Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seeking help with malware removal please


  • This topic is locked This topic is locked
23 replies to this topic

#1 Lillithanne

Lillithanne

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 16 November 2009 - 01:53 AM

Hello!

I just recently went through malware removal with the wonderful Farbar! Unfortunately, it looks like I have picked up another problem and I am again seeking your help.

This malware is manipulating every item in my system configureation utility start up registry to enabled (on startup). This causes obvious problems and most are items I don't want enabled.


Here is something I've noticed in the start up registry that seems out of place. It reads as follows:

Startup Item Command

56979036 C:\DOCUME~1\ALLUSE~1\APPLIC~1\56979036\56979036.exe


Whatever this malware is, it's not showing up on any scans that I've done with Spyboy S&D or Malwarebytes.

Thank you very much and I look forward to your assistance.

Sincerely
Lillithanne

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 16 November 2009 - 12:00 PM

Hi Lillithanne,

It was quick. :(
  • Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

[*]Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Disconnect from the Internet and close all running programs.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Make sure the following are unchecked:
    • Sections
    • IAT/EAT
    • Drives/Partition other than C:\ drive (C:\ drive should remain checked)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to begin. (Please be patient as it can take some time to complete).
  • When the scan is finished, you will see the scan button appears again. Click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
[/list]

#3 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 16 November 2009 - 08:49 PM

Hello there!!

I'm so glad it's you! : )

Thank you for responding. Can you believe I've picked up something again so quickly!!!

Getting ready to follow your directives now and I'll be in touch asap.

Big hugs and thank you Farbar! : )

#4 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 16 November 2009 - 09:51 PM

Hello again...

It looks like my last response didn't post. :(

It contained the the two logs from the OTL scan and a question about the GMER scan. I just tried to do another OTL scan...as I foolishly didn't save the original logs from the OTL scan.... and it's only giving me one log now instead of the two it gave me before : (

I will post that log file for you here.

My question about the GMER scan is should "show all" be checked or unchecked? I will send the results of the GMER scan as soon as I hear back from you.

Thank you!



OTL logfile created on: 11/16/2009 8:32:25 PM - Run 4
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Phyllis\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.55% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 31.48 Gb Free Space | 13.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHYLLIS-AC9A2C3
Current User Name: Phyllis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/16 19:49:18 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phyllis\My Documents\Downloads\OTL.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/28 07:13:37 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/28 07:13:29 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
PRC - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2003/11/12 03:48:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2009/11/16 19:49:18 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Phyllis\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 18:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 18:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (NMIndexingService)
SRV - [2009/10/04 17:39:52 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/28 18:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/28 07:13:29 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/26 01:04:53 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/06 14:48:07 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/12/05 00:41:00 | 00,155,716 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/05/16 22:13:08 | 00,602,112 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/03/20 15:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/02/20 14:11:28 | 00,815,104 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2007/01/02 21:46:54 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/12/14 17:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/12/10 22:29:24 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched)
SRV - [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/02/09 11:59:00 | 00,014,165 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)
SRV - [2003/11/12 03:48:20 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2009/08/28 07:13:37 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/28 07:13:37 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/05/09 00:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/13 12:45:34 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/20 19:11:29 | 00,015,890 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X)
DRV - [2008/01/08 13:41:14 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2008/01/04 15:58:46 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/05 00:41:00 | 07,435,392 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/28 16:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2007/04/16 20:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/23 09:11:38 | 00,441,472 | ---- | M] (Pinnacle Systems) -- C:\WINDOWS\system32\drivers\MarvinUsb.sys -- (PinnacleMarvinUsb)
DRV - [2007/01/04 09:07:00 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006/09/11 05:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 05:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/08 10:29:54 | 00,304,640 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(ZyDAS)
DRV - [2006/08/21 04:24:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/15 14:18:10 | 00,177,152 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2006/06/30 02:51:21 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2006/05/02 16:12:06 | 00,229,376 | R--- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/04/27 05:42:40 | 00,093,824 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 17:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/19 23:10:50 | 00,363,008 | R--- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2004/10/25 13:40:58 | 00,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2004/08/12 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/10 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/02/04 09:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2003/07/24 12:10:34 | 00,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1)
DRV - [2001/08/17 12:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\S-1-5-21-1202660629-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-688789844-839522115-1003\S-1-5-21-1202660629-688789844-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.424
FF - prefs.js..extensions.enabledItems: avg@igeared:2.507.024.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/29 17:55:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 08:06:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/11/09 13:08:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 01:57:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/08 22:34:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/21 14:50:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/25 14:20:12 | 00,000,000 | ---D | M]

[2009/03/14 18:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phyllis\Application Data\Mozilla\Extensions
[2008/09/06 17:47:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phyllis\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/14 18:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phyllis\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/09 13:02:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phyllis\Application Data\Mozilla\Firefox\Profiles\r1qcsszw.default\extensions
[2009/09/05 01:36:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phyllis\Application Data\Mozilla\Firefox\Profiles\r1qcsszw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/01/15 12:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Phyllis\Application Data\Mozilla\Firefox\Profiles\r1qcsszw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/11/09 12:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/04/07 14:22:19 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/12/13 17:48:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/07/14 18:13:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/24 08:41:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/04/07 14:22:15 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/04/07 14:22:15 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/11/26 01:04:58 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
[2008/03/19 18:23:20 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2008/02/28 11:11:00 | 00,470,016 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npagent.dll
[2008/01/23 00:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/04/07 14:22:17 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/10/14 20:33:29 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/10/13 12:00:00 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/10/09 10:42:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/10/09 10:42:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/10/09 10:42:17 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/10/09 10:42:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/10/09 10:42:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/10/09 10:42:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/10/09 10:42:18 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/10/13 12:00:00 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/03/21 22:35:12 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/03/21 22:35:12 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/28 00:31:27 | 00,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/03/21 22:35:12 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/03/21 22:35:12 | 00,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/03/21 22:35:12 | 00,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/03/21 22:35:12 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/03/21 22:35:12 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (348146 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11962 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (mail.com) - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Program Files\mail.com\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (mail.com) - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Program Files\mail.com\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\..\Toolbar\WebBrowser: (mail.com) - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\Program Files\mail.com\Toolbar\Toolbar.dll (Velocity Services, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1202660629-688789844-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1202660629-688789844-839522115-1003\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1199822827078 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} https://ssl.jpclerkofcourt.us/JeffNetServic...ileProInet2.CAB (FileProInet2.ImageView)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Phyllis/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/14 11:26:34 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/09 03:05:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\Audible
[2009/11/09 02:04:35 | 00,255,352 | ---- | C] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2009/11/09 02:04:31 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2009/11/09 02:04:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Audible
[2009/11/09 02:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Audible
[2009/11/09 02:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\Audible
[2009/11/07 17:17:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Desktop\clipboard captures
[2009/10/31 01:58:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Desktop\pics
[2009/10/29 19:58:11 | 00,000,000 | ---D | C] -- C:\Program Files\Frank Carr
[2009/10/28 14:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\PRODUCTION ASSISTANT - IMAGINATION MOVERS (HARAHA LA)_files
[2009/10/28 14:28:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\P kar
[2009/10/28 14:28:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\OWLCTY[www.mp3boo.com]
[2009/10/28 14:28:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Music downloades
[2009/10/28 14:28:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Michael_Buble_-_Its_Time[www.mp3boo.com]
[2009/10/28 14:27:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\MCBRPL[www.mp3boo.com]
[2009/10/28 14:27:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\MBWRCTY[www.mp3boo.com]
[2009/10/28 14:27:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\MBMB[www.mp3boo.com]
[2009/10/28 14:27:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\LTTB[www.mp3boo.com]
[2009/10/28 14:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\LNKPRK_-_Meteora[www.mp3boo.com]
[2009/10/28 14:27:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\LNKPRK[www.mp3boo.com]
[2009/10/28 14:27:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Linkin_Park_-_Reanimation[www.mp3boo.com]
[2009/10/28 14:27:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\KiD_CuDi-Man_On_The_Moon_The_End[www.mp3boo.com]
[2009/10/28 14:27:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\jfcarr - Jay's wizard for blog purchase invoice pay pal Thank you for your payment - PayPal_files
[2009/10/28 14:27:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Jesse
[2009/10/28 14:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\HELP[www.mp3boo.com]
[2009/10/28 14:27:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\GroupCalendar_4.2.1
[2009/10/28 14:27:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\FRSALE[www.mp3boo.com]
[2009/10/28 14:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Dark_Side_Of_The_Moon[www.mp3boo.com]
[2009/10/28 14:27:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\CamStudio.2.5.b1.bin
[2009/10/28 14:27:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Call-center firms offer legitimate work-at-home opportunities - MarketWatch_files
[2009/10/28 14:27:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\BRKNGB[mp3boo]
[2009/10/28 14:27:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Breaking_Benjamin_-_We_re_Not_Alone_Here[mp3boo.com]
[2009/10/28 14:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\BLCKTEPST[www.mp3boo.com]
[2009/10/28 14:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\beadchain
[2009/10/28 14:26:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\BBD[www.mp3boo.com]
[2009/10/28 14:26:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\AVGSLV[mp3boo]
[2009/10/28 14:26:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\AVGNAVGN[mp3boo]
[2009/10/28 14:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Autopilot__Off__-__Make__A__Sound[www.mp3boo.com]
[2009/10/28 14:26:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\att payment 4.24.09_files
[2009/10/28 14:26:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\ATLPRTYSCN[mp3boo]
[2009/10/28 14:26:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Anberlin-New_Surrender-mp3boo
[2009/10/28 14:26:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Anberlin-New_Surrender-mp3boo (1)
[2009/10/28 14:26:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Anberlin-Never_Take_Friendship_Personal
[2009/10/28 14:26:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Anberlin-Cities[www.mp3boo]
[2009/10/28 14:26:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\All+Time+Low+-+Put+Up+Or+Shut+Up+[EP]
[2009/10/28 14:26:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\All_Time_Low_-_So_Wrong_Its_Right[mp3boo]
[2009/10/28 14:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\AARMA[mp3boo]
[2009/10/24 06:50:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\Opera
[2009/10/24 06:32:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Desktop\iTunes
[2009/10/23 22:16:55 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/10/23 14:19:48 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Phyllis\Desktop\Anti virus and firewall software programs
[2009/10/23 14:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Application Data\Comodo
[2009/10/23 14:06:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/23 14:06:03 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/10/23 13:05:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\My Documents\Bleeping computer log for help removing malware_files
[2009/10/23 12:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Desktop\ChaLEAN
[2009/10/22 19:08:17 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/10/22 03:12:09 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/22 03:09:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/21 15:03:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Application Data\avidemux
[2009/10/21 15:03:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\.thumb
[2009/10/21 14:53:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Application Data\Media Player Classic
[2009/10/21 14:50:11 | 00,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/10/21 14:50:11 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/10/21 14:50:10 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/10/21 14:50:08 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/10/21 14:38:27 | 00,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2009/10/21 13:43:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/10/19 17:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/10/19 17:30:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Phyllis\Application Data\uTorrent
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Phyllis\My Documents\*.tmp files -> C:\Documents and Settings\Phyllis\My Documents\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/16 19:52:36 | 00,000,894 | ---- | M] () -- C:\Documents and Settings\Phyllis\Desktop\Shortcut to OTL.exe.lnk
[2009/11/16 19:49:00 | 00,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-688789844-839522115-1003UA.job
[2009/11/16 18:49:48 | 00,002,300 | ---- | M] () -- C:\Documents and Settings\Phyllis\Desktop\Google Chrome.lnk
[2009/11/16 18:49:00 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-688789844-839522115-1003Core.job
[2009/11/16 08:03:16 | 45,199,437 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/16 08:03:16 | 00,093,257 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/16 07:55:25 | 00,555,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/16 07:55:25 | 00,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/16 07:55:25 | 00,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/16 07:50:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/16 07:50:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/16 01:30:21 | 13,631,488 | ---- | M] () -- C:\Documents and Settings\Phyllis\ntuser.dat
[2009/11/16 01:30:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Phyllis\ntuser.ini
[2009/11/15 13:13:57 | 00,000,617 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/15 13:13:57 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/11/15 13:13:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/14 08:29:59 | 00,075,018 | ---- | M] () -- C:\Documents and Settings\Phyllis\Desktop\Keywords related to term.docx
[2009/11/13 14:10:36 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/13 11:34:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/13 01:21:09 | 00,014,399 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Mail.com account info.docx
[2009/11/11 09:08:31 | 01,610,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 02:25:21 | 00,025,375 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\John Carlton notes.docx
[2009/11/09 02:04:42 | 00,001,606 | ---- | M] () -- C:\Documents and Settings\Phyllis\Desktop\Audible Manager.lnk
[2009/11/09 02:04:35 | 00,255,352 | ---- | M] (Audible, Inc.) -- C:\WINDOWS\System32\awrdscdc.ax
[2009/11/05 11:36:21 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/05 00:24:35 | 14,112,459 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Tony Robbins DM to me on twitter.CLP
[2009/11/04 22:27:33 | 00,462,848 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Database1.accdb
[2009/11/04 10:58:01 | 00,026,363 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\SAT terms & conditions.docx
[2009/11/04 10:57:49 | 00,026,351 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\s.docx
[2009/11/04 02:55:26 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 14:50:51 | 01,019,904 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Jay's keyword information.accdb
[2009/11/01 23:41:09 | 00,011,803 | ---- | M] () -- C:\Documents and Settings\Phyllis\Desktop\Stop beating yourself up for all the woulda.docx
[2009/11/01 16:18:38 | 00,007,865 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Save a lot prices.xlsx
[2009/10/31 13:09:59 | 00,348,146 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/10/29 13:56:26 | 00,018,140 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\entergy payment October 09.docx
[2009/10/28 14:55:54 | 01,609,728 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Possible Money Words.accdb
[2009/10/28 12:38:40 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/27 20:28:13 | 00,011,212 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Your payment has been confirmed macy revolving acct.docx
[2009/10/27 09:30:53 | 00,011,302 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Reading suggestions by tim ferriss.docx
[2009/10/24 04:52:21 | 00,000,646 | ---- | M] () -- C:\Documents and Settings\Phyllis\Desktop\TweetDeck.lnk
[2009/10/23 22:16:56 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/10/23 18:14:53 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/23 18:09:18 | 00,086,016 | ---- | M] () -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/23 17:24:43 | 00,346,444 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091031-140959.backup
[2009/10/23 17:24:23 | 00,346,444 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091023-182443.backup
[2009/10/23 17:04:44 | 00,133,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/23 13:36:11 | 00,017,364 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Help with malware info from farbar.docx
[2009/10/23 13:05:59 | 00,345,262 | ---- | M] () -- C:\Documents and Settings\Phyllis\My Documents\Bleeping computer log for help removing malware.htm
[2009/10/22 12:31:48 | 00,000,017 | ---- | M] () -- C:\WINDOWS\MovingPicture.ini
[2009/10/22 12:31:13 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/10/22 03:21:43 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091023-182423.backup
[2009/10/22 03:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 03:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/10/21 14:50:13 | 00,000,938 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/10/21 11:34:31 | 00,000,209 | ---- | M] () -- C:\Boot.bak
[2009/10/20 00:34:49 | 00,099,672 | ---- | M] () -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Phyllis\My Documents\*.tmp files -> C:\Documents and Settings\Phyllis\My Documents\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/16 19:52:36 | 00,000,894 | ---- | C] () -- C:\Documents and Settings\Phyllis\Desktop\Shortcut to OTL.exe.lnk
[2009/11/14 08:29:58 | 00,075,018 | ---- | C] () -- C:\Documents and Settings\Phyllis\Desktop\Keywords related to term.docx
[2009/11/09 17:09:33 | 00,025,375 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\John Carlton notes.docx
[2009/11/09 02:04:42 | 00,001,606 | ---- | C] () -- C:\Documents and Settings\Phyllis\Desktop\Audible Manager.lnk
[2009/11/05 19:53:56 | 13,631,488 | ---- | C] () -- C:\Documents and Settings\Phyllis\ntuser.dat
[2009/11/05 00:24:35 | 14,112,459 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tony Robbins DM to me on twitter.CLP
[2009/11/04 10:58:01 | 00,026,363 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\SAT terms & conditions.docx
[2009/11/04 10:57:48 | 00,026,351 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\s.docx
[2009/11/02 14:38:10 | 01,019,904 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jay's keyword information.accdb
[2009/11/01 23:41:09 | 00,011,803 | ---- | C] () -- C:\Documents and Settings\Phyllis\Desktop\Stop beating yourself up for all the woulda.docx
[2009/11/01 16:18:38 | 00,007,865 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Save a lot prices.xlsx
[2009/10/29 13:56:26 | 00,018,140 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\entergy payment October 09.docx
[2009/10/28 14:54:58 | 00,012,959 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Zan Mage spec.docx
[2009/10/28 14:54:57 | 03,146,476 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Vtech Dect 6.0 phone ls6125-3_manual_I12.pdf
[2009/10/28 14:54:57 | 00,439,051 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Witch salem.docx
[2009/10/28 14:54:57 | 00,030,972 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Timothy Ferriss reallicensing.pdf
[2009/10/28 14:54:57 | 00,027,784 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss why-classes-dont-work.pdf
[2009/10/28 14:54:57 | 00,021,975 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss the-art-of-wrapping your tongue around any language.pdf
[2009/10/28 14:54:57 | 00,021,755 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss restrictedreading.pdf
[2009/10/28 14:54:57 | 00,020,963 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss reactivating-forgotten-lang.pdf
[2009/10/28 14:54:57 | 00,020,284 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Yahoo account details.docx
[2009/10/28 14:54:57 | 00,018,481 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Understanding business development.docx
[2009/10/28 14:54:57 | 00,017,381 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Yoli Domain registration info.docx
[2009/10/28 14:54:57 | 00,016,818 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\yoli review post blog 1.docx
[2009/10/28 14:54:57 | 00,015,721 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Your Mafia of 501 fought against.docx
[2009/10/28 14:54:57 | 00,014,879 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Your curt response which took so long in coming doesn.docx
[2009/10/28 14:54:57 | 00,014,006 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Yoli Webinar Link for saturday Aug 1, 2009.docx
[2009/10/28 14:54:57 | 00,013,368 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Warning!!!.docx
[2009/10/28 14:54:57 | 00,013,004 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Yoli Review Blog Redo.docx
[2009/10/28 14:54:57 | 00,012,770 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Yoli Review Info.docx
[2009/10/28 14:54:57 | 00,012,477 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\What is acne.docx
[2009/10/28 14:54:57 | 00,012,399 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\What's the best way to get rid of acne.docx
[2009/10/28 14:54:57 | 00,011,892 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\With the economy in the tank like it is today investors are rediscovering thx lien certificates.docx
[2009/10/28 14:54:57 | 00,011,847 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Today Acne is a condition that affects all segments of American society.docx
[2009/10/28 14:54:57 | 00,011,631 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\To Be Done.docx
[2009/10/28 14:54:57 | 00,011,428 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Ways to get rid of acne and get clear skin.docx
[2009/10/28 14:54:57 | 00,010,894 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Xbox Customer Support Service Request ID 12.15.08.docx
[2009/10/28 14:54:57 | 00,010,522 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\TS target macro.docx
[2009/10/28 14:54:57 | 00,010,042 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\wep august 12 08.docx
[2009/10/28 14:54:57 | 00,009,881 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Twitter marketing secrets.docx
[2009/10/28 14:54:56 | 01,295,064 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Suze Orman's book.pdf
[2009/10/28 14:54:56 | 00,721,741 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\spanish poject booklet.docx
[2009/10/28 14:54:56 | 00,331,269 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\TALES OF VESPERIA walk through.docx
[2009/10/28 14:54:56 | 00,036,019 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\TheaterArtsOpt degree uno08.pdf
[2009/10/28 14:54:56 | 00,033,670 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Spanish Menu.docx
[2009/10/28 14:54:56 | 00,030,276 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss 3 weeks how-to-learn-lang-A.pdf
[2009/10/28 14:54:56 | 00,025,516 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss jedimindtricks.pdf
[2009/10/28 14:54:56 | 00,024,957 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss licensing.pdf
[2009/10/28 14:54:56 | 00,021,938 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss Ch 14 TOOLS & TRICKS BY CHAPTER.docx
[2009/10/28 14:54:56 | 00,021,216 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss musemath.pdf
[2009/10/28 14:54:56 | 00,019,985 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferris Tools and tricks Ch 9.docx
[2009/10/28 14:54:56 | 00,019,534 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\The View - finding a job tips.docx
[2009/10/28 14:54:56 | 00,016,422 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferris Ch 11 TOOLS & TRICKS BY CHAPTER.docx
[2009/10/28 14:54:56 | 00,015,731 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss Ch 10 TOOLS Testing the muse.docx
[2009/10/28 14:54:56 | 00,015,364 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Steak and Eggs Korean StyleBon Appétit.docx
[2009/10/28 14:54:56 | 00,012,829 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\The secret is there is no secret post.docx
[2009/10/28 14:54:56 | 00,012,434 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tim Ferriss Ch 13 TOOLS & TRICKS BY CHAPTER.docx
[2009/10/28 14:54:56 | 00,010,838 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tax sales and investing by me.docx
[2009/10/28 14:54:56 | 00,010,809 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Tennessee williams.docx
[2009/10/28 14:54:56 | 00,010,741 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\suggested reading scott lord.docx
[2009/10/28 14:54:55 | 01,609,728 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Possible Money Words.accdb
[2009/10/28 14:54:55 | 00,094,064 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Pork Neckbones and rice.docx
[2009/10/28 14:54:55 | 00,070,511 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\ryder truck Reservation Confirmation w- coupon for Saturday Sept 19, 2009.docx
[2009/10/28 14:54:55 | 00,028,319 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\PRODUCTION ASSISTANT - IMAGINATION MOVERS (HARAHA LA).htm
[2009/10/28 14:54:55 | 00,026,275 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Set list 1.docx
[2009/10/28 14:54:55 | 00,022,133 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\SAved mass e-mails from facebook groups.docx
[2009/10/28 14:54:55 | 00,019,147 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Pizza dough with honey.docx
[2009/10/28 14:54:55 | 00,018,992 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Resume cover Phyllis Karmazin.docx
[2009/10/28 14:54:55 | 00,018,232 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Resume letter head for Phyllis.docx
[2009/10/28 14:54:55 | 00,018,225 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Possible rob targets for Mafia Wars.docx
[2009/10/28 14:54:55 | 00,015,873 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Resume.cover1.docx
[2009/10/28 14:54:55 | 00,014,507 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\seeking Top-Notched Business Development Assistant Regional Liaison (New Orleans).docx
[2009/10/28 14:54:55 | 00,013,551 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Spanish.docx
[2009/10/28 14:54:55 | 00,013,439 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Spanish george jesse project.docx
[2009/10/28 14:54:55 | 00,013,021 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Shield.docx
[2009/10/28 14:54:55 | 00,012,954 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Privacy Policy for Yoli Review.docx
[2009/10/28 14:54:55 | 00,012,752 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Potential Niche Markets.docx
[2009/10/28 14:54:55 | 00,012,362 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Production assistant to director job letter.docx
[2009/10/28 14:54:55 | 00,012,175 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Run around mess around ( song lyric).docx
[2009/10/28 14:54:55 | 00,011,957 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Read for marketing.docx
[2009/10/28 14:54:55 | 00,011,475 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Road Home Appeals Office Letter.docx
[2009/10/28 14:54:55 | 00,011,319 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Product Creation The New Way for E-marketing.docx
[2009/10/28 14:54:55 | 00,011,171 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Road Home STATE APPEAL Copy.docx
[2009/10/28 14:54:55 | 00,011,145 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Road Home Info.docx
[2009/10/28 14:54:55 | 00,011,122 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\RAiding thread for TS.docx
[2009/10/28 14:54:55 | 00,011,041 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Resetting pw on playstation 2.docx
[2009/10/28 14:54:55 | 00,010,966 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\random thoughts from me.docx
[2009/10/28 14:54:55 | 00,010,965 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\rummel raffle note.docx
[2009/10/28 14:54:55 | 00,010,711 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\quaterback1.docx
[2009/10/28 14:54:55 | 00,010,673 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\SCIENCE OF SUCCESS QUOTES.docx
[2009/10/28 14:54:55 | 00,010,381 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Please excuse Jesse Karmazin from being absent Thursday note for school.docx
[2009/10/28 14:54:55 | 00,010,214 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\sony all in one codes for dvd.docx
[2009/10/28 14:54:55 | 00,010,137 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\pp info.docx
[2009/10/28 14:54:55 | 00,009,879 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Possible money words.docx
[2009/10/28 14:54:54 | 02,844,004 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\O_holidayhits_CDcover.pdf
[2009/10/28 14:54:54 | 01,195,484 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\pictures of back wall.docx
[2009/10/28 14:54:54 | 00,547,825 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\O_holidayhits_CDlabel.pdf
[2009/10/28 14:54:54 | 00,434,176 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis E mail list.accdb
[2009/10/28 14:54:54 | 00,100,352 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\p90xfoodplan.xls
[2009/10/28 14:54:54 | 00,091,136 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\p90x-nutrition-plan-ph-i-fat-shredder.doc
[2009/10/28 14:54:54 | 00,030,516 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin Resume.docx
[2009/10/28 14:54:54 | 00,022,819 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin.res.rest.docx
[2009/10/28 14:54:54 | 00,022,245 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin Resume.L.docx
[2009/10/28 14:54:54 | 00,022,131 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin Resume.lx.docx
[2009/10/28 14:54:54 | 00,022,109 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin Resume.A.docx
[2009/10/28 14:54:54 | 00,021,718 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis.Karmazin.res..docx
[2009/10/28 14:54:54 | 00,021,712 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis.Karmazin.resume.docx
[2009/10/28 14:54:54 | 00,021,120 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\P.Kar.res.docx
[2009/10/28 14:54:54 | 00,020,826 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin 2009 new working resume.docx
[2009/10/28 14:54:54 | 00,020,709 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin.res.docx
[2009/10/28 14:54:54 | 00,016,062 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Persuasiv Essay #1.docx
[2009/10/28 14:54:54 | 00,013,444 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin 2008 new resume.docx
[2009/10/28 14:54:54 | 00,013,037 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyllis Karmazin 2009 update resume.docx
[2009/10/28 14:54:54 | 00,012,957 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\original letter to GCS.docx
[2009/10/28 14:54:54 | 00,012,890 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Oster Blender replacement order confirmation Mar Beck.docx
[2009/10/28 14:54:54 | 00,011,588 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Operations Associate craigs list job.docx
[2009/10/28 14:54:54 | 00,011,345 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Parr Inspections training info.docx
[2009/10/28 14:54:54 | 00,010,727 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\owens & Minor.docx
[2009/10/28 14:54:54 | 00,010,339 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Patti Arroyo phone numbers.docx
[2009/10/28 14:54:54 | 00,010,195 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Phyl's computer components.docx
[2009/10/28 14:54:54 | 00,010,037 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\people who've hit me on Mafia wars.docx
[2009/10/28 14:54:53 | 00,432,600 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\niche-hunting tips and ideas from wealthy affiliate.pdf
[2009/10/28 14:54:53 | 00,092,944 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\notes from scott.docx
[2009/10/28 14:54:53 | 00,017,734 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Nike Casting Consent form.docx
[2009/10/28 14:54:53 | 00,013,512 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\note to scott lord.docx
[2009/10/28 14:54:53 | 00,012,137 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\No Doc Heloc.docx
[2009/10/28 14:54:53 | 00,010,860 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\note to mrs. mert.docx
[2009/10/28 14:54:52 | 00,020,500 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\New REsume Template in progress.docx
[2009/10/28 14:54:52 | 00,017,352 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\New in progress resume tweaks.docx
[2009/10/28 14:54:52 | 00,014,710 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\more random thoughts from me.docx
[2009/10/28 14:54:52 | 00,014,399 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Mail.com account info.docx
[2009/10/28 14:54:52 | 00,013,312 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\misc celebration distillation edits.docx
[2009/10/28 14:54:52 | 00,012,361 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Milia.docx
[2009/10/28 14:54:52 | 00,012,336 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Mrs fields blue ribbon cookies.docx
[2009/10/28 14:54:52 | 00,011,483 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\New Orleans Hotel Affiliate Program links.docx
[2009/10/28 14:54:52 | 00,011,311 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Mortgage Loan blog for Jay.docx
[2009/10/28 14:54:52 | 00,011,170 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Money from home.docx
[2009/10/28 14:54:52 | 00,010,279 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Missel defence agency link for Jess's paper.docx
[2009/10/28 14:54:52 | 00,010,198 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\my link for face book.docx
[2009/10/28 14:54:52 | 00,010,174 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\mage macro text.docx
[2009/10/28 14:54:52 | 00,010,034 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Niche marketing product creation secrets.docx
[2009/10/28 14:54:52 | 00,009,938 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\New Fax Number.docx
[2009/10/28 14:54:51 | 14,112,459 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Local business marketing potentiial numbers screen scho.CLP
[2009/10/28 14:54:51 | 00,607,392 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\louisiana workforce comission B&CSC_Contacts.pdf
[2009/10/28 14:54:51 | 00,015,253 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Logfile of Trend Micro HijackThis v2.doc 1.docx
[2009/10/28 14:54:51 | 00,014,843 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Local business online marketing The Conversation.docx
[2009/10/28 14:54:51 | 00,014,166 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Letter to Shannon Fong.docx
[2009/10/28 14:54:51 | 00,012,882 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Low Carb Whole grain bread recipe.docx
[2009/10/28 14:54:51 | 00,012,639 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Letter to TS.docx
[2009/10/28 14:54:51 | 00,012,597 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Letter to Mr. Moran HIP.docx
[2009/10/28 14:54:51 | 00,011,328 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\live in assistant position.docx
[2009/10/28 14:54:51 | 00,011,090 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\macys revolving acct Sept payment.docx
[2009/10/28 14:54:51 | 00,010,739 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\letter to Jesse.docx
[2009/10/28 14:54:51 | 00,010,686 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Leslie Jones.docx
[2009/10/28 14:54:51 | 00,010,301 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Live laugh love graphic - typed.docx
[2009/10/28 14:54:51 | 00,010,066 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Level 2000 for hitting.docx
[2009/10/28 14:54:51 | 00,010,016 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Len pw.docx
[2009/10/28 14:54:51 | 00,009,908 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Library Card Number.docx
[2009/10/28 14:54:51 | 00,008,519 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\learning excel work book.xlsx
[2009/10/28 14:54:50 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\lasagne-verdi1.doc
[2009/10/28 14:54:50 | 00,025,146 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse's Book order for school Aug 2009.docx
[2009/10/28 14:54:50 | 00,013,182 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Job Fair.docx
[2009/10/28 14:54:50 | 00,012,936 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse Karmazin.docx
[2009/10/28 14:54:50 | 00,012,884 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\John Jonas 4 steps.docx
[2009/10/28 14:54:50 | 00,012,519 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\john reese.docx
[2009/10/28 14:54:50 | 00,012,177 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse Karmazin spanish.docx
[2009/10/28 14:54:50 | 00,011,699 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\knighthood info links.docx
[2009/10/28 14:54:50 | 00,011,615 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse's Chore List.docx
[2009/10/28 14:54:50 | 00,011,242 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Join me in Mafia wars.docx
[2009/10/28 14:54:50 | 00,011,137 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\JOB Susta.docx
[2009/10/28 14:54:50 | 00,010,384 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse's sick note sept 09.docx
[2009/10/28 14:54:50 | 00,010,238 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jumbo Mortgages every time I hear this phrase.docx
[2009/10/28 14:54:50 | 00,010,216 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse's 16 Birthday Menu.docx
[2009/10/28 14:54:50 | 00,010,010 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\J's wow pswd.docx
[2009/10/28 14:54:49 | 07,835,719 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Formula 5 business builders.pdf
[2009/10/28 14:54:49 | 00,038,746 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\FilmArtsOption uno degree 08.pdf
[2009/10/28 14:54:49 | 00,026,310 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Health Club Shooting Suspect blog.docx
[2009/10/28 14:54:49 | 00,024,899 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\FYI for Jay's work.docx
[2009/10/28 14:54:49 | 00,022,889 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\home phone bill Oct 09.docx
[2009/10/28 14:54:49 | 00,021,582 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\FDR Outline 1.pdf
[2009/10/28 14:54:49 | 00,014,513 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Hello Customer Support Team facebook.docx
[2009/10/28 14:54:49 | 00,013,926 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Green Coast Enterprises Cover.docx
[2009/10/28 14:54:49 | 00,013,829 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Five Easy Ways To Make Money From Home.docx
[2009/10/28 14:54:49 | 00,013,815 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Important notice!!!.docx
[2009/10/28 14:54:49 | 00,013,571 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\IMPORTANT NOTICE2 !!!.docx
[2009/10/28 14:54:49 | 00,013,456 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Godfather Intro..docx
[2009/10/28 14:54:49 | 00,013,132 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Hello Customer Support Team and anyone able to address this issue facebook disabling.docx
[2009/10/28 14:54:49 | 00,012,867 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse Karmazi1.docx
[2009/10/28 14:54:49 | 00,012,440 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\get my ex back.docx
[2009/10/28 14:54:49 | 00,012,272 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\getting rid of cellulite.docx
[2009/10/28 14:54:49 | 00,012,200 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Get your ex back.docx
[2009/10/28 14:54:49 | 00,012,134 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Hello please add me links.docx
[2009/10/28 14:54:49 | 00,012,067 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Fine Arts Survey.docx
[2009/10/28 14:54:49 | 00,011,799 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Friday Letter to Reuben new.docx
[2009/10/28 14:54:49 | 00,011,655 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\For a week now I.docx
[2009/10/28 14:54:49 | 00,011,486 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\How to get rid of Acne Naturally.docx
[2009/10/28 14:54:49 | 00,011,480 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jay's keywords.docx
[2009/10/28 14:54:49 | 00,011,267 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Here is a list of all the broken hearts.docx
[2009/10/28 14:54:49 | 00,011,254 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\HELOC.docx
[2009/10/28 14:54:49 | 00,011,243 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Grocery List Template.docx
[2009/10/28 14:54:49 | 00,011,189 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Jesse Karmazi1 white death.docx
[2009/10/28 14:54:49 | 00,011,126 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Happy Birthday cake for facebook.docx
[2009/10/28 14:54:49 | 00,011,084 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\godaddy info.docx
[2009/10/28 14:54:49 | 00,010,999 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\followup.docx
[2009/10/28 14:54:49 | 00,010,983 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\ideas in progress for letter.docx
[2009/10/28 14:54:49 | 00,010,582 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Hey Mom.docx
[2009/10/28 14:54:49 | 00,010,510 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Hey Scott.docx
[2009/10/28 14:54:49 | 00,010,169 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\inside infinity lyric.docx
[2009/10/28 14:54:49 | 00,010,139 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\georgie ph number.docx
[2009/10/28 14:54:48 | 00,462,848 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Database1.accdb
[2009/10/28 14:54:48 | 00,071,578 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Cuban Pete and babalu lyrics.docx
[2009/10/28 14:54:48 | 00,047,808 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\CommunicationArtsOption uno08.pdf
[2009/10/28 14:54:48 | 00,046,912 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Colombia troops sacked over deaths.docx
[2009/10/28 14:54:48 | 00,043,728 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Entertainment and Booking Manager Touchpoint marketnig Belle Chase.docx
[2009/10/28 14:54:48 | 00,023,513 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\consumer depot receipt.docx
[2009/10/28 14:54:48 | 00,017,915 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\daren falter marketing companies.docx
[2009/10/28 14:54:48 | 00,017,076 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\entergy payment for June & July 2009.docx
[2009/10/28 14:54:48 | 00,017,067 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\entergy payment for June & July.docx
[2009/10/28 14:54:48 | 00,016,827 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\facebook status sets.docx
[2009/10/28 14:54:48 | 00,014,362 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Cover letter to Natco.docx
[2009/10/28 14:54:48 | 00,014,085 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Cover to Chops Bistro.docx
[2009/10/28 14:54:48 | 00,013,922 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Collagen cream blog for Jay.docx
[2009/10/28 14:54:48 | 00,013,852 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Dia de Meurtos.docx
[2009/10/28 14:54:48 | 00,013,651 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\DaVita Cover.docx
[2009/10/28 14:54:48 | 00,013,465 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\deleted yoli review and revised blog.docx
[2009/10/28 14:54:48 | 00,013,177 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\CWPR2.docx
[2009/10/28 14:54:48 | 00,012,892 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\cover letter to Brian Katz - Besh group.docx
[2009/10/28 14:54:48 | 00,012,838 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Cover letter DaVita.docx
[2009/10/28 14:54:48 | 00,012,778 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Cover letter DaVita first draft.docx
[2009/10/28 14:54:48 | 00,012,619 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Earth savers organic gardening seminar info.docx
[2009/10/28 14:54:48 | 00,012,359 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\DaVita revisions jay.docx
[2009/10/28 14:54:48 | 00,012,107 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Clickbank receipt for original Site builder v 1.3 purchase on jan 21, 2008.docx
[2009/10/28 14:54:48 | 00,012,079 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\DEA cover.docx
[2009/10/28 14:54:48 | 00,012,071 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Contractor office mgr job letter.docx
[2009/10/28 14:54:48 | 00,012,046 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\facebook e mail addresses.docx
[2009/10/28 14:54:48 | 00,011,984 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\entergy payment for may.docx
[2009/10/28 14:54:48 | 00,011,918 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Dear Ms mistrot national ww 2 museum cover.docx
[2009/10/28 14:54:48 | 00,011,874 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\CW PR1.docx
[2009/10/28 14:54:48 | 00,011,811 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\ClickBank Signup Complete.docx
[2009/10/28 14:54:48 | 00,011,678 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Enemy Eternal.docx
[2009/10/28 14:54:48 | 00,011,508 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\FDR Outline.pdf
[2009/10/28 14:54:48 | 00,011,441 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Dear Claire.docx
[2009/10/28 14:54:48 | 00,011,403 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Equity Loan.docx
[2009/10/28 14:54:48 | 00,011,140 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Computer specs.docx
[2009/10/28 14:54:48 | 00,010,874 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Dear John.docx
[2009/10/28 14:54:48 | 00,010,839 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Dear Ms lopez.docx
[2009/10/28 14:54:48 | 00,010,767 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\E-mail addresses.docx
[2009/10/28 14:54:48 | 00,010,700 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Dear Senator Landrieu.docx
[2009/10/28 14:54:48 | 00,010,440 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Everyone goes out to eat for different reasons.docx
[2009/10/28 14:54:48 | 00,010,436 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Facebook physical address.docx
[2009/10/28 14:54:48 | 00,010,262 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Do you have someone who.docx
[2009/10/28 14:54:48 | 00,010,115 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Digg.docx
[2009/10/28 14:54:48 | 00,010,086 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Clean bathrooms.docx
[2009/10/28 14:54:48 | 00,009,916 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Enterprise car coupon.docx
[2009/10/28 14:54:48 | 00,009,908 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\enterprise coupon code.docx
[2009/10/28 14:54:47 | 02,010,686 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\BANANA CREAM CHOCOLATE GANACHE PIE by Sarah Phillips.docx
[2009/10/28 14:54:47 | 00,298,096 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Achievment guid BC.docx
[2009/10/28 14:54:47 | 00,037,297 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\1969 Woodstock Performers Song List.docx
[2009/10/28 14:54:47 | 00,018,813 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\34 Rules for Maverick Entrepreneurs.docx
[2009/10/28 14:54:47 | 00,015,977 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\celebration distillation.docx
[2009/10/28 14:54:47 | 00,015,968 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\celebration distillation cover.docx
[2009/10/28 14:54:47 | 00,015,245 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Bio weapons.docx
[2009/10/28 14:54:47 | 00,013,566 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Assistant to the Vice Chancellor of Administration and Finance.docx
[2009/10/28 14:54:47 | 00,012,921 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Belle's Shadow points.docx
[2009/10/28 14:54:47 | 00,012,833 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Belle healing spec.docx
[2009/10/28 14:54:47 | 00,012,620 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Building your tax lien certificate empire takes time.docx
[2009/10/28 14:54:47 | 00,012,594 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\chocolate chip cookies alton brown's recipe.docx
[2009/10/28 14:54:47 | 00,012,148 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Acne is a problem just about everybody.docx
[2009/10/28 14:54:47 | 00,012,117 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\chain of fools.docx
[2009/10/28 14:54:47 | 00,012,117 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Beverly Hillbillies floor.docx
[2009/10/28 14:54:47 | 00,011,771 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Citizens transfer.docx
[2009/10/28 14:54:47 | 00,011,709 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Boss Mafia Central I d.docx
[2009/10/28 14:54:47 | 00,011,697 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\cheap hotels.docx
[2009/10/28 14:54:47 | 00,011,654 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\agitated.docx
[2009/10/28 14:54:47 | 00,011,434 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\513 Pebble creek drive.docx
[2009/10/28 14:54:47 | 00,011,372 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Access Information milinium info for jay.docx
[2009/10/28 14:54:47 | 00,011,286 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\911 admin support cover.docx
[2009/10/28 14:54:47 | 00,010,943 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Causes of outbreaks.docx
[2009/10/28 14:54:47 | 00,010,904 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Anne rice.docx
[2009/10/28 14:54:47 | 00,010,505 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\blog.docx
[2009/10/28 14:54:47 | 00,010,410 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\blog post start for jay.docx
[2009/10/28 14:54:47 | 00,010,202 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\ab lounger.docx
[2009/10/28 14:54:47 | 00,010,003 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Bookman old style 11.dotx
[2009/10/28 14:54:47 | 00,009,931 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\adobe key gen serial number.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$w Orleans Hotel Affiliate Program links.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$ur curt response which took so long in coming doesn.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$tter to Shannon Fong.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$tter to Mr. Moran HIP.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$terprise coupon code.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$sse's Book order for school Aug 2009.docx
[2009/10/28 14:54:47 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$Shield.docx
[2009/10/28 14:54:46 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$llowup.docx
[2009/10/28 14:54:46 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$in me in Mafia wars.docx
[2009/10/28 14:54:46 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$ge macro text.docx
[2009/10/28 14:54:46 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Phyllis\My Documents\~$brary Card Number.docx
[2009/10/27 20:28:12 | 00,011,212 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Your payment has been confirmed macy revolving acct.docx
[2009/10/27 09:30:52 | 00,011,302 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Reading suggestions by tim ferriss.docx
[2009/10/24 04:52:21 | 00,000,646 | ---- | C] () -- C:\Documents and Settings\Phyllis\Desktop\TweetDeck.lnk
[2009/10/23 22:16:56 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/10/23 14:13:19 | 00,133,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/23 13:36:11 | 00,017,364 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Help with malware info from farbar.docx
[2009/10/23 13:05:58 | 00,345,262 | ---- | C] () -- C:\Documents and Settings\Phyllis\My Documents\Bleeping computer log for help removing malware.htm
[2009/10/22 03:12:15 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/10/22 03:12:11 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/21 14:50:13 | 00,000,938 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2009/10/21 14:50:11 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/21 14:50:11 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/10/21 14:50:11 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/10/21 14:50:10 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/10/21 14:50:10 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/21 14:50:10 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/21 14:50:09 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/10/21 14:50:09 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/10/15 19:13:41 | 00,000,403 | ---- | C] () -- C:\Documents and Settings\Phyllis\Application Data\TweetDeckFast_state.xml
[2009/10/15 02:13:10 | 00,000,193 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/10/04 17:51:15 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/11/22 14:04:30 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/09/13 17:18:20 | 00,000,017 | ---- | C] () -- C:\WINDOWS\MovingPicture.ini
[2008/09/13 16:52:01 | 00,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/09/13 16:50:17 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\__FileUploader.log
[2008/09/13 16:26:11 | 00,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2008/09/13 16:26:11 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2008/09/13 16:26:11 | 00,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2008/09/13 16:26:11 | 00,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2008/09/13 16:26:11 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2008/06/19 01:22:43 | 06,185,410 | -H-- | C] () -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\IconCache.db
[2008/06/12 16:44:52 | 00,086,016 | ---- | C] () -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/29 17:56:19 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/03/21 22:32:56 | 00,000,165 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008/03/21 22:31:49 | 00,000,813 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/03/20 18:24:57 | 00,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/20 18:24:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/03/20 18:24:45 | 00,006,170 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/03/20 18:23:35 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/03/20 18:16:30 | 00,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
[2008/02/08 14:02:25 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/01/20 19:11:21 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/01/20 19:11:21 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/01/10 15:33:23 | 00,011,895 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/01/09 15:59:37 | 00,000,247 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/09 00:15:28 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/08 21:21:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/01/08 20:03:17 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/01/08 20:03:17 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/01/08 14:57:00 | 00,099,672 | ---- | C] () -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/01/08 14:56:57 | 00,000,130 | ---- | C] () -- C:\Documents and Settings\Phyllis\Local Settings\Application Data\fusioncache.dat
[2008/01/08 14:53:32 | 00,000,426 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/01/08 14:43:24 | 00,139,152 | ---- | C] () -- C:\Documents and Settings\Phyllis\Application Data\PnkBstrK.sys
[2008/01/08 14:01:52 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll.hcw
[2008/01/08 13:43:28 | 00,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/01/08 13:43:27 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/01/08 13:42:32 | 00,033,619 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/08 13:42:31 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/08 13:42:22 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/01/08 13:39:59 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Phyllis\Application Data\desktop.ini
[2007/10/04 17:14:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/04 17:14:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/04 17:14:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/04 17:14:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/04 17:14:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 09:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 09:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 09:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 06:00:00 | 00,000,617 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

I know you didn't ask for this, but I was prompted to do this when I tried to post my reply.... I was told to download a newer version of HJT and post the log from the scan... here's that log for you, too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:56 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Phyllis\My Documents\Downloads\OTL.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199822827078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} (FileProInet2.ImageView) - https://ssl.jpclerkofcourt.us/JeffNetServic...ileProInet2.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Phyllis/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 11809 bytes

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 17 November 2009 - 04:07 AM

Hi Lillithanne,
  • The OTL log is saved at the directory you have run it. If you have downloaded it to you desktop You would see the log there.

    Go to Start => Run. Copy and paste the following in the run box and click OK:

    "C:\Documents and Settings\Phyllis\My Documents\Downloads"

    A folder opens up. Please post the Extra.txt

  • When you run GMER the Show All should be unchecked, so are the other two sections named. Also only the C drive should be checked.


#6 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 17 November 2009 - 04:58 AM

Thanks!

Here's the extra log and I will post the GMER log in just a few minutes.

Thank you!



OTL Extras logfile created on: 11/16/2009 7:51:26 PM - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Phyllis\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 56.33% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 81.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 31.48 Gb Free Space | 13.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PHYLLIS-AC9A2C3
Current User Name: Phyllis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" (Opera Software)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"7018:TCP" = 7018:TCP:*:Enabled:BitComet 7018 TCP
"7018:UDP" = 7018:UDP:*:Enabled:BitComet 7018 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\VentSrv\ventrilo_srv.exe" = C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe" = C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- File not found
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe" = C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" = C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead DVD MovieFactory 3 SE
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{138BD312-3557-40F8-BC5E-6DFF00A6880D}" = BPDSoftware_Ini
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{17E81C48-407E-499f-A105-1B49ACDB9BA4}" = ProductContext
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1E900649-1788-4463-9F87-9F6D9EEB7783}" = Blog Content Wizard
"{1EB321CB-3D1D-4cf2-ACB5-9F20874B8E69}" = HP Officejet Pro All-In-One Series
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{42442CA9-90E6-4011-BB55-7C263F6D5EC1}" = BIAS SoundSoap PE 2.1
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57C14BDB-7D29-4DB9-98CA-F5F49120B8CF}" = Software for DVD Video Camera
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DE9751D-3FFE-400E-8761-26A92DB734DE}" = BPD_HPSU
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729A02E-D1AD-4830-8FC5-11853500D90D}" = HP Officejet Pro All-In-One Series
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8C045626-4496-4238-B3B8-394CC6D46427}" = 7500_7600_7700_Help
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio Ultimate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D48AD533-BAD5-469B-A9AA-272C6D80E70B}" = MPM
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{D8AEC024-E476-17FE-6D37-9EB1565F06F3}" = TweetDeck
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E26C402E-01FE-4EF2-964A-AC54734539B7}" = DVD-MovieAlbumSE 4.3
"{E4D9F399-679C-45EC-BAD7-C363FBAE3416}" = Magma
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AudibleManager" = AudibleManager
"AVG8Uninstall" = AVG Free 8.5
"CamStudio" = CamStudio
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"DriverAgent" = DriverAgent Plugin for Netscape by TouchStone Software
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV DVB-T Radio for MCE2005" = Hauppauge WinTV DVB-T Radio for MCE2005
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.2.0
"klvideoconvert_is1" = K-Lite Video Conversion Pack 1.6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROR" = Microsoft Office Professional 2007
"RealPlayer 6.0" = RealPlayer
"REAPER" = REAPER
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-688789844-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.1.0.366
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/31/2009 10:36:30 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Application Hang | ID = 1002
Description = Hanging application opera.exe, version 10.0.1750.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2009 4:53:27 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.6504.5000, stamp 49e7f5b6,
faulting module wwlib.dll, version 12.0.6504.5000, stamp 49e7f5f9, debug? 0, fault
address 0x00c5fbca.

Error - 11/5/2009 12:32:48 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 10.0.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/6/2009 10:43:24 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 11/7/2009 3:35:03 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Media Center Receiver | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Hauppauge WinTV PVR PCI
II TvTuner

Error - 11/7/2009 3:35:04 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Media Center Receiver | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Hauppauge WinTV PVR PCI
II TvTuner

Error - 11/7/2009 4:40:56 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Media Center Receiver | ID = 3
Description = TV tuner encountered an error. (0xc0040524) Hauppauge WinTV PVR PCI
II TvTuner

Error - 11/15/2009 4:10:07 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Application Hang | ID = 1002
Description = Hanging application opera.exe, version 10.0.1750.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2009 4:10:11 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Application Hang | ID = 1001
Description = Fault bucket 1436038531.

Error - 11/15/2009 8:54:17 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 1/15/2009 2:42:04 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 114 seconds with 60 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:23:30 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:23:38 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/14/2009 4:23:45 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/19/2009 8:00:53 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12168
seconds with 900 seconds of active time. This session ended with a crash.

Error - 10/26/2009 10:31:29 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25955
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 11/4/2009 4:53:22 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17419
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/22/2009 5:19:19 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/22/2009 5:19:32 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_NPF\0000 disappeared from the system without
first being prepared for removal.

Error - 10/22/2009 5:19:32 AM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/22/2009 3:26:55 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/22/2009 3:27:09 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 10/22/2009 3:35:49 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 11/6/2009 2:09:17 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/6/2009 2:09:21 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%32

Error - 11/6/2009 2:16:35 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/6/2009 2:16:39 PM | Computer Name = PHYLLIS-AC9A2C3 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%32


< End of report >

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 17 November 2009 - 10:51 AM

Are you alright? Have you been able to run GMER?

#8 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 17 November 2009 - 05:59 PM

Hey!

Tried running GMER last night (early am actually) ...and it was taking a very long time so I finally went to sleep. Woke to find there was some problem with the scan and had to start over. It just finished!!! ...sigh


Here are the results... : )


Thanks Farbar...and how are you doing?

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-17 16:49:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Phyllis\LOCALS~1\Temp\kwdiyfog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 17 November 2009 - 06:15 PM

Hi Lillithanne,

I have got good news. Your computer is not infected. The entry you are referring to is not on any of the log. But there is an entry that makes system Configuration utility run each time you start your computer. We are going to take care of that.

The entry you are referring to is probably a harmless left over of a rogue software. I guess you have disabled the startup item by using System Configuration Utility. I know many people use and advise use of System Configuration Utility to disable startup items. But the utility is designed to use for diagnostic purposes. There are good free software to use for this purpose.

Let's bring the System Configuration utility to its original state and then take care of any remaining issue.
  • We need to run the computer in normal startup now:
    • Please go to Start => Run => type msconfig and click OK.
    • Under General tab select "Normal Startup".
    • Press Apply and Close .
    • A Windows pops up select "Exit Without Reboot".
  • Please copy and paste a fresh Hijackthis log to your reply.


#10 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 17 November 2009 - 06:38 PM

That's good news, thank you!

Here's the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:32 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Qdilayujupi] rundll32.exe "C:\WINDOWS\obociluv.dll",Startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [56979036] C:\DOCUME~1\ALLUSE~1\APPLIC~1\56979036\56979036.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Phyllis\Application Data\svcst.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Phyllis\Application Data\seres.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199822827078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} (FileProInet2.ImageView) - https://ssl.jpclerkofcourt.us/JeffNetServic...ileProInet2.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Phyllis/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg

--
End of file - 15086 bytes

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 17 November 2009 - 06:49 PM

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [Qdilayujupi] rundll32.exe "C:\WINDOWS\obociluv.dll",Startup
    O4 - HKLM\..\Run: [56979036] C:\DOCUME~1\ALLUSE~1\APPLIC~1\56979036\56979036.exe
    O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Phyllis\Application Data\svcst.exe
    O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Phyllis\Application Data\seres.exe
    O20 - AppInit_DLLs:
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Phyllis/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Please copy and paste a fresh Hijackthis log to your reply.


#12 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 17 November 2009 - 07:03 PM

Here you go!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:48 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199822827078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} (FileProInet2.ImageView) - https://ssl.jpclerkofcourt.us/JeffNetServic...ileProInet2.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14117 bytes

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 17 November 2009 - 07:12 PM

Good job. Please reboot now and post a fresh Hijackthis for a final review. Tell me about any remaining issue.

Of course I shall give some recommendation about how to disable unneeded startup entries without using System Configuration Utility.

#14 Lillithanne

Lillithanne
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 17 November 2009 - 07:29 PM

Hello!

Here's the HJT log. As for the startup utility...I don't want anything that isn't absolutely vital to system performance being enabled. Currently the start up is overloaded with items so if we can clear that out it would be great!

As usual...you were awesome :) :) and I'm so grateful for your help!!! :( :( {{{{{{{{{{{{{{{{{{{{farbar!}}}}}}}}}}}}}}}}}}}} :) :) Big HUG and enormous thanks!!!!!!

I'm also happy for another chance to say hello. I still plan on cleaning up my husband's computer so I hope to see you soon regarding that, too.

Here's the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:11 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: mail.com - {CD292324-974F-4224-CE6F-CC9441768F5D} - C:\PROGRA~1\mail.com\Toolbar\Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\K-Lite Codec Pack\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Phyllis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1199822827078
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {73779860-6F88-4D8C-9DAB-30583B9BAAC3} (FileProInet2.ImageView) - https://ssl.jpclerkofcourt.us/JeffNetServic...ileProInet2.CAB
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.21.0.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15501 bytes

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,689 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:38 AM

Posted 17 November 2009 - 07:42 PM

It looks good. :(

You are most welcome Lillithanne, and thanks for your kind words. :( :)

Please run OTL.
  • Click Clean Up button.
  • Accept any prompts.
  • This will remove any tools we used, including OTL, and will require a reboot.
  • You may also remove GMER.
You can use StartUpLite to disable or remove unnecessary startup entries from your computer. It will list those items and give some indication about them.

You may also consult Bleeping Computer Startup Programs Database and decide for yourself. You just type or copy and paste the name of the exe file in the search box and it will give you information about the startup entry and if it is required, user choice or not required.

Please tell me if you have any question before we close the topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users