/2011, 6:33:49 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\cookies.sqlite";"";"4/19/2011, 6:33:37 PM"
"Warning";"Found Tracking cookie.Webtrends";"C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"";"4/19/2011, 6:23:45 PM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt";"";"4/19/2011, 6:23:44 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt";"";"4/19/2011, 6:23:44 PM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt";"";"4/19/2011, 6:23:44 PM"
"Infection";"Trojan horse BackDoor.Generic12.BIES";"C:\WINDOWS\Temp\00001f27.sys";"";"5/6/2010, 12:47:19 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt";"";"5/5/2010, 9:14:14 PM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\NetworkService\Cookies\system@tacoda[1].txt";"";"5/5/2010, 9:14:14 PM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt";"";"5/5/2010, 9:14:13 PM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt";"";"5/5/2010, 9:14:13 PM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt";"";"5/5/2010, 9:14:12 PM"
"Infection";"Trojan horse SHeur3.SPF";"C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\SAQZVR8A\oriqbjdp[2].htm";"";"5/5/2010, 9:08:07 PM"
"Infection";"Trojan horse SHeur3.SPF";"C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\SAQZVR8A\oriqbjdp[1].htm";"";"5/5/2010, 9:08:07 PM"
"Infection";"Trojan horse Cryptic.IG";"C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\SAQZVR8A\hypwhc[2].htm";"";"5/5/2010, 9:08:01 PM"
"Infection";"Trojan horse Cryptic.IG";"C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\Q1P7N1JY\rvqxfn[1].htm";"";"5/5/2010, 9:07:59 PM"
"Infection";"Trojan horse Cryptic.IG";"C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\EQPAQ1B6\rvqxfn[1].htm";"";"5/5/2010, 9:07:50 PM"
"Infection";"Trojan horse Cryptic.IG";"C:\Documents and Settings\Evelyn\Local Settings\Temporary Internet Files\Content.IE5\EQPAQ1B6\hypwhc[1].htm";"";"5/5/2010, 9:07:42 PM"
"Infection";"Trojan horse SHeur3.SPF";"C:\Documents and Settings\Evelyn\Local Settings\Temp\nbmrh.exe";"";"5/5/2010, 9:07:28 PM"
"Infection";"Trojan horse Cryptic.IG";"C:\Documents and Settings\Evelyn\Local Settings\Temp\ieyih.exe";"";"5/5/2010, 9:07:27 PM"
"Infection";"Trojan horse Cryptic.IG";"C:\Documents and Settings\Evelyn\Local Settings\Temp\gmfrxpgv.exe";"";"5/5/2010, 9:07:27 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"5/5/2010, 8:34:11 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\cookies.sqlite";"";"5/5/2010, 8:33:48 PM"
"Infection";"Trojan horse Downloader.Generic9.BDXG";"C:\Documents and Settings\Evelyn\Application Data\3F061CC943DE27FE7096EC0ACAF3F839\hookdll.dll";"";"5/5/2010, 8:31:58 PM"
"Infection";"Trojan horse Generic17.BDGV";"C:\System Volume Information\_restore{8B080C91-E883-4AFA-8349-C1FA433AD331}\RP812\A0094058.exe";"";"4/21/2010, 9:42:17 AM"
"Infection";"Trojan horse Generic17.BDGV";"C:\Program Files\AOL\Installers\AOL Explorer\ocpinst.exe";"";"4/21/2010, 8:12:54 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"4/20/2010, 8:17:10 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[1].txt";"";"4/20/2010, 8:17:09 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[3].txt";"";"4/20/2010, 8:17:03 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"4/20/2010, 8:17:03 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"4/20/2010, 8:17:03 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[2].txt";"";"4/20/2010, 8:17:01 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"4/3/2010, 6:39:59 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"4/1/2010, 12:05:34 PM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[2].txt";"";"3/22/2010, 10:09:01 AM"
"Warning";"Found Tracking cookie.Hitbox";"C:\Documents and Settings\Evelyn\Cookies\evelyn@hitbox[2].txt";"";"3/22/2010, 10:08:58 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"3/22/2010, 10:08:56 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[1].txt";"";"3/22/2010, 10:08:55 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[1].txt";"";"3/15/2010, 6:39:51 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[2].txt";"";"3/15/2010, 6:39:50 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[1].txt";"";"3/15/2010, 6:39:50 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"3/15/2010, 6:39:48 AM"
"Warning";"Found Tracking cookie.Hitbox";"C:\Documents and Settings\Evelyn\Cookies\evelyn@hitbox[2].txt";"";"3/15/2010, 6:39:47 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"3/15/2010, 6:39:46 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"3/15/2010, 6:39:46 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"3/15/2010, 6:39:45 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"3/15/2010, 6:39:44 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[1].txt";"";"3/4/2010, 12:15:32 PM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"3/4/2010, 12:15:32 PM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"3/4/2010, 12:15:30 PM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"3/4/2010, 12:15:29 PM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[2].txt";"";"3/4/2010, 12:15:28 PM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[2].txt";"";"3/4/2010, 12:15:28 PM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[2].txt";"";"3/4/2010, 12:15:24 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"3/4/2010, 12:15:23 PM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"3/4/2010, 12:15:22 PM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[1].txt";"";"3/4/2010, 12:15:22 PM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"3/4/2010, 12:15:21 PM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"3/2/2010, 11:49:45 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"3/2/2010, 11:49:44 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\Evelyn\Cookies\evelyn@zedo[1].txt";"";"3/1/2010, 7:39:58 AM"
"Warning";"Found Tracking cookie.Yadro";"C:\Documents and Settings\Evelyn\Cookies\evelyn@yadro[2].txt";"";"3/1/2010, 7:39:58 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[1].txt";"";"3/1/2010, 7:39:57 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[2].txt";"";"3/1/2010, 7:39:57 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[2].txt";"";"3/1/2010, 7:39:56 AM"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\Evelyn\Cookies\evelyn@ru4[1].txt";"";"3/1/2010, 7:39:56 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"3/1/2010, 7:39:56 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[2].txt";"";"3/1/2010, 7:39:55 AM"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pro-market[2].txt";"";"3/1/2010, 7:39:55 AM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[2].txt";"";"3/1/2010, 7:39:55 AM"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\Evelyn\Cookies\evelyn@overture[2].txt";"";"3/1/2010, 7:39:55 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[2].txt";"";"3/1/2010, 7:39:54 AM"
"Warning";"Found Tracking cookie.Webtrends";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"3/1/2010, 7:39:54 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[1].txt";"";"3/1/2010, 7:39:53 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"3/1/2010, 7:39:52 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[2].txt";"";"3/1/2010, 7:39:52 AM"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\Evelyn\Cookies\evelyn@burstnet[2].txt";"";"3/1/2010, 7:39:52 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"3/1/2010, 7:39:52 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"3/1/2010, 7:39:51 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"3/1/2010, 7:39:51 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[2].txt";"";"3/1/2010, 7:39:51 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"3/1/2010, 7:39:51 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"3/1/2010, 7:39:50 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[1].txt";"";"2/18/2010, 12:08:54 PM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[2].txt";"";"2/18/2010, 12:08:54 PM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[1].txt";"";"2/18/2010, 12:08:54 PM"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"2/18/2010, 12:08:54 PM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"2/18/2010, 12:08:53 PM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[2].txt";"";"2/18/2010, 12:08:53 PM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"2/18/2010, 12:08:52 PM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"2/18/2010, 12:08:52 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"2/18/2010, 12:08:52 PM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"2/18/2010, 12:08:52 PM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"2/18/2010, 12:08:52 PM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\cookies.sqlite";"";"2/18/2010, 12:07:11 PM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[1].txt";"";"2/9/2010, 9:06:36 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"2/9/2010, 9:06:36 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"2/9/2010, 9:06:35 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"2/9/2010, 9:06:34 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\Evelyn\Cookies\evelyn@zedo[1].txt";"";"2/6/2010, 7:49:43 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[2].txt";"";"2/6/2010, 7:49:43 AM"
"Warning";"Found Tracking cookie.Ru4";"C:\Documents and Settings\Evelyn\Cookies\evelyn@ru4[2].txt";"";"2/6/2010, 7:49:42 AM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[2].txt";"";"2/6/2010, 7:49:42 AM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[1].txt";"";"2/6/2010, 7:49:42 AM"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\Evelyn\Cookies\evelyn@overture[2].txt";"";"2/6/2010, 7:49:41 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"2/6/2010, 7:49:41 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[2].txt";"";"2/6/2010, 7:49:41 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"2/6/2010, 7:49:41 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[2].txt";"";"2/6/2010, 7:49:40 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"2/6/2010, 7:49:40 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"2/6/2010, 7:49:40 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[2].txt";"";"2/6/2010, 7:49:40 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"2/6/2010, 7:49:38 AM"
"Infection";"Trojan horse Downloader.Generic9.AGOK";"C:\Documents and Settings\Evelyn\Local Settings\Temp\_Ys86sgJ.exe.part";"";"1/22/2010, 10:18:40 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\Evelyn\Cookies\evelyn@zedo[1].txt";"";"1/22/2010, 9:48:52 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[2].txt";"";"1/22/2010, 9:48:48 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[1].txt";"";"1/22/2010, 9:48:48 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"1/22/2010, 9:48:48 AM"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"1/22/2010, 9:48:47 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"1/22/2010, 9:48:46 AM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[2].txt";"";"1/22/2010, 9:48:45 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[2].txt";"";"1/22/2010, 9:48:45 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[2].txt";"";"1/22/2010, 9:48:45 AM"
"Warning";"Found Tracking cookie.Pro-market";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pro-market[2].txt";"";"1/22/2010, 9:48:45 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[2].txt";"";"1/22/2010, 9:48:44 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[2].txt";"";"1/22/2010, 9:48:40 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"1/22/2010, 9:48:40 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[1].txt";"";"1/22/2010, 9:48:38 AM"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\Evelyn\Cookies\evelyn@burstnet[2].txt";"";"1/22/2010, 9:48:37 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"1/22/2010, 9:48:37 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"1/22/2010, 9:48:37 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[1].txt";"";"1/22/2010, 9:48:37 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"1/22/2010, 9:48:36 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[1].txt";"";"1/22/2010, 9:48:34 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\Evelyn\Cookies\evelyn@zedo[2].txt";"";"1/5/2010, 7:43:35 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[2].txt";"";"1/5/2010, 7:43:33 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"1/5/2010, 7:43:33 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[1].txt";"";"1/5/2010, 7:43:33 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"1/5/2010, 7:43:32 AM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[1].txt";"";"1/5/2010, 7:43:32 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[2].txt";"";"1/5/2010, 7:43:32 AM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[1].txt";"";"1/5/2010, 7:43:31 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"1/5/2010, 7:43:30 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[1].txt";"";"1/5/2010, 7:43:29 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[2].txt";"";"1/5/2010, 7:43:28 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"1/5/2010, 7:43:27 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"1/5/2010, 7:43:27 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"1/5/2010, 7:43:27 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[1].txt";"";"1/5/2010, 7:43:27 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"1/5/2010, 7:43:27 AM"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@247realmedia[2].txt";"";"1/5/2010, 7:43:26 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"12/20/2009, 9:15:08 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"12/19/2009, 9:24:26 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[1].txt";"";"12/19/2009, 9:24:26 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[1].txt";"";"12/19/2009, 9:24:25 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"12/19/2009, 9:24:25 AM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[2].txt";"";"12/19/2009, 9:24:25 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[2].txt";"";"12/19/2009, 9:24:24 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[2].txt";"";"12/19/2009, 9:24:24 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[2].txt";"";"12/19/2009, 9:24:23 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"12/19/2009, 9:24:23 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"12/19/2009, 9:24:23 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"12/19/2009, 9:24:23 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"12/19/2009, 9:24:21 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"12/15/2009, 9:43:35 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[2].txt";"";"12/15/2009, 9:43:35 AM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[1].txt";"";"12/15/2009, 9:43:35 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[2].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[2].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"12/15/2009, 9:43:34 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"12/15/2009, 9:43:32 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[1].txt";"";"12/15/2009, 9:43:30 AM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[2].txt";"";"12/4/2009, 7:45:53 AM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[2].txt";"";"12/4/2009, 7:45:52 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"12/4/2009, 7:45:51 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"12/4/2009, 7:45:51 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"12/4/2009, 7:45:51 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"12/4/2009, 7:45:50 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[2].txt";"";"12/1/2009, 7:46:34 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[2].txt";"";"12/1/2009, 7:46:34 AM"
"Warning";"Found Tracking cookie.Real";"C:\Documents and Settings\Evelyn\Cookies\evelyn@real[2].txt";"";"12/1/2009, 7:46:33 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"12/1/2009, 7:46:33 AM"
"Warning";"Found Tracking cookie.Pointroll";"C:\Documents and Settings\Evelyn\Cookies\evelyn@pointroll[1].txt";"";"12/1/2009, 7:46:33 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"12/1/2009, 7:46:33 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[1].txt";"";"12/1/2009, 7:46:32 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[2].txt";"";"12/1/2009, 7:46:32 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"12/1/2009, 7:46:31 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"12/1/2009, 7:46:31 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"12/1/2009, 7:46:31 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"12/1/2009, 7:46:31 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"12/1/2009, 7:46:31 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"11/17/2009, 8:29:54 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"11/17/2009, 8:29:54 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"11/17/2009, 8:29:53 AM"
"Warning";"Found Tracking cookie.Webtrendslive";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"10/23/2009, 6:43:45 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"10/23/2009, 6:43:29 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\cookies.sqlite";"";"10/23/2009, 6:41:42 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[2].txt";"";"10/19/2009, 6:41:37 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\Evelyn\Cookies\evelyn@zedo[2].txt";"";"10/16/2009, 7:55:29 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[2].txt";"";"10/16/2009, 7:55:18 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"10/16/2009, 7:55:18 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[2].txt";"";"10/16/2009, 7:55:16 AM"
"Warning";"Found Tracking cookie.Webtrendslive";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"10/16/2009, 7:55:16 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[2].txt";"";"10/16/2009, 7:55:14 AM"
"Warning";"Found Tracking cookie.Information";"C:\Documents and Settings\Evelyn\Cookies\[email protected][2].txt";"";"10/16/2009, 7:55:14 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[2].txt";"";"10/16/2009, 7:55:12 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[2].txt";"";"10/16/2009, 7:55:12 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"10/16/2009, 7:55:11 AM"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"10/16/2009, 7:55:10 AM"
"Warning";"Found Tracking cookie.Overture";"C:\Documents and Settings\Evelyn\Cookies\evelyn@overture[2].txt";"";"10/16/2009, 7:55:09 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"10/16/2009, 7:55:07 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[2].txt";"";"10/16/2009, 7:55:01 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[2].txt";"";"10/16/2009, 7:54:58 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[1].txt";"";"10/16/2009, 7:54:56 AM"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\Evelyn\Cookies\evelyn@burstnet[1].txt";"";"10/16/2009, 7:54:55 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"10/16/2009, 7:54:55 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"10/16/2009, 7:54:54 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"10/16/2009, 7:54:52 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[2].txt";"";"10/16/2009, 7:54:51 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"10/16/2009, 7:54:51 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"10/16/2009, 7:54:51 AM"
"Warning";"Found Tracking cookie.247realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@247realmedia[1].txt";"";"10/16/2009, 7:54:50 AM"
"Warning";"Found Tracking cookie.Web-stat";"C:\Documents and Settings\Evelyn\Cookies\evelyn@web-stat[1].txt";"";"9/18/2009, 6:44:41 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[1].txt";"";"9/18/2009, 6:44:39 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[2].txt";"";"9/18/2009, 6:44:37 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"9/18/2009, 6:44:35 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"9/18/2009, 6:44:34 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[2].txt";"";"9/18/2009, 6:44:24 AM"
"Warning";"Found Tracking cookie.Clickbank";"C:\Documents and Settings\Evelyn\Cookies\evelyn@clickbank[1].txt";"";"9/18/2009, 6:44:22 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/18/2009, 6:44:21 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"9/18/2009, 6:44:20 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/18/2009, 6:44:17 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"9/18/2009, 6:44:16 AM"
"Warning";"Found Tracking cookie.Zedo";"C:\Documents and Settings\Evelyn\Cookies\evelyn@zedo[2].txt";"";"9/15/2009, 7:45:28 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[1].txt";"";"9/15/2009, 7:45:20 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"9/15/2009, 7:45:20 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"9/15/2009, 7:45:19 AM"
"Warning";"Found Tracking cookie.Webtrendslive";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/15/2009, 7:45:18 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\evelyn@serving-sys[1].txt";"";"9/15/2009, 7:45:17 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"9/15/2009, 7:45:16 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[1].txt";"";"9/15/2009, 7:45:15 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"9/15/2009, 7:45:15 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/15/2009, 7:45:12 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[2].txt";"";"9/15/2009, 7:45:11 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[1].txt";"";"9/15/2009, 7:45:06 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"9/15/2009, 7:45:04 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[2].txt";"";"9/15/2009, 7:45:01 AM"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\Evelyn\Cookies\evelyn@burstnet[2].txt";"";"9/15/2009, 7:45:01 AM"
"Warning";"Found Tracking cookie.Serving-sys";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/15/2009, 7:45:01 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"9/15/2009, 7:44:59 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"9/15/2009, 7:44:58 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/15/2009, 7:44:57 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"9/15/2009, 7:44:56 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"9/4/2009, 6:41:59 AM"
"Warning";"Found Tracking cookie.Tribalfusion";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tribalfusion[2].txt";"";"9/2/2009, 6:45:33 AM"
"Warning";"Found Tracking cookie.Trafficmp";"C:\Documents and Settings\Evelyn\Cookies\evelyn@trafficmp[2].txt";"";"9/2/2009, 6:45:33 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"9/2/2009, 6:45:32 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[2].txt";"";"9/2/2009, 6:45:30 AM"
"Warning";"Found Tracking cookie.Realmedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@realmedia[1].txt";"";"9/2/2009, 6:45:29 AM"
"Warning";"Found Tracking cookie.Questionmarket";"C:\Documents and Settings\Evelyn\Cookies\evelyn@questionmarket[1].txt";"";"9/2/2009, 6:45:29 AM"
"Warning";"Found Tracking cookie.Fastclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@fastclick[1].txt";"";"9/2/2009, 6:45:22 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[1].txt";"";"9/2/2009, 6:45:19 AM"
"Warning";"Found Tracking cookie.Burstnet";"C:\Documents and Settings\Evelyn\Cookies\evelyn@burstnet[2].txt";"";"9/2/2009, 6:45:19 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[1].txt";"";"9/2/2009, 6:45:17 AM"
"Warning";"Found Tracking cookie.Adbrite";"C:\Documents and Settings\Evelyn\Cookies\evelyn@adbrite[1].txt";"";"9/2/2009, 6:45:16 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"9/2/2009, 6:45:16 AM"
"Warning";"Found Tracking cookie.2o7";"C:\Documents and Settings\Evelyn\Cookies\evelyn@2o7[2].txt";"";"9/2/2009, 6:45:15 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Application Data\Mozilla\Firefox\Profiles\vu97i6ae.default\cookies.sqlite";"";"9/2/2009, 6:43:26 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[1].txt";"";"9/1/2009, 6:42:52 AM"
"Warning";"Found Tracking cookie.Casalemedia";"C:\Documents and Settings\Evelyn\Cookies\evelyn@casalemedia[2].txt";"";"9/1/2009, 6:42:40 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"9/1/2009, 6:42:38 AM"
"Warning";"Found Tracking cookie.Web-stat";"C:\Documents and Settings\Evelyn\Cookies\evelyn@web-stat[2].txt";"";"8/31/2009, 6:42:20 AM"
"Warning";"Found Tracking cookie.Tacoda";"C:\Documents and Settings\Evelyn\Cookies\evelyn@tacoda[2].txt";"";"8/31/2009, 6:42:18 AM"
"Warning";"Found Tracking cookie.Revsci";"C:\Documents and Settings\Evelyn\Cookies\evelyn@revsci[1].txt";"";"8/31/2009, 6:42:15 AM"
"Warning";"Found Tracking cookie.Mediaplex";"C:\Documents and Settings\Evelyn\Cookies\evelyn@mediaplex[1].txt";"";"8/31/2009, 6:42:13 AM"
"Warning";"Found Tracking cookie.Doubleclick";"C:\Documents and Settings\Evelyn\Cookies\evelyn@doubleclick[1].txt";"";"8/31/2009, 6:42:09 AM"
"Warning";"Found Tracking cookie.Atdmt";"C:\Documents and Settings\Evelyn\Cookies\evelyn@atdmt[1].txt";"";"8/31/2009, 6:42:06 AM"
"Warning";"Found Tracking cookie.Advertising";"C:\Documents and Settings\Evelyn\Cookies\evelyn@advertising[2].txt";"";"8/31/2009, 6:42:05 AM"
"Warning";"Found Tracking cookie.Yieldmanager";"C:\Documents and Settings\Evelyn\Cookies\[email protected][1].txt";"";"8/31/20

guestolo · « **Reply #8 on:** April 25, 2011, 12:50:40 PM »

Most of what was found by AVG is harmless where found
Can we do the following:
If you didn't purposely install McAfee Security Scan, as it may of been installed updating software
Access your Add and REmove Programs and uninstall it

Double click on OTL.exe and Run it

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
Quote
:OTL
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition: Open your copy of Malwarebytes AntiMalware
Click on the Update tab, Check for updates, KEEP checking for updates till you have them all
When done, click on the Scanner tab and run a Quick Scan
Remove anything found, post the log afterwards

NOTE: I see you are still using AVG 8.5, although it is still supported, it's end of life will be soon
Are you planning on updating to AVG 2011?

mickapoo · « **Reply #9 on:** May 04, 2011, 01:20:02 PM »

Yes, I will update AVG, or do you recommend another antivirus product that is better?

Here is the OTL log:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Evelyn
->Temp folder emptied: 2414347 bytes
->Temporary Internet Files folder emptied: 135709244 bytes
->Java cache emptied: 1856692 bytes
->FireFox cache emptied: 89522660 bytes
->Flash cache emptied: 167340 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sue

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 56532 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4227279295 bytes

Total Files Cleaned = 4,251.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Evelyn
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Sue

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05042011_133304

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_3da0.dat not found!

Registry entries deleted on Reboot...

Thank you again, Malwarebytes antimalware scan came up clean!

mickapoo · « **Reply #10 on:** May 06, 2011, 05:58:52 PM »

I installed AVG 2011, and it slowed down my computer so much I had to remove it. What alternate antivirus program would you recommend, one that might use less resources?

Thank you!

guestolo · « **Reply #11 on:** May 08, 2011, 10:20:43 AM »

Closed, continued Here

TheTechGuide Forum

News:

Author Topic: 6 Trojans found by AVG (Read 1164 times)

mickapoo

6 Trojans found by AVG

mickapoo

6 Trojans found by AVG

guestolo

6 Trojans found by AVG

mickapoo

6 Trojans found by AVG

guestolo

6 Trojans found by AVG

mickapoo

6 Trojans found by AVG

guestolo

6 Trojans found by AVG

mickapoo

6 Trojans found by AVG

guestolo

6 Trojans found by AVG

mickapoo

6 Trojans found by AVG

mickapoo

6 Trojans found by AVG

guestolo

6 Trojans found by AVG